Re: [Ejbca-develop] CMP Response signature verify

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Okay I found the snippet in the code, but in CmpMessageHelper I just can't find this method ("getProtectedBytes ") ....

It's in package org.ejbca.core.protocol.cmp
Something's wrong ? 

-----Original Message-----
From: Tomas Gustavsson [mailto:to...@pr...] 
Sent: Freideg 14 Oktober 2016 09:33
To: ejb...@li...
Subject: Re: [Ejbca-develop] CMP Response signature verify

Hi,

In your code "message.getEncoded()" looks suspicious. You can not just get the bytes from a CMP message and try to verify a signature over that, because that is not the bytes that the signature was created over.

Find a snippet of test code from EJBCA test cases:

            // Verify the signature
            byte[] protBytes =
CmpMessageHelper.getProtectedBytes(respObject);
            DERBitString bs = respObject.getProtection();
            Signature sig;
            try {
                sig = Signature.getInstance(expectedSignAlg, "BC");
                sig.initVerify(cacert);
                sig.update(protBytes);
                boolean ret = sig.verify(bs.getBytes());
                assertTrue(ret);
            } catch (NoSuchAlgorithmException e) {

Regards,
Tomas
**********
PrimeKey Solutions AB
Lundagatan 16, 171 63 Solna, Sweden
Mob: +46 (0)707421096
Internet: www.primekey.se
Twitter: twitter.com/primekeyPKI
**********

On 2016-10-14 09:10, Brian Dechoux (ext) wrote:
> Hello,
> 
> I'm using CMP and after an Initialisation Request, I got a signed response from EJBCA.
> In 'Certificate Confirmation' > 'default CA' -> I've got a CA ('test'), created in EJBCA and its issuer is the default CA ManagementCA.
> 
> With which public key should I verify this signature ?
> I tried with the 3 public keys in the 'Crypto Token' view and I just can't make this work properly.
> 
> I use this (Java):
> 	byte[] decodedPkey = Base64.decode(publicKeyString);
>             KeyFactory keyFactory = KeyFactory.getInstance("RSA");
>             KeySpec publicKeySpec = new X509EncodedKeySpec(decodedPkey);
>             PublicKey publicKey = 
> keyFactory.generatePublic(publicKeySpec);
> 
>             sig.initVerify(publicKey);
>             sig.update(message.getEncoded());
>             sig.verify(message.getProtection().getBytes())
> 
> Thanks a lot
> Have a good day
> 
> ----------------------------------------------------------------------
> -------- Check out the vibrant tech community on one of the world's 
> most engaging tech sites, SlashDot.org! http://sdm.link/slashdot 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________
Ejbca-develop mailing list
Ejb...@li...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop