I'm making an example for Jamie to see the problem in the verefication
routine.

I post a bug at bugzilla for the PKCS spec but Jamie say that the code is
ok, I will read the speck again, but may be was my fault to post too
early the bug in the database without debate it before....

I will forward to Jamie the code and then see where is the problem...

> Hi,
> 
> Can we expect a patch or should we need to make the same changes?.
> Nelson, Can we get your fix?
> 
> Thanks
> Krish.
> 
> nelson wrote:
> 
>> On Wed, 10 Jul 2002 16:32:57 -0300, Krishnan Chellakarai wrote:
>>
>> [strip]
>> > Finally I was able to sign some data, but now I am not able to
>> > verify. I am getting the following error.
>> >
>> > java.security.SignatureException: encryptedDigest was not the correct
>> > signature of the contents of the DER-encoded authenticated attributes
>> > at
>> > org.mozilla.jss.pkcs7.SignerInfo.verifyWithAuthenticatedAttributes(SignerInfo.java
>> >
>> > at org.mozilla.jss.pkcs7.SignerInfo.verify(SignerInfo.java:488)
>> >
>> > Any ideas would really help. I have pasted my code below.
>> [strip]
>>
>> I have the same problem. I was looking the JSS code and I think there
>> is a problem in the verify and sign routines. The sign and verify
>> routines make diferent thinks... I have code that fix this problem....
>> but sign and verify continues to make a mistake I think...
>>
>> The PKCS7 spec say (may be some ambigous) that the verify is agains
>> data digest and if there are authAttributes, the digest of both... but
>> JSS, if found authAttributes, only verify agains the authAttributes,
>> and the same when sign, only sign authAttributes if they found some...
>>
>> I fix JSS and sign and verify OK, but *only* the authAttributes. I
>> think that need new code the sign and verify routines to deal with Data
>> and authAttributes if they exits....If I interpret ok the PKCS7
>> specs.....
>>
>> Jamie if you want I can look forward and make a patch for SignerInfo
>> class
>>
>> --
>>
>> :: Nelson ::
 

-- 

:: Nelson ::

Reply via email to