Hi,
I need your help.
I have a certificate, it is also installed in my PC Windows Server 2003. I
would like to use this to sign a timestamp response using CryptSignHash
function of MS CryptoAPI. The signature generated by this function is also
reversed byte-order (because of the litle endian and big-endian).
Using the PublicKey locate in the certificate, I can verified the signature
using CryptVerifySignature function. However, Bouncy Castle Lib and Acrobat
cannot verify the signature (reversed).
I know this area is for OpenSSL developer, but I would like to have your
help!
Please take a look at the source code below and help me to find the problem.
static void memreverse(LPBYTE pbArray, DWORD cbArrayLen)
{
BYTE byte;
DWORD i;
LPBYTE pbEnd = pbArray + cbArrayLen-1;
for (i=0; i < (cbArrayLen/2); i++, pbArray++, pbEnd--)
{
byte = *pbArray;
*pbArray = *pbEnd;
*pbEnd = byte;
}
}
void sign(void *m_pEncodedData)
{
// Create a hash object.
DWORD dwHashType = CALG_SHA1;
DWORD dwDword = sizeof(DWORD);
HCRYPTHASH hHash;
BOOL bResult = FALSE;
HCERTSTORE hSystemStore = CertOpenSystemStore(NULL, "MY");
PCCERT_CONTEXT pContext = NULL;
pContext = CertFindCertificateInStore(hSystemStore,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, 0, CERT_FIND_PUBLIC_KEY,
&m_SignerCerificate.GetSubjectPublicKeyInfo(),
pContext);
bResult = CryptAcquireCertificatePrivateKey(
pContext, 0, NULL, &m_hCryptProv, &m_dwKeySpec,
NULL);
if(! CryptCreateHash(m_hCryptProv, CALG_SHA1, 0, 0, &hHash))
throw CStdException(GetLastError(),"Error creating hash object");
if(!CryptHashData(hHash, (const BYTE*) m_pEncodedData,
m_nEncodedDataSize, 0))
{
CryptDestroyHash(hHash);
throw CStdException(GetLastError(),"Error creating hash");
}
if(!CryptSignHash(hHash, m_dwKeySpec, NULL, 0, NULL, &m_nDataSize))
{
CryptDestroyHash(hHash);
throw CStdException(GetLastError(),"Error getting length of hash");
}
m_pData = new BYTE[m_nDataSize];
ZeroMemory(m_pData,m_nDataSize);
// Read the hash value.
if(!CryptSignHash(hHash, m_dwKeySpec, NULL, 0, m_pData, &m_nDataSize))
{
CryptDestroyHash(hHash);
delete [] m_pData;
m_pData = NULL;
m_nDataSize = 0;
throw CStdException(GetLastError(),"Error reading hash");
}
/*Verify*/
HCRYPTKEY hPubKey;
// Get the public key from the certificate
CryptImportPublicKeyInfo(
m_hCryptProv,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
&pContext->pCertInfo->SubjectPublicKeyInfo,
&hPubKey
);
if (CryptVerifySignature(hHash, m_pData, m_nDataSize, hPubKey, NULL, 0))
{
memreverse (m_pData, m_nDataSize);
*lpSignedData = m_pData;
}
--
View this message in context:
http://www.nabble.com/Need-help-to-solve-the-problem-with-the-signature-generated-by-MS-CryptoAPI-CryptSighHash-tp22946908p22946908.html
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
