none
How to add CmsSigner.SignedAttributes RRS feed

  • Question

  • Hi all,

    I'm trying to implement SCEP client .

    One step is to create SignedCms():

    public static byte[] SignMsg(Byte[] msg, X509Certificate2 signerCert)
    {
    	ContentInfo contentInfo = new ContentInfo(msg);
    	SignedCms signedCms = new SignedCms(contentInfo);
    	CmsSigner cmsSigner = new CmsSigner(signerCert);
    
    	// 2.16.840.1.113733.1.9.7 scep-transId - PRINTABLE STRING - SHA-1 of public key 
    	SHA1Managed SH1Hash = new SHA1Managed();
    	byte[] hash = SH1Hash.ComputeHash(signerCert.GetPublicKey());
        	cmsSigner.SignedAttributes.Add(new AsnEncodedData("2.16.840.1.113733.1.9.7", hash));
    
    	signedCms.ComputeSignature(cmsSigner);
    
    	//  Encode the PKCS #7 message.
    	return signedCms.Encode();
    }

    Previous code works, but "transId" is somehow incorrectly coded.

    It should be PrintableString. ASN1 decoders cannot decode this.

    What is bad with my code?

    Is any possibility to specify that SignedAttribute is e.g. "Printable String" or "Octet String?

    Thanks.

    Jiri


    • Edited by jirpun Friday, October 25, 2013 1:09 PM
    Friday, October 25, 2013 12:24 PM

Answers

  • Hi jirpun,

    I think we have to make sure the byte[] we pass to AsnEncodedData is Unicode which is from a Printablestring "Base64String". Try the following.

                SHA1Managed SH1Hash = new SHA1Managed();
                byte[] hash = SH1Hash.ComputeHash(signerCert.GetPublicKey());
                String s = Convert.ToBase64String(hash);
                cmsSigner.SignedAttributes.Add(new AsnEncodedData("2.16.840.1.113733.1.9.7", Encoding.Unicode.GetBytes(s)));
    
    
    Let me know the result.


    <THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
    Thanks
    Alan Yao
    MSDN Community Support

    Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    • Marked as answer by jirpun Wednesday, October 30, 2013 7:55 AM
    Tuesday, October 29, 2013 4:50 PM

All replies

  • Hi Jiri,

    Per my understanding, you want to sign and envelop a message. Here is the page which shows you how to do this. http://msdn.microsoft.com/en-us/library/ms180961(v=vs.85).aspx. Please follow the requirement of the page to sign and envelop your message.

    What is the “transId”? Why do you think it should be PrintableString? Please describe your problem in detail.

    Additional information:

    http://msdn.microsoft.com/en-us/library/ms180952(v=vs.85).aspx

    Best Regards,


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, October 28, 2013 3:21 AM
    Moderator
  • Hi,

    yes, I want to envelope a message  at first and next to sign it.

    The "tranId" is one of "authenticatedAttributes" of "SignerInfo". The SCEP protocol defines it as PrintableString. It's defined as a hash of signer public key.

    If I try to insert it into SignedMessage as new AsnEncodedData() into SignedAttributes, I'm not able to specify what format it should be: PrintableString, OctetString, ...

    The result is that the message is not accepted by a server and it also cannot be parsed by any ASN1 parsers (e.g. http://lapo.it/asn1js/ or asn1dump).

    Jiri

    Monday, October 28, 2013 6:23 AM
  • Hi jirpun,

    I think we have to make sure the byte[] we pass to AsnEncodedData is Unicode which is from a Printablestring "Base64String". Try the following.

                SHA1Managed SH1Hash = new SHA1Managed();
                byte[] hash = SH1Hash.ComputeHash(signerCert.GetPublicKey());
                String s = Convert.ToBase64String(hash);
                cmsSigner.SignedAttributes.Add(new AsnEncodedData("2.16.840.1.113733.1.9.7", Encoding.Unicode.GetBytes(s)));
    
    
    Let me know the result.


    <THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
    Thanks
    Alan Yao
    MSDN Community Support

    Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    • Marked as answer by jirpun Wednesday, October 30, 2013 7:55 AM
    Tuesday, October 29, 2013 4:50 PM
  • Hi Alan,

    thank you, but it doesn't help. But maybe the problem is more complex and I am not expert in PKCS#7 and CMS.

    Jiri

    Wednesday, October 30, 2013 7:30 AM
  • Hi Jiri,

    It works on my side. Is it possible that you can share a test project and share it on skydrive?


    <THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
    Thanks
    Alan Yao
    MSDN Community Support

    Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    Wednesday, October 30, 2013 7:44 AM
  • Hi Alan,

    it works on my side too. But the result is not accepted by SCEP server. 

    I'm not sure at this moment where are all problems. I 'll open other more general question in other threads.

    Thank you.

    Jiri

    Thursday, October 31, 2013 6:40 AM
  • Hey Guys,

    Wondering if you figured this one out?  I'm creating a scep server and like what Jiri said some of the attributes needs to be printableString but its always outputting a octetstring.  

    the scep client side says the messagetype should be 3. but when i asnencoded im getting the hex value of the ascii code of 33 instead of "3"

    string messageType = "3";
    Object messageTypeData = new Object();
    messageTypeData = messageType;
    byte[] asnMessgType = BerConverter.Encode("s",messageType);
    Oid oidMessageType = new Oid("2.16.840.1.113733.1.9.2");
    AsnEncodedData asnMessageType = new AsnEncodedData(oidMessageType, asnMessgType);
    Thursday, November 14, 2013 9:10 AM
  • got it figured out.  the BerConverter was not getting the correct byte values for the printablestring.  going to manually set it
    Thursday, November 14, 2013 10:51 PM