000018982 - Reading a PKCS #7 signed data  determine whether the signature on the message was valid or the signer's cert was valid.

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018982
Applies ToRSA BSAFE Cert-C
IssueReading a PKCS #7 signed data, determine whether the signature on the message was valid or the signer's cert was valid.
When I call C_ReadSignedDataMsg with the CMS flag of CMSF_NONE is the function supposed to return E_NOT_FOUND if it cannot validate the signature?
Or does it put the "untrusted signer" in the list object and return a zero status?
What error should it return if it cannot validate the signature?
ResolutionIt will return E_NOT_FOUND if it can't locate the signer's cert in either the message itself, or in the database SERVICE, or in any registered database providers.
It puts it in the "untrusted signer" category if it's found the cert, verified the signature on the message, but could not construct a chain from the signer's cert to a trusted cert.
If it can't validate the signature on the PKCS #7 message, it should return 0x725 (E_VERIFY_ASN_SIGNATURE).
Legacy Article IDa4878

Attachments

    Outcomes