Solved

verifing digital signature

Posted on 2004-03-26
1
816 Views
Last Modified: 2010-09-14
i have created a digital signature using the code
Sub Signfile(ByVal InputFileName As String, ByVal OutputFileName As String)
On Error GoTo ErrorHandler
Dim c As String
Dim s As String
Dim MyStore As New Store
Dim Signobj As New SignedData
Dim Signer As New Signer

' NOTE: the name 'Attribute' is not a unique name
' and must be preceded by 'CAPICOM.'

Dim SigningTime As New CAPICOM.Attribute

' Open the MY store and retrieve the first certificate from the
' Store. The signing operation will only work if this certificate is
' valid and has access to the signer's private key.

MyStore.Open CAPICOM_CURRENT_USER_STORE, "MY", CAPICOM_STORE_OPEN_READ_ONLY
Signer.Certificate = MyStore.Certificates.Item(1)

' Open the input file and read the content to be signed from the file.

Open InputFileName For Input As #1
Input #1, c
Close #1

' Set the  content to be signed.

Signobj.Content = c

' Save the time the data was signed as a signer  attriute
SigningTime.Name = CAPICOM_AUTHENTICATED_ATTRIBUTE_SIGNING_TIME
SigningTime.Value = Now
Signer.AuthenticatedAttributes.Add SigningTime

'
' Sign the content using the signer's private key.
' The 'True' parameter indicates that the content signed is not
' included in the signature string.

's = Signobj.Sign(Signer, True)
s = Signobj.Sign(Signer, False)
Open OutputFileName For Output As #2
Write #2, s
Close #2

MsgBox "Signature done - Saved to file" & OutputFileName
Set Signobj = Nothing
Set MyStore = Nothing
Set Signer = Nothing
Set SigningTime = Nothing

Exit Sub

ErrorHandler:
If Err.Number > 0 Then
    MsgBox "VB Error found:" & Err.Description
Else
    MsgBox "CAPICOM error found : " & Err.Number
End If
End Sub

----------
and  verifing the same signature using the code

-------
Sub VerifySig(ByVal FileToVerify As String, ByVal FileBase As String)
On Error GoTo ErrorHandler

Dim sdContent As String
Dim sdCheck As String
Dim mySD As SignedData
Set mySD = New SignedData

'Dim x As c
' Open a file and read the signature.
Open FileToVerify For Input As #1
Input #1, sdCheck
Close #1

' Open a file and input the plaintext content that was signed.
Open FileBase For Input As #2
Input #2, sdContent
Close #2

' Set the detached content upon which the signature is based.
mySD.Content = sdContent

' Verify the detached signature.
On Error Resume Next
   ' mySD.Verify sdCheck, True
  mySD.Verify sdCheck, False
If Err.Number <> 0 Then
    MsgBox "Signature verification failed. " & Err.Description
Else
    MsgBox "Verification complete."
End If

' Release the SignedData object.
Set mySD = Nothing

Exit Sub
ErrorHandler:
    If Err.Number > 0 Then
        MsgBox "VB Error found: " & Err.Description
    Else
        MsgBox "CAPICOM error found: " & Hex(Err.Number)
    End If
End Sub

-----------

the verify procedure gives a error message

signature verification failed , an internal certificate chaining error has occured....

please help me in solving this problem

with regards
0
Comment
Question by:bhagya69
1 Comment
 
LVL 4

Accepted Solution

by:
mikkelp earned 250 total points
Comment Utility
When the signature is verified, so is the certificate used to sign. But if the certificate authority is unavailable somehow,
- you're behind a firewall
- certificate authority is behind a firewall
- ...
the certificate cannot be verified, unless every certificate in the chain up until an available CA (certificate authority) is included in the SignedData structure's certificate chain collection.

A quick fix is to not verify the signing certificate, like this:

mySD.Verify sdCheck, false, CAPICOM_VERIFY_SIGNATURE_ONLY   ' default is CAPICOM_VERIFY_SIGNATURE_AND_CERTIFICATE

another way is to tell CAPICOM to include the chain of certificates when signing:

Signer.Options = CAPICOM_CERTIFICATE_INCLUDE_CHAIN_EXCEPT_ROOT
' other options are CAPICOM_CERTIFICATE_INCLUDE_END_ENTITY_ONLY, and _WHOLE_CHAIN

but this requires the chain of certificates to be available when signing.

good luck

mikkelp
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now