Michael: Thanks for your answer.
As far as we can see the problem is caused by CAPICOM an therefore affects "signForm.vbs" in all translated languages. For this reason it does not depends on IE version nor IE language distribution. All the tests we made were done using CAPICOM 2.0.0.0. There seems to be an aditional mistake on the german translation "de_DE/signForm.vbs". It has // for comments instead of ' (vbscript comments) Regards Julio ----- Original Message ----- From: "Michael Bell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 30, 2004 9:49 AM Subject: Re: [OpenCA-Devel] PKCS#7 Error when signing with IE and possible FIX > Julio D'Angelo wrote: > > Hi all: > > > > We are currently working with the CVS version of OpenCA and found this errors using OpenCA RA interface: > > > > using x509 login after pressing "Sign the Challenge" we get this error message: > > > > Error 6273250 > > General Error. Cannot build PKCS#7-object from extracted signature! > > OpenCA::PKCS7 returns errorcode 7911031. (OpenCA::PKCS7->new: Cannot > > initialize signature (7912021). OpenCA::PKCS7->initSignature: Cannot parse > > signature (7921021). OpenCA::PKCS7->getParsed: The crypto-backend cannot > > verify the signature (7742075). OpenCA::OpenSSL->verify: openca-sv failed. > > [Error]: error:04077068:rsa routines:RSA_verify:bad signature > > > > we also get a similar error message after pressing "Approve Request" to approve a request > > > > Cause: > > > > This problem only occurs on IE clients. IE produces a signature using CapiCOM with the content data encoded in UniCode format. The PKCS#7 signed content has 64 bytes instead of the original 32 bytes of the original data. > > For example: > > > > If challenge is > > > > "6e159081f2117a4b1846ade3ac4c1f26" > > > > after signing it, we get > > > > "6\x0e\x01\x05\x0\x09\x00\x08\x01\x0f\x02\x01\x01\x07\x0a\x04\x0b\x01\x08\x0 4\x06\x0a\x0d\x0e\x03\x0a\x0c\x04\x0c\x01\x0f\x02\x06\x0" > > > > Fix: > > > > We solve the problem adding the following code in module "src/common/lib/javascript/es_ES/signForm.vbs" > > > > Function UnicodeToAscii(ByRef pstrUnicode) > > Dim i, result > > > > result = "" > > For i = 1 To Len(pstrUnicode) > > result = result & ChrB(Asc(Mid(pstrUnicode, i, 1))) > > Next > > > > UnicodeToAscii = result > > End Function > > > > and replacing > > > > SignedData.Content = theForm.text.value > > > > by > > > > SignedData.Content = UnicodeToAscii(theForm.text.value) > > Did you test this problem with the English translation too or does only > the Spanish translation be affected? Usually such patches must be > applied to all vbs files. Which IE versions did you test? > > > The final code would be: > > > > filename="signForm.vbs" > > Can you send me this stuff as an attachment please to avoid conversion > problems etc.? The best way would be to open a bug at sf.net. This > allows us a really durable management. > > Michael > -- > ------------------------------------------------------------------- > Michael Bell Email: [EMAIL PROTECTED] > ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 > (Computing Centre) Fax: +49 (0)30-2093 2704 > Humboldt-University of Berlin > Unter den Linden 6 > 10099 Berlin Email (private): [EMAIL PROTECTED] > Germany http://www.openca.org > > > ------------------------------------------------------- > This SF.Net email is sponsored by BEA Weblogic Workshop > FREE Java Enterprise J2EE developer tools! > Get your free copy of BEA WebLogic Workshop 8.1 today. > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > _______________________________________________ > OpenCA-Devel mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/openca-devel
signForm.vbs.safe
Description: Binary data
