none
AS2 MDN generate PKCS7 Signature RRS feed

  • Question

  • Hi,

    I'm working on a function to send back a signed MDN with an attached PKCS7 signature to my As2 Trading Partner. May I know which part/content from the MDN do I need to sign? I've tried to sign the header and message part of the MDN but signature is not valid when received from my remote trading partner.

    see sample MDN below:

    --MDNBoundary
    Content-Type: text/plain

    The incoming message from TestAs2A to TestAs2B with Id <TestAs2A_02322114322015> was received successfully. This is not a guarantee that the message has been processed by the receiving translator.

    --MDNBoundary
    Content-Type: message/disposition-notification

    Original-Recipient: rfc822;TestAs2B
    Final-Recipient: rfc822;TestAs2B
    Original-Message-ID: <TestAs2A_02322114322015>
    Dis-action/MDN-sent-automatically; processed
    Received-Content-MIC: AbEGYxwUjcijAywYUXNhtOK+DWs=, sha1

    --MDNBoundary--

    see sample PKCS7 Signature below:

    --boundarycTSCAg==
    Content-Type: application/pkcs7-signature;   name="smime.p7s"
    Content-Dis; filename="smime.p7s"
    Content-Transfer-Encoding: base64

    MIIDOAYJKoZIhvcNAQcCoIIDKTCCAyUCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCAcww
    ggHIMIIBMaADAgECAgEBMA0GCSqGSIb3DQEBCwUAMCoxGTAXBgNVBAMTEFRlc3QgQ2VydGlmaWNh
    dGUxDTALBgNVBAoTBFRlc3QwHhcNMTUwNDEwMDIyNzA3WhcNMjAwNDA4MDIyNzA3WjAqMRkwFwYD
    VQQDExBUZXN0IENlcnRpZmljYXRlMQ0wCwYDVQQKEwRUZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GN
    ADCBiQKBgQC01t5/BxICPCJ1MlB7wTu/whH1LiUVu1NJWH6H5SAtMTayUWC1JkOmd1GUPQ9PxPD5
    nFG9YwrwnzqhpS1hrn2TJKsxv3Y5Sm5mhBEj5y8bgtZ0/eN1y3VYpd7wVagmLVqOIcqJz8OjyFv1
    sgQ6XwiQEoj7hSVqEGCicd9URuvuWQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACAZEUUBxIreZGDH
    kelRL/n65es3lE4SkcxXN7PRblPGIDKPumOmmugAxdgRZUyBD/39q4lc1+CsxbNMjXTsMOKnwFsO
    D4gDm05f4sFeTX317p6rGQcK+mwO0l2qlFooyJdLSNjzW5XnjwWT9g8GVKmf1ix68OT2E1r2kjtc
    2J3ZMYIBNDCCATACAQEwLzAqMRkwFwYDVQQDExBUZXN0IENlcnRpZmljYXRlMQ0wCwYDVQQKEwRU
    ZXN0AgEBMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ
    BTEPFw0xNTA4MTQwNjMyMjJaMCMGCSqGSIb3DQEJBDEWBBRDX7jDO9G+mgOPPeWvz1hffSNuMTAN
    BgkqhkiG9w0BAQEFAASBgE1PmIrnHfiLs9gQFSFlKQ16JlVNTHl5rusifxMDOJQ6kMBV3WEiwqCj
    jp2NxOj3wYM4/ZIPd4oJFagmLCun3Jm+a/65X7gSokodkUMceoNv/GSJpIMI/Omy8SPwblxab59Z
    ucHb/17hVANljGnEC+W41Fp2cR/XtaOKkzLx4dJ5

    --boundarycTSCAg==--


    Thursday, September 3, 2015 9:52 AM

All replies

  • Hi Benjamin,

    Do you use BizTalk?  By search on web, I found MIC is related to signature of MDN.

    Calculates the MIC (Message Integrity Check) for the AS2 message payload and appends it to the Received-content-MIC extension field of the MDN. The algorithm to be applied for the MIC is determined by the signed-receipt-micalg header of the incoming message or the Signing Algorithm property on the Sender MDN Settings page of the one-way agreement tab of the Agreement Properties dialog box (when the inbound message properties are overridden). The value of the algorithm is also included in the MDN.

    Links below are for your reference.
    https://msdn.microsoft.com/en-us/library/bb245962.aspx
    https://msdn.microsoft.com/en-us/library/bb226483.aspx

    Best Regards,
    Li Wang

    Friday, September 4, 2015 3:08 AM
    Moderator
  • Hi Li,

    Thank you for your reply. I'm developing my own AS2 software and my Trading Partner is using RSS Bus Server (AS2 Connector) to send and receive messages. I've already implemented Received-content-MIC and I'm pretty sure that its working but the only problem I have now is verifying the attached PKCS7 Signature or SMIME from the signed MDN. The part that I'm trying to verify is this base64 string part of a signed MDN:

    MIIDOAYJKoZIhvcNAQcCoIIDKTCCAyUCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCAcww
    ggHIMIIBMaADAgECAgEBMA0GCSqGSIb3DQEBCwUAMCoxGTAXBgNVBAMTEFRlc3QgQ2VydGlmaWNh
    dGUxDTALBgNVBAoTBFRlc3QwHhcNMTUwNDEwMDIyNzA3WhcNMjAwNDA4MDIyNzA3WjAqMRkwFwYD
    VQQDExBUZXN0IENlcnRpZmljYXRlMQ0wCwYDVQQKEwRUZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GN
    ADCBiQKBgQC01t5/BxICPCJ1MlB7wTu/whH1LiUVu1NJWH6H5SAtMTayUWC1JkOmd1GUPQ9PxPD5
    nFG9YwrwnzqhpS1hrn2TJKsxv3Y5Sm5mhBEj5y8bgtZ0/eN1y3VYpd7wVagmLVqOIcqJz8OjyFv1
    sgQ6XwiQEoj7hSVqEGCicd9URuvuWQIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACAZEUUBxIreZGDH
    kelRL/n65es3lE4SkcxXN7PRblPGIDKPumOmmugAxdgRZUyBD/39q4lc1+CsxbNMjXTsMOKnwFsO
    D4gDm05f4sFeTX317p6rGQcK+mwO0l2qlFooyJdLSNjzW5XnjwWT9g8GVKmf1ix68OT2E1r2kjtc
    2J3ZMYIBNDCCATACAQEwLzAqMRkwFwYDVQQDExBUZXN0IENlcnRpZmljYXRlMQ0wCwYDVQQKEwRU
    ZXN0AgEBMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ
    BTEPFw0xNTA4MTQwNjMyMjJaMCMGCSqGSIb3DQEJBDEWBBRDX7jDO9G+mgOPPeWvz1hffSNuMTAN
    BgkqhkiG9w0BAQEFAASBgE1PmIrnHfiLs9gQFSFlKQ16JlVNTHl5rusifxMDOJQ6kMBV3WEiwqCj
    jp2NxOj3wYM4/ZIPd4oJFagmLCun3Jm+a/65X7gSokodkUMceoNv/GSJpIMI/Omy8SPwblxab59Z
    ucHb/17hVANljGnEC+W41Fp2cR/XtaOKkzLx4dJ5


    Thanks,

    Ben

    Friday, September 4, 2015 3:35 AM
  • Hi Benjamin Penn,

    I am not familiar with MDN protocol. Suggestions I can give is you should find out that how is PKCS7 Signature produced and use the same way to verify it. And based on your description, you are developing your own AS2 software, so could you share your code about how do you generate your PKCS7 Signature.

    Best Regards,
    Li Wang

    Friday, September 18, 2015 3:04 AM
    Moderator