SignedCMS Verification Problem

  • Thread starter Thread starter Brian
  • Start date Start date
B

Brian

Hello All,
I have run into an issue in trying to verify a detached SignedCMS
digital signature on the Compact Framework.

On the Full Framework, I have successfully verified my data using the
following code:

byte[] signature = File.ReadAllBytes(@"D:\signature.dat");
byte[] content = File.ReadAllBytes(@"D:\signedData.dat");
System.Security.Cryptography.Pkcs.ContentInfo ci = new
ContentInfo(content);

System.Security.Cryptography.Pkcs.SignedCms cms = new
SignedCms(SubjectIdentifierType.IssuerAndSerialNumber, ci,
true);
cms.Decode(signature);
cms.CheckSignature(true);

This has confirmed to me that I have the correct input data.
Unfortunately, the Pkcs namespace, and the Signedms class, are not
available on the Compact Framework.

I have written code to manually parse out the X509 Signature from the
signature, as well as the message digest contained in the SignerInfo
block of the signature. In short, I know I have the correct public
key, as well as the encrypted data that I want to decrypt.

The data was signed using RSA-SHA12048.

I use the following code to declare my RSA object:

X509Certificate2 cert = new X509Certificate2(certData);
RSACryptoServiceProvider rsa =
(RSACryptoServiceProvider)cert.PublicKey.Key;

I then gather my inputs, where data is the signed message and
messageDigest is the 256 byte block parsed out of the SignedCMS
Object.

bool check = rsa.VerifyData(data, new SHA1CryptoServiceProvider(),
messageDigest);

This hopeful looking call ALWAYS returns false, and I'm at a bit of a
loss as to why.

I decided at this point to try and decrypt the messageDigest manually,
just to see what the result would be, using the following code:

byte[] decryptedData = rsa.Decrypt(messageDigest, false);

Which threw a CryptographicException "Bad Key."

I'm completely stumped by this one, as I know that the public key in
the cert is valid, and I already used it to verify the data using
the .NET SignedCMS class.

So there it is - does anyone know where I am going wrong? If not,
does anyone know of a third party signedcms class for the compact
framework? I'm at a loss here...
Thanks,
Brian
 
Back
Top