PKCS#7 verification

Ismael Blesa Part (iblesa@tissat.es)
Thu, 15 Jul 1999 12:12:55 +0200

Date: Thu, 15 Jul 1999 12:12:55 +0200
From: "Ismael Blesa Part" <iblesa@tissat.es>
To: java-security@java.sun.com, iaik-jce@iaik.tu-graz.ac.at
Subject: PKCS#7 verification

I'm trying to verify the encrypted digest in a Pkcs#7 signedData
object. But I have some problems with the format.
I am using the IAIK.JCE2.5 . http://jcewww.iaik.tu-graz.ac.at/
I don't understand why the ASN1object that I get from ASN1 is so small,
and later
when I try to use it I get an exception.

What I am doing wrong?

this is the code I have problems with

ASN1 asn1 = new ASN1(pkcs.getBytes());
out.println("asn1:"+asn1.toString());
ASN1Object asn1_object = asn1.toASN1Object();
out.println("----------------------------------------------------");
out.println("asn1_object:"+asn1_object.toString());

AlgorithmID[] algIDs = { AlgorithmID.sha1, AlgorithmID.md5 };
try {
signed_data = new SignedData(message, algIDs);
out.println("obtenemos el objeto SignedData");
} catch (NoSuchAlgorithmException ex) {
throw new PKCSException(ex.getMessage());
}

// get an InputStream for reading the signed content
InputStream data = signed_data.getInputStream();
ByteArrayOutputStream os = new ByteArrayOutputStream();
StreamCopier sc = new StreamCopier(data, os);
sc.copyStream();

try {
signed_data.decode(obj);
} catch (PKCSParsingException pkcs) {
out.println("PKCSParsingException"+pkcs.toString());
}

And the output is:

asn1:SEQUENCE[C] = 2 elements
OBJECT ID = PKCS#7 signedData
CONTEXTSPECIFIC[C] = [0] EXPLICIT
SEQUENCE[C] = 5 elements
INTEGER = 1
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = SHA
NULL = null
SEQUENCE[C] = 1 elements
OBJECT ID = PKCS#7 data
CONTEXTSPECIFIC[C] = [0] EXPLICIT
SEQUENCE[C] = 3 elements
SEQUENCE[C] = 7 elements
CONTEXTSPECIFIC[C] = [0] EXPLICIT
INTEGER = 2
INTEGER = 527
SEQUENCE[C] = 2 elements
OBJECT ID = md5WithRSAEncryption
NULL = null
SEQUENCE[C] = 5 elements
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = countryName
PrintableString = "ES"
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = stateOrProvinceName
PrintableString = "Madrid"
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = organizationName
PrintableString = "ACE"
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = organizationalUnitName
PrintableString = "Clase 1"
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = commonName
PrintableString = "ACE Clientes1"
SEQUENCE[C] = 2 elements
UTCTime = 990121091651Z
UTCTime = 000121051600Z
SEQUENCE[C] = 7 elements
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = countryName
PrintableString = "es"
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = stateOrProvinceName
PrintableString = "Valencia"
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = localityName
PrintableString = "Valencia"
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = organizationName
PrintableString = "Tissat"
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = organizationalUnitName
PrintableString = "Infomarket"
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = commonName
PrintableString = "Maria Angeles"
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = emailAddress
IA5String = "mangeles@tissat.es"
SEQUENCE[C] = 2 elements
SEQUENCE[C] = 2 elements
OBJECT ID = rsaEncryption
NULL = null
BIT STRING = 74 byte(s); 0 bit(s) not valid
SEQUENCE[C] = 2 elements
OBJECT ID = md5WithRSAEncryption
NULL = null
BIT STRING = 128 byte(s); 0 bit(s) not valid
SET[C] = 1 elements
SEQUENCE[C] = 6 elements
INTEGER = 1
SEQUENCE[C] = 2 elements
SEQUENCE[C] = 5 elements
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = countryName
PrintableString = "ES"
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = stateOrProvinceName
PrintableString = "Madrid"
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = organizationName
PrintableString = "ACE"
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = organizationalUnitName
PrintableString = "Clase 1"
SET[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = commonName
PrintableString = "ACE Clientes1"
INTEGER = 527
SEQUENCE[C] = 2 elements
OBJECT ID = SHA
NULL = null
CONTEXTSPECIFIC[C] = [0] EXPLICIT
SEQUENCE[C] = 2 elements
OBJECT ID = contentType
SET[C] = 1 elements
OBJECT ID = PKCS#7 data
SEQUENCE[C] = 2 elements
OBJECT ID = signingTime
SET[C] = 1 elements
UTCTime = 990715091946Z
SEQUENCE[C] = 2 elements
OBJECT ID = symmetricCapabilities
SET[C] = 1 elements
SEQUENCE[C] = 1 elements
SEQUENCE[C] = 2 elements
OBJECT ID = RC2-CBC
INTEGER = 40
SEQUENCE[C] = 2 elements
OBJECT ID = messageDigest
SET[C] = 1 elements
OCTET STRING = 20 bytes: B1:66:50:B9:70...
SEQUENCE[C] = 2 elements
OBJECT ID = rsaEncryption
NULL = null
OCTET STRING = 64 bytes: BA:D1:1E:A3:16...

----------------------------------------------------
asn1_object:SEQUENCE[C] = 2 elements
PKCSParsingException: iaik.pkcs.PKCSParsingException: Next ASN.1 object
is no INTEGER!