Hi,
I fear I am no expert but the following code seems to solve the problem at
least at my installation.
I have taken the code for the ToUTF8 Function from this site:
http://namnp.com/forum/index.php?act=ST&f=11&t=328
There is probably a better way to solve this problem but perhaps this helps
anyway.
Regards,
Johannes Derek
In signForm.vbs:
Function UTF16toUTF8ByteArray(strUTF16)
Dim i, UTF16, UTF8
Dim aryTmp, strTmp
For i=1 To Len(strUTF16)
UTF16 = AscW(Mid(strUTF16, i, 1))
aryTmp = ToUTF8(UTF16)
For Each strTmp In aryTmp
If Len(Hex(strTmp)) > 1 Then
UTF8 = UTF8 & Hex(strTmp)
Else
UTF8 = UTF8 & "0" & Hex(strTmp)
End If
Next
Next
Dim CapicomUtil
Set CapicomUtil = CreateObject("CAPICOM.Utilities")
UTF16toUTF8ByteArray = CapicomUtil.HexToBinary(UTF8)
End Function
Function ToUTF8(ByVal UTF16)
' Convert a 16bit UTF-16BE to 2 or 3 UTF-8 bytes
Dim BArray()
If UTF16 < &H80 Then
ReDim BArray(0) ' one byte UTF-8
BArray(0) = UTF16 ' Use number as Is
Elseif UTF16 < &H800 Then
ReDim BArray(1) ' two byte UTF-8
BArray(1) = &H80 + (UTF16 And &H3F) ' Least Significant 6 bits
UTF16 = UTF16 \ &H40 ' Shift UTF16 number right 6 bits
BArray(0) = &HC0 + (UTF16 And &H1F) ' Use 5 remaining bits
Else
ReDim BArray(2) ' three byte UTF-8
BArray(2) = &H80 + (UTF16 And &H3F) ' Least Significant 6 bits
UTF16 = UTF16 \ &H40 ' Shift UTF16 number right 6 bits
BArray(1) = &H80 + (UTF16 And &H3F) ' Use next 6 bits
UTF16 = UTF16 \ &H40 ' Shift UTF16 number right 6 bits again
BArray(0) = &HE0 + (UTF16 And &HF) ' Use 4 remaining bits
End If
ToUTF8 = BArray ' Return UTF-8 bytes in an Array
End Function
Function signFormIE(theForm, theWindow)
...
SignedData.Content = UTF16toUTF8ByteArray(theForm.text.value)
...
End Function
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf
> Of Sergei Vyshenski
> Sent: Tuesday, December 20, 2005 8:41 PM
> To: openca-devel@lists.sourceforge.net
> Subject: Re: [OpenCA-Devel] New Version
>
>
> Hi, Michael,
>
> Do we have an expert in Visual Basic to fix annoying bug reported by
>
> Johannes Derek on Dec 15 (see below)?
>
> All the best, Sergei
>
>
> Michael Bell wrote:
> > Yes, I will check the translations from Peter tomorrow
> > morning/afternoon and I think we will release after this.
> >
> ============================
>
> OpenCA Version : snapshot of the 0.9.2 stable branch
> Perl Version : v5.8.4
> OpenSSL Version : OpenSSL 0.9.8 05 Jul 2005
> Operating System: Debian Sarge
> Used Browsers : IE 6.0 (Firefox 1.5)
> Used Language(s): de_DE
> Special Changes : utf-8 enabled
>
> Hi,
>
> I am not quite sure whether my problem is a bug in OpenCA or
> whether I have a configuration error.
>
> I have downloaded the snapshot of the 0.9.2 stable branch as
> described at demo2.openca.info and enabled utf-8 support.
>
> When trying to approve a CSR which has german umlauts in the
> cn (Mäx Müstermänn) I get an error if I use the Internet
> Explorer for signing:
>
> Fehler 6206
> Allgemeiner Fehler Es konnte kein PKCS#7-Objekt aus der
> extrahierten Signatur erstellt werden!
> OpenCA::PKCS#7 gab den Fehlercode 7911031 zurück (Die
> Signatur konnte nicht initialisiert werden (7912021). Die
> Signatur eines PKCS#7-Objektes konnte nicht ausgewertet
> werden (7921021). Das kryptographische System konnte die
> Signatur eines PKCS#7-Objektes nicht verifizieren (7742075).
> OpenCA::OpenSSL->verify: openca-sv failed. [Error]:
> error:04077068:rsa routines:RSA_verify:bad signature
> [Info]: Input file intialized.
> [Info]: Signaturefile initialized.
> [Info]: Reading Certificate file.
> [Info]: PKCS#7 object loaded.
> [Info]: Data is ready for verification.
> [Info]: Signature Informations (PKCS#7):
> depth:1 serial:A2C20CF20A68FF42 subject:CN=ELK-WUE Test
> CA,DC=ELK-WUE,DC=DE
> depth:0 serial:01 subject:CN=Derek Test1,DC=ELK-WUE,DC=DE
> [Info]: Signature is corrupt. Errorcode -1.
> signature:error:-1
> ).
>
> Signing the same CSR with Mozilla Firefox works.
>
> When I take a look at the temporary files created by
> OpenSSL->verify the xxx_data.tmp file seems to be encoded as
> UTF-8. After I encode this file as LATIN1 using iconv the
> call of openca-sv verify works with the IE signature.
>
> Taking a look at the signForm.vbs Script it seems like the
> text signed by CAPICOM is intentionally converted to ASCII/LATIN1.
> If I remove this call to the UnicodeToAscii function the
> verification of the signature still doesn't work, because the
> data seems now to be encoded as Unicode.
> After I convert the new data.tmp file from UTF-8 to
> UNICODELITTLE with iconv the openca-sv verify command works.
>
> Now I am not sure whether I have made an error during the
> setup of the OpenCA server or whether this is a bug in the
> OpenCA utf-8 support.
>
> Do you know how to solve this problem?
>
> Tahnks & Regards
> Johannes Derek
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep
> through log files
> for problems? Stop! Download the new AJAX search engine that makes
> searching your log files as easy as surfing the web.
> DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_idv37&alloc_id�865&op=click
> _______________________________________________
> Openca-Users mailing list
> Openca-Users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openca-users
>
>
>
>
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep
> through log files
> for problems? Stop! Download the new AJAX search engine that makes
> searching your log files as easy as surfing the web.
> DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> OpenCA-Devel mailing list
> OpenCA-Devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openca-devel
>
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id�865&op=click
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel
