Got it. Need to make it cleaner in my code but the aim here is to get ProtectedPkiMessage and use the prebuilt 'verify' method.
I used PKIMessage before.
ProtectedPKIMessage resp = new ProtectedPKIMessage(new GeneralPKIMessage(message));
if (resp.verify(new JcaContentVerifierProviderBuilder().build(publicKey))) {
....
}
-----Original Message-----
From: Brian Dechoux (ext) [mailto:Brian.Dechoux-***@luxtrust.lu]
Sent: Freideg 14 Oktober 2016 09:49
To: ejbca-***@lists.sourceforge.net
Subject: Re: [Ejbca-develop] CMP Response signature verify
Okay I found the snippet in the code, but in CmpMessageHelper I just can't find this method ("getProtectedBytes ") ....
It's in package org.ejbca.core.protocol.cmp Something's wrong ?
-----Original Message-----
From: Tomas Gustavsson [mailto:***@primekey.se]
Sent: Freideg 14 Oktober 2016 09:33
To: ejbca-***@lists.sourceforge.net
Subject: Re: [Ejbca-develop] CMP Response signature verify
Hi,
In your code "message.getEncoded()" looks suspicious. You can not just get the bytes from a CMP message and try to verify a signature over that, because that is not the bytes that the signature was created over.
Find a snippet of test code from EJBCA test cases:
// Verify the signature
byte[] protBytes =
CmpMessageHelper.getProtectedBytes(respObject);
DERBitString bs = respObject.getProtection();
Signature sig;
try {
sig = Signature.getInstance(expectedSignAlg, "BC");
sig.initVerify(cacert);
sig.update(protBytes);
boolean ret = sig.verify(bs.getBytes());
assertTrue(ret);
} catch (NoSuchAlgorithmException e) {
Regards,
Tomas
**********
PrimeKey Solutions AB
Lundagatan 16, 171 63 Solna, Sweden
Mob: +46 (0)707421096
Internet: www.primekey.se
Twitter: twitter.com/primekeyPKI
**********
Post by Brian Dechoux (ext)Hello,
I'm using CMP and after an Initialisation Request, I got a signed response from EJBCA.
In 'Certificate Confirmation' > 'default CA' -> I've got a CA ('test'), created in EJBCA and its issuer is the default CA ManagementCA.
With which public key should I verify this signature ?
I tried with the 3 public keys in the 'Crypto Token' view and I just can't make this work properly.
byte[] decodedPkey = Base64.decode(publicKeyString);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
KeySpec publicKeySpec = new X509EncodedKeySpec(decodedPkey);
PublicKey publicKey =
keyFactory.generatePublic(publicKeySpec);
sig.initVerify(publicKey);
sig.update(message.getEncoded());
sig.verify(message.getProtection().getBytes())
Thanks a lot
Have a good day
----------------------------------------------------------------------
-------- Check out the vibrant tech community on one of the world's
most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Ejbca-develop mailing list
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________
Ejbca-develop mailing list
Ejbca-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Ejbca-develop mailing list
Ejbca-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ejbca-develop