Solved

verifing digital signature

Posted on 2004-03-26
1
828 Views
Last Modified: 2010-09-14
i have created a digital signature using the code
Sub Signfile(ByVal InputFileName As String, ByVal OutputFileName As String)
On Error GoTo ErrorHandler
Dim c As String
Dim s As String
Dim MyStore As New Store
Dim Signobj As New SignedData
Dim Signer As New Signer

' NOTE: the name 'Attribute' is not a unique name
' and must be preceded by 'CAPICOM.'

Dim SigningTime As New CAPICOM.Attribute

' Open the MY store and retrieve the first certificate from the
' Store. The signing operation will only work if this certificate is
' valid and has access to the signer's private key.

MyStore.Open CAPICOM_CURRENT_USER_STORE, "MY", CAPICOM_STORE_OPEN_READ_ONLY
Signer.Certificate = MyStore.Certificates.Item(1)

' Open the input file and read the content to be signed from the file.

Open InputFileName For Input As #1
Input #1, c
Close #1

' Set the  content to be signed.

Signobj.Content = c

' Save the time the data was signed as a signer  attriute
SigningTime.Name = CAPICOM_AUTHENTICATED_ATTRIBUTE_SIGNING_TIME
SigningTime.Value = Now
Signer.AuthenticatedAttributes.Add SigningTime

'
' Sign the content using the signer's private key.
' The 'True' parameter indicates that the content signed is not
' included in the signature string.

's = Signobj.Sign(Signer, True)
s = Signobj.Sign(Signer, False)
Open OutputFileName For Output As #2
Write #2, s
Close #2

MsgBox "Signature done - Saved to file" & OutputFileName
Set Signobj = Nothing
Set MyStore = Nothing
Set Signer = Nothing
Set SigningTime = Nothing

Exit Sub

ErrorHandler:
If Err.Number > 0 Then
    MsgBox "VB Error found:" & Err.Description
Else
    MsgBox "CAPICOM error found : " & Err.Number
End If
End Sub

----------
and  verifing the same signature using the code

-------
Sub VerifySig(ByVal FileToVerify As String, ByVal FileBase As String)
On Error GoTo ErrorHandler

Dim sdContent As String
Dim sdCheck As String
Dim mySD As SignedData
Set mySD = New SignedData

'Dim x As c
' Open a file and read the signature.
Open FileToVerify For Input As #1
Input #1, sdCheck
Close #1

' Open a file and input the plaintext content that was signed.
Open FileBase For Input As #2
Input #2, sdContent
Close #2

' Set the detached content upon which the signature is based.
mySD.Content = sdContent

' Verify the detached signature.
On Error Resume Next
   ' mySD.Verify sdCheck, True
  mySD.Verify sdCheck, False
If Err.Number <> 0 Then
    MsgBox "Signature verification failed. " & Err.Description
Else
    MsgBox "Verification complete."
End If

' Release the SignedData object.
Set mySD = Nothing

Exit Sub
ErrorHandler:
    If Err.Number > 0 Then
        MsgBox "VB Error found: " & Err.Description
    Else
        MsgBox "CAPICOM error found: " & Hex(Err.Number)
    End If
End Sub

-----------

the verify procedure gives a error message

signature verification failed , an internal certificate chaining error has occured....

please help me in solving this problem

with regards
0
Comment
Question by:bhagya69
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 4

Accepted Solution

by:
mikkelp earned 250 total points
ID: 10702065
When the signature is verified, so is the certificate used to sign. But if the certificate authority is unavailable somehow,
- you're behind a firewall
- certificate authority is behind a firewall
- ...
the certificate cannot be verified, unless every certificate in the chain up until an available CA (certificate authority) is included in the SignedData structure's certificate chain collection.

A quick fix is to not verify the signing certificate, like this:

mySD.Verify sdCheck, false, CAPICOM_VERIFY_SIGNATURE_ONLY   ' default is CAPICOM_VERIFY_SIGNATURE_AND_CERTIFICATE

another way is to tell CAPICOM to include the chain of certificates when signing:

Signer.Options = CAPICOM_CERTIFICATE_INCLUDE_CHAIN_EXCEPT_ROOT
' other options are CAPICOM_CERTIFICATE_INCLUDE_END_ENTITY_ONLY, and _WHOLE_CHAIN

but this requires the chain of certificates to be available when signing.

good luck

mikkelp
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There's a lot of hype surrounding blockchain technology. Here's how it works and some of the novel ways it' s now being used - including for data protection.
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question