Solved

verifing digital signature

Posted on 2004-03-26
1
822 Views
Last Modified: 2010-09-14
i have created a digital signature using the code
Sub Signfile(ByVal InputFileName As String, ByVal OutputFileName As String)
On Error GoTo ErrorHandler
Dim c As String
Dim s As String
Dim MyStore As New Store
Dim Signobj As New SignedData
Dim Signer As New Signer

' NOTE: the name 'Attribute' is not a unique name
' and must be preceded by 'CAPICOM.'

Dim SigningTime As New CAPICOM.Attribute

' Open the MY store and retrieve the first certificate from the
' Store. The signing operation will only work if this certificate is
' valid and has access to the signer's private key.

MyStore.Open CAPICOM_CURRENT_USER_STORE, "MY", CAPICOM_STORE_OPEN_READ_ONLY
Signer.Certificate = MyStore.Certificates.Item(1)

' Open the input file and read the content to be signed from the file.

Open InputFileName For Input As #1
Input #1, c
Close #1

' Set the  content to be signed.

Signobj.Content = c

' Save the time the data was signed as a signer  attriute
SigningTime.Name = CAPICOM_AUTHENTICATED_ATTRIBUTE_SIGNING_TIME
SigningTime.Value = Now
Signer.AuthenticatedAttributes.Add SigningTime

'
' Sign the content using the signer's private key.
' The 'True' parameter indicates that the content signed is not
' included in the signature string.

's = Signobj.Sign(Signer, True)
s = Signobj.Sign(Signer, False)
Open OutputFileName For Output As #2
Write #2, s
Close #2

MsgBox "Signature done - Saved to file" & OutputFileName
Set Signobj = Nothing
Set MyStore = Nothing
Set Signer = Nothing
Set SigningTime = Nothing

Exit Sub

ErrorHandler:
If Err.Number > 0 Then
    MsgBox "VB Error found:" & Err.Description
Else
    MsgBox "CAPICOM error found : " & Err.Number
End If
End Sub

----------
and  verifing the same signature using the code

-------
Sub VerifySig(ByVal FileToVerify As String, ByVal FileBase As String)
On Error GoTo ErrorHandler

Dim sdContent As String
Dim sdCheck As String
Dim mySD As SignedData
Set mySD = New SignedData

'Dim x As c
' Open a file and read the signature.
Open FileToVerify For Input As #1
Input #1, sdCheck
Close #1

' Open a file and input the plaintext content that was signed.
Open FileBase For Input As #2
Input #2, sdContent
Close #2

' Set the detached content upon which the signature is based.
mySD.Content = sdContent

' Verify the detached signature.
On Error Resume Next
   ' mySD.Verify sdCheck, True
  mySD.Verify sdCheck, False
If Err.Number <> 0 Then
    MsgBox "Signature verification failed. " & Err.Description
Else
    MsgBox "Verification complete."
End If

' Release the SignedData object.
Set mySD = Nothing

Exit Sub
ErrorHandler:
    If Err.Number > 0 Then
        MsgBox "VB Error found: " & Err.Description
    Else
        MsgBox "CAPICOM error found: " & Hex(Err.Number)
    End If
End Sub

-----------

the verify procedure gives a error message

signature verification failed , an internal certificate chaining error has occured....

please help me in solving this problem

with regards
0
Comment
Question by:bhagya69
1 Comment
 
LVL 4

Accepted Solution

by:
mikkelp earned 250 total points
ID: 10702065
When the signature is verified, so is the certificate used to sign. But if the certificate authority is unavailable somehow,
- you're behind a firewall
- certificate authority is behind a firewall
- ...
the certificate cannot be verified, unless every certificate in the chain up until an available CA (certificate authority) is included in the SignedData structure's certificate chain collection.

A quick fix is to not verify the signing certificate, like this:

mySD.Verify sdCheck, false, CAPICOM_VERIFY_SIGNATURE_ONLY   ' default is CAPICOM_VERIFY_SIGNATURE_AND_CERTIFICATE

another way is to tell CAPICOM to include the chain of certificates when signing:

Signer.Options = CAPICOM_CERTIFICATE_INCLUDE_CHAIN_EXCEPT_ROOT
' other options are CAPICOM_CERTIFICATE_INCLUDE_END_ENTITY_ONLY, and _WHOLE_CHAIN

but this requires the chain of certificates to be available when signing.

good luck

mikkelp
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise Password Manager Suites as well as Local Password managers are covered in this article.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question