000024447 - Verify fails for SignedData constructed from digest

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024447
Applies ToRSA BSAFE Cert-C
RSA BSAFE Crypto-C
PKCS #7 SignedData was constructed from its components, by using the ASN.1 APIs such as C_DEREncodeString().
Instead of calling Crypto-C's B_SignInit/Update/Final functions, the digest value of the data to be signed was  calculated by calling Crypto-C's B_DigestInit/Update/Final functions.  The digest is encrypted using Crypto-C or by calling PKCS#11 functions C_SignInit and C_Sign), and the resulting value is passed to Cert-C C_DEREncodeString() to construct the message.
IssueVerify fails for SignedData constructed from digest
Verifying a PKCS #7 SignedData message fails
Resolution

In a PKCS #1 RSA signature, the DigestInfo (not just the digest) is what gets encrypted.  The DigestInfo contains the DigestAlgorithmIdentifier, which indicates which algorithm was used to create the digest.

To create a DigestInfo from the raw digest value, call the Crypto-C function B_EncodeDigestInfo().

Try signing the DigestInfo instead of the raw digest value, and see if the signature can be verified.


From PKCS #1 (ftp://ftp.rsasecurity.com/pub/pkcs/ascii/pkcs-1.asc):

10.1 Signature process

The signature process consists of four steps: message
digesting, data encoding, RSA encryption, and octet-string-
to-bit-string conversion.
...
10.1.2 Data encoding

The message digest MD and a message-digest algorithm
identifier shall be combined into an ASN.1 value of type
DigestInfo, described below, which shall be BER-encoded to
give an octet string D, the data.

DigestInfo ::= SEQUENCE {
  digestAlgorithm DigestAlgorithmIdentifier,
  digest Digest }

DigestAlgorithmIdentifier ::= AlgorithmIdentifier

Digest ::= OCTET STRING

Legacy Article IDa37895

Attachments

    Outcomes