[OpenCA-Devel] PKCS#7 Error when signing with IE and possible FIX

[Julio D'Angelo]

Hi all:   We are currently working with the CVS version of OpenCA and found this errors using OpenCA RA interface:   using x509 login after pressing "Sign the Challenge" we get this error message: Error 6273250 General Error. Cannot build PKCS#7-object from extracted signature! OpenCA::PKCS7 returns errorcode 7911031. (OpenCA::PKCS7->new: Cannot initialize signature (7912021). OpenCA::PKCS7->initSignature: Cannot parse signature (7921021). OpenCA::PKCS7->getParsed: The crypto-backend cannot verify the signature (7742075). OpenCA::OpenSSL->verify: openca-sv failed. [Error]: error:04077068:rsa routines:RSA_verify:bad signature   we also get a similar error message after pressing "Approve Request" to approve a request   Cause:   This problem only occurs on IE clients. IE produces a signature using CapiCOM with the content data encoded in UniCode format. The PKCS#7 signed content has 64 bytes instead of the original 32 bytes of the original data. For example:   If challenge is   "6e159081f2117a4b1846ade3ac4c1f26"   after signing it, we get   "6\x0e\x01\x05\x0\x09\x00\x08\x01\x0f\x02\x01\x01\x07\x0a\x04\x0b\x01\x08\x04\x06\x0a\x0d\x0e\x03\x0a\x0c\x04\x0c\x01\x0f\x02\x06\x0"   Fix:   We solve the problem adding the following code in module "src/common/lib/_javascript_/es_ES/signForm.vbs"   Function UnicodeToAscii(ByRef pstrUnicode)      Dim i, result        result = ""      For i = 1 To Len(pstrUnicode)           result = result & ChrB(Asc(Mid(pstrUnicode, i, 1)))      Next        UnicodeToAscii = result   End Function   and replacing     SignedData.Content = theForm.text.value   by     SignedData.Content = UnicodeToAscii(theForm.text.value)   Greetings   ------------------------------------------------------------------- Julio D'Angelo eMail: [EMAIL PROTECTED] ------------------------------------------------------------------     The final code would be:    filename="signForm.vbs"   <!--' Function UnicodeToAscii(ByRef pstrUnicode)      Dim i, result           result = ""      For i = 1 To Len(pstrUnicode)           result = result & ChrB(Asc(Mid(pstrUnicode, i, 1)))      Next               UnicodeToAscii = result End Function   Function signFormIE(theForm, theWindow) Dim SignedData   On Error Resume Next   Set Settings = CreateObject("CAPICOM.Settings") Settings.EnablePromptForCertificateUI = True   Set SignedData = CreateObject("CAPICOM.SignedData") If Err.Number <> 0 then  MsgBox("por favor, registre capicom.dll en su computadora " ) End If   SignedData.Content = UnicodeToAscii(theForm.text.value)   ' we cannot use normally because MsgBox can only handle up to 1024 characters ' MsgBox(theForm.text.Value)   theForm.signature.Value = SignedData.Sign (Nothing) ' theForm.signature.Value = SignedData.Sign (Nothing, False, CAPICOM_ENCODE_BASE64)   ' SignedData.Verify (theForm.signature.Value) ' SignedData.Verify (theForm.signature.Value, False) ' SignedData.Verify (theForm.signature.Value, False, CAPICOM_VERIFY_SIGNATURE_AND_CERTIFICATE)   If Err.Number <> 0 then  MsgBox("Error en la firma: " & Err.Description) End If   End Function '-->