none
C# As2 verify MDN's pkcs7 signature RRS feed

  • Question

  • Hi,

    I'm working on a function to verify the pkcs7 signature of a signed MDN. Here is the signed MDN sample:

    --MDNBoundary
    Content-Type: text/plain

    The incoming message from TestAs2 to TestRSS with Id <TestAs2_02322114322015> was received successfully. This is not a guarantee that the message has been processed by the receiving translator.

    --MDNBoundary
    Content-Type: message/disposition-notification

    Original-Recipient: rfc822;TestRSS
    Final-Recipient: rfc822;TestRSS
    Original-Message-ID: <TestAs2_02322114322015>
    Dis-action/MDN-sent-automatically; processed
    Received-Content-MIC: AbEGYxwUjcijAywYUXNhtOK+DWs=, sha1

    --MDNBoundary--

    --boundarycTSCAg==
    Content-Type: application/pkcs7-signature;   name="smime.p7s"
    Content-Dis filename="smime.p7s"
    Content-Transfer-Encoding: base64

    MIIDOAYJKoZIhvcNAQcCoIIDKTCCAyUCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCAcww
    ggHIMIIBMaADAgECAgEBMA0GCSqGSIb3DQEBCwUAMCoxGTAXBgNVBAMTEFRlc3QgQ2VydGlmaWNh
    dGUxDTALBgNVBAoTBFRlc3QwHhcNMTUwNDEwMDIyNzA3WhcNMjAwNDA4MDIyNzA3WjAqMRkwFwYD
    VQQDExBUZXN0IENlcnRpZmljYXRlMQ0wCwYDVQQKEwRUZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GN
    ADCBiQKBgQC01t5/BxICPCJ1MlB7wTu/whH1LiUVu1NJWH6H5SAtMTayUWC1JkOmd1GUPQ9PxPD5
    nFG9YwrwnzqhpS1hrn2TJKsxv3Y5Sm5mhBEj5y8bgtZ0/eN1y3VYpd7wVagmLVqOIcqJz8OjyFv1
    sgQ6XwiQEoj7hSVqEGCicd9URuvuWQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACAZEUUBxIreZGDH
    kelRL/n65es3lE4SkcxXN7PRblPGIDKPumOmmugAxdgRZUyBD/39q4lc1+CsxbNMjXTsMOKnwFsO
    D4gDm05f4sFeTX317p6rGQcK+mwO0l2qlFooyJdLSNjzW5XnjwWT9g8GVKmf1ix68OT2E1r2kjtc
    2J3ZMYIBNDCCATACAQEwLzAqMRkwFwYDVQQDExBUZXN0IENlcnRpZmljYXRlMQ0wCwYDVQQKEwRU
    ZXN0AgEBMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ
    BTEPFw0xNTA4MTQwNjMyMjJaMCMGCSqGSIb3DQEJBDEWBBRDX7jDO9G+mgOPPeWvz1hffSNuMTAN
    BgkqhkiG9w0BAQEFAASBgE1PmIrnHfiLs9gQFSFlKQ16JlVNTHl5rusifxMDOJQ6kMBV3WEiwqCj
    jp2NxOj3wYM4/ZIPd4oJFagmLCun3Jm+a/65X7gSokodkUMceoNv/GSJpIMI/Omy8SPwblxab59Z
    ucHb/17hVANljGnEC+W41Fp2cR/XtaOKkzLx4dJ5

    --boundarycTSCAg==--



    I'm using the code below to verify signatures and it works when verifying the message's signature but when I use it to verify the MDN's signature it returns an error 'The hash value is not correct.':

    Parameter values:

    "content" = Content-Type: text/plain
           
        The incoming message from TestAs2 to TestRSS with Id <TestAs2_02521928522015> was received successfully. This is not a guarantee that the message has been processed by the receiving translator.


    "signerCertFullPath" = public certificate's full path. Example: C:\As2FileTransferServiceTestA\Certificate\testas2cert.cer


    "signature" =   MIIDOAYJKoZIhvcNAQcCoIIDKTCCAyUCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCAcww
    ggHIMIIBMaADAgECAgEBMA0GCSqGSIb3DQEBCwUAMCoxGTAXBgNVBAMTEFRlc3QgQ2VydGlmaWNh
    dGUxDTALBgNVBAoTBFRlc3QwHhcNMTUwNDEwMDIyNzA3WhcNMjAwNDA4MDIyNzA3WjAqMRkwFwYD
    VQQDExBUZXN0IENlcnRpZmljYXRlMQ0wCwYDVQQKEwRUZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GN
    ADCBiQKBgQC01t5/BxICPCJ1MlB7wTu/whH1LiUVu1NJWH6H5SAtMTayUWC1JkOmd1GUPQ9PxPD5
    nFG9YwrwnzqhpS1hrn2TJKsxv3Y5Sm5mhBEj5y8bgtZ0/eN1y3VYpd7wVagmLVqOIcqJz8OjyFv1
    sgQ6XwiQEoj7hSVqEGCicd9URuvuWQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACAZEUUBxIreZGDH
    kelRL/n65es3lE4SkcxXN7PRblPGIDKPumOmmugAxdgRZUyBD/39q4lc1+CsxbNMjXTsMOKnwFsO
    D4gDm05f4sFeTX317p6rGQcK+mwO0l2qlFooyJdLSNjzW5XnjwWT9g8GVKmf1ix68OT2E1r2kjtc
    2J3ZMYIBNDCCATACAQEwLzAqMRkwFwYDVQQDExBUZXN0IENlcnRpZmljYXRlMQ0wCwYDVQQKEwRU
    ZXN0AgEBMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ
    BTEPFw0xNTA4MTQwNjMyMjJaMCMGCSqGSIb3DQEJBDEWBBRDX7jDO9G+mgOPPeWvz1hffSNuMTAN
    BgkqhkiG9w0BAQEFAASBgE1PmIrnHfiLs9gQFSFlKQ16JlVNTHl5rusifxMDOJQ6kMBV3WEiwqCj
    jp2NxOj3wYM4/ZIPd4oJFagmLCun3Jm+a/65X7gSokodkUMceoNv/GSJpIMI/Omy8SPwblxab59Z
    ucHb/17hVANljGnEC+W41Fp2cR/XtaOKkzLx4dJ5


    Source code:

    public bool VerifySignature(string content, string signature, string signerCertFullPath)
    {
          try
          {
              byte[] arSignature = arSignature = Convert.FromBase64String(signature);

              if (arSignature != null)
              {
                 byte[] arContent = ASCIIEncoding.ASCII.GetBytes(content);
                 ContentInfo contentInfo = new ContentInfo(arContent);
                 SignedCms signedCms = new SignedCms(contentInfo, true);
                 signedCms.Decode(arSignature);
                 signedCms.CheckSignature(new X509Certificate2Collection(new X509Certificate2(signerCertFullPath)), true); //error: 'The hash value is not correct.'
                 return true;
              }
           }
           catch
           {
               //invalid signature
           }

           return false;
    }


    Please help thanks.

    Ben


    Friday, August 28, 2015 9:40 AM

Answers