how to (more manually) verify signature in SignedData ?

Mon, 21 Jan 2013 02:28:52 -0800 

Hello,

I'm trying to manually verify signature in some SignedData ASN.1 structures, 
which is used in most cases in signature - e.g. S/MIME, Timestamps, ... using 
x.509 certificates.

Lets see this example:

-in file.tsr is Time Stamp reply - it contains SignedData structure (at byte 9 
offset) which contains SignerInfo which contains signedAttributes. They are 
signed with private key of certificate  cert.pem (it is the public part only).

- lets get signedAttrs (that is what is signed) and the signature itself
openssl asn1parse -inform der -in file.tsr -strparse 410 -out signedAttrs
dd if=file.tsr of=sig bs=1 skip=697

In http://www.ietf.org/rfc/rfc2630.txt section 5.4 (site 11) says, that it must 
be changed the IMPLICIT [0]  to SET -> I have changed the first byte of 
signedAttrs to 31h - if you parse it with asn1parse, it seems to be correct 
then.

The corrected version is in file signedAttrs-with-SET

-now remains to get digests:
openssl dgst -sha256  -binary -out signedAttrs.sha256 signedAttrs
openssl dgst -sha256  -binary -out signedAttrs-with-SET.sha256 
signedAttrs-with-SET

- and we can try to verify:
openssl pkeyutl -verify -in signedAttrs.sha256 -sigfile sig -certin -inkey 
cert.pem 
openssl pkeyutl -verify -in signedAttrs-with-SET.sha256 -sigfile sig -certin 
-inkey cert.pem

but both fails: "Signature Verification Failure"

All files in attachment.

Could someone find out, what I'm doing wrong. please ?

--kapetr

P.S. Some infos to parse:

--------- see http://www.ietf.org/rfc/rfc2630.txt  site 6 and following
      SignedData ::= SEQUENCE {
        version CMSVersion,
        digestAlgorithms DigestAlgorithmIdentifiers,
        encapContentInfo EncapsulatedContentInfo,
        certificates [0] IMPLICIT CertificateSet OPTIONAL,
        crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
        signerInfos SignerInfos }

      SignerInfos ::= SET OF SignerInfo
      SignerInfo ::= SEQUENCE {
        version CMSVersion,
        sid SignerIdentifier,
        digestAlgorithm DigestAlgorithmIdentifier,
        signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
        signatureAlgorithm SignatureAlgorithmIdentifier,
        signature SignatureValue,
        unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }

Attachment: test-sig.tgz
Description: application/compressed-tar

Reply via email to