I am having a problem (or two) verifying a signed message that has detached content. I am getting the error "encapsulated content digest != message digest attribute". However, I have been able to successfully verify the message with another API (that I cannot use). If I skip past where this exception is thrown (in sm_msgsignerinfo.cpp) I also get the following error: "RSA OID Unknown or Not Handled Yet!" The hashing algorithm is SHA-256 and signature algorithm is RSA. Is this supported? Below is my code and attached are the sample files.
I'm new with all this stuff so any help (especially sample code :)) will be greatly appreciated!
Thanks!
Jon
CSM_AppLogin appLogin;
appLogin.AddLogin(CTIL_FILE_NAME, NULL);
CSM_Buffer contentInfoBuf("./CHUIDSig.bin");
CSM_Buffer* pSignedDataBuf = NULL;
CSM_ContentInfoMsg contentInfoMsg(&contentInfoBuf);
if (contentInfoMsg.IsSignedData())
{
SM_RET_VAL retVal = 0;
CSM_MsgToVerify msgToVerify; //(&contentInfoMsg);
pSignedDataBuf = new CSM_Buffer( contentInfoMsg.AccessEncapContentClear()->m_content.Access(),
contentInfoMsg.AccessEncapContentClear()->m_content.Length() );
retVal = msgToVerify.PreProc(&appLogin, pSignedDataBuf);
if( retVal != SM_NO_ERROR )
{
tcout <<_T("Failed to process verification message.") <<endl;
return 1;
}
CSM_Buffer encapContent("./CHUIDData.bin");
CSM_Content content(&encapContent);
SNACC::AsnOid encapAsnOid = ID_PIV_CHUIDSECURITYOBJECT;
msgToVerify.SetEncapContentClear(content);
if( (retVal = msgToVerify.Verify(&appLogin)) == SM_NO_ERROR )
{
tcout <<_T("Verification passed!") <<endl;
}
else
{
tcout <<_T("Failed signature verification.") <<endl;
}
}
else
{
tcout <<_T("Content doesn't contain SignedData") <<endl;
}
<<TestData.zip>>
Attachment:
TestData.zip
Description: TestData.zip