Solved

verifing digital signature

Posted on 2004-03-26
1
821 Views
Last Modified: 2010-09-14
i have created a digital signature using the code
Sub Signfile(ByVal InputFileName As String, ByVal OutputFileName As String)
On Error GoTo ErrorHandler
Dim c As String
Dim s As String
Dim MyStore As New Store
Dim Signobj As New SignedData
Dim Signer As New Signer

' NOTE: the name 'Attribute' is not a unique name
' and must be preceded by 'CAPICOM.'

Dim SigningTime As New CAPICOM.Attribute

' Open the MY store and retrieve the first certificate from the
' Store. The signing operation will only work if this certificate is
' valid and has access to the signer's private key.

MyStore.Open CAPICOM_CURRENT_USER_STORE, "MY", CAPICOM_STORE_OPEN_READ_ONLY
Signer.Certificate = MyStore.Certificates.Item(1)

' Open the input file and read the content to be signed from the file.

Open InputFileName For Input As #1
Input #1, c
Close #1

' Set the  content to be signed.

Signobj.Content = c

' Save the time the data was signed as a signer  attriute
SigningTime.Name = CAPICOM_AUTHENTICATED_ATTRIBUTE_SIGNING_TIME
SigningTime.Value = Now
Signer.AuthenticatedAttributes.Add SigningTime

'
' Sign the content using the signer's private key.
' The 'True' parameter indicates that the content signed is not
' included in the signature string.

's = Signobj.Sign(Signer, True)
s = Signobj.Sign(Signer, False)
Open OutputFileName For Output As #2
Write #2, s
Close #2

MsgBox "Signature done - Saved to file" & OutputFileName
Set Signobj = Nothing
Set MyStore = Nothing
Set Signer = Nothing
Set SigningTime = Nothing

Exit Sub

ErrorHandler:
If Err.Number > 0 Then
    MsgBox "VB Error found:" & Err.Description
Else
    MsgBox "CAPICOM error found : " & Err.Number
End If
End Sub

----------
and  verifing the same signature using the code

-------
Sub VerifySig(ByVal FileToVerify As String, ByVal FileBase As String)
On Error GoTo ErrorHandler

Dim sdContent As String
Dim sdCheck As String
Dim mySD As SignedData
Set mySD = New SignedData

'Dim x As c
' Open a file and read the signature.
Open FileToVerify For Input As #1
Input #1, sdCheck
Close #1

' Open a file and input the plaintext content that was signed.
Open FileBase For Input As #2
Input #2, sdContent
Close #2

' Set the detached content upon which the signature is based.
mySD.Content = sdContent

' Verify the detached signature.
On Error Resume Next
   ' mySD.Verify sdCheck, True
  mySD.Verify sdCheck, False
If Err.Number <> 0 Then
    MsgBox "Signature verification failed. " & Err.Description
Else
    MsgBox "Verification complete."
End If

' Release the SignedData object.
Set mySD = Nothing

Exit Sub
ErrorHandler:
    If Err.Number > 0 Then
        MsgBox "VB Error found: " & Err.Description
    Else
        MsgBox "CAPICOM error found: " & Hex(Err.Number)
    End If
End Sub

-----------

the verify procedure gives a error message

signature verification failed , an internal certificate chaining error has occured....

please help me in solving this problem

with regards
0
Comment
Question by:bhagya69
1 Comment
 
LVL 4

Accepted Solution

by:
mikkelp earned 250 total points
ID: 10702065
When the signature is verified, so is the certificate used to sign. But if the certificate authority is unavailable somehow,
- you're behind a firewall
- certificate authority is behind a firewall
- ...
the certificate cannot be verified, unless every certificate in the chain up until an available CA (certificate authority) is included in the SignedData structure's certificate chain collection.

A quick fix is to not verify the signing certificate, like this:

mySD.Verify sdCheck, false, CAPICOM_VERIFY_SIGNATURE_ONLY   ' default is CAPICOM_VERIFY_SIGNATURE_AND_CERTIFICATE

another way is to tell CAPICOM to include the chain of certificates when signing:

Signer.Options = CAPICOM_CERTIFICATE_INCLUDE_CHAIN_EXCEPT_ROOT
' other options are CAPICOM_CERTIFICATE_INCLUDE_END_ENTITY_ONLY, and _WHOLE_CHAIN

but this requires the chain of certificates to be available when signing.

good luck

mikkelp
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now