I'm making an example for Jamie to see the problem in the verefication routine.
I post a bug at bugzilla for the PKCS spec but Jamie say that the code is ok, I will read the speck again, but may be was my fault to post too early the bug in the database without debate it before.... I will forward to Jamie the code and then see where is the problem... > Hi, > > Can we expect a patch or should we need to make the same changes?. > Nelson, Can we get your fix? > > Thanks > Krish. > > nelson wrote: > >> On Wed, 10 Jul 2002 16:32:57 -0300, Krishnan Chellakarai wrote: >> >> [strip] >> > Finally I was able to sign some data, but now I am not able to >> > verify. I am getting the following error. >> > >> > java.security.SignatureException: encryptedDigest was not the correct >> > signature of the contents of the DER-encoded authenticated attributes >> > at >> > org.mozilla.jss.pkcs7.SignerInfo.verifyWithAuthenticatedAttributes(SignerInfo.java >> > >> > at org.mozilla.jss.pkcs7.SignerInfo.verify(SignerInfo.java:488) >> > >> > Any ideas would really help. I have pasted my code below. >> [strip] >> >> I have the same problem. I was looking the JSS code and I think there >> is a problem in the verify and sign routines. The sign and verify >> routines make diferent thinks... I have code that fix this problem.... >> but sign and verify continues to make a mistake I think... >> >> The PKCS7 spec say (may be some ambigous) that the verify is agains >> data digest and if there are authAttributes, the digest of both... but >> JSS, if found authAttributes, only verify agains the authAttributes, >> and the same when sign, only sign authAttributes if they found some... >> >> I fix JSS and sign and verify OK, but *only* the authAttributes. I >> think that need new code the sign and verify routines to deal with Data >> and authAttributes if they exits....If I interpret ok the PKCS7 >> specs..... >> >> Jamie if you want I can look forward and make a patch for SignerInfo >> class >> >> -- >> >> :: Nelson :: -- :: Nelson ::
