Topic
  • 5 replies
  • Latest Post - ‏2014-06-18T15:02:38Z by dp_techdev
vardhan128tech
vardhan128tech
9 Posts

Pinned topic Differnce between X509 sign and Crypto binary PKCS#7 SIign

‏2014-05-31T19:32:34Z |

Hi There,

Trying to find the difference between the method of Signing the document between X509 Sign action and Cryptobin operation PKCS#7 Sign operation.

As X509 for XML's and PKCS#7 is for binary documents, have question below:

 

1) Does PKCS#7 Sign also creates a digest value of binary document and the same can be used Under PKCS#7 verify to compare the digest value?

2) I do not see any RSA/3DES etc alogorithms under PKCS#7 sign action ? so that does means there is no digest value creation and matching logic etc..

3) If both X509 Sign action and Cryptobin PKCS#7 sign does the same thing, for PKCS#7 under debug logs I was not able to see the digest matching logic ?

4) Which algorithm Cryptobin PKCS#7 Sign uses ?

Appreciate your suggestions and inputs for the above questions ?

Updated on 2014-05-31T19:58:00Z at 2014-05-31T19:58:00Z by vardhan128tech
  • Chris.Ortiz
    Chris.Ortiz
    16 Posts

    Re: Differnce between X509 sign and Crypto binary PKCS#7 SIign

    ‏2014-06-02T18:42:15Z  

    The Cryptographic binary actions use the syntax and methodologies that are described in RFC 2311, S/MIME Version 2 Message Specification, dated March 1988, and RFC 2315, PKCS #7: Cryptographic Message Syntax 1.5, dated March 1998.

    The sign cryptographic binary action generates the PKCS #7 signedData type, which is the only PKCS #7 type accepted by the cryptographic binary verify action.

    The algorithm used by the cryptobin action are defined on the advanced tab of the action.  The default is rsa-sha1, and the following are available from the drop down list:


    The signature algorithm used for PKCS#7 signing.
    dsa-sha1 : DSA with SHA-1
    rsa-md5 : RSA with MD5
    rsa-sha1 : RSA with SHA-1
    rsa-sha256 : RSA with SHA-256
    rsa-sha384 : RSA with SHA-384
    rsa-sha512 : RSA with SHA-512
     

  • vardhan128tech
    vardhan128tech
    9 Posts

    Re: Differnce between X509 sign and Crypto binary PKCS#7 SIign

    ‏2014-06-09T03:18:51Z  

    The Cryptographic binary actions use the syntax and methodologies that are described in RFC 2311, S/MIME Version 2 Message Specification, dated March 1988, and RFC 2315, PKCS #7: Cryptographic Message Syntax 1.5, dated March 1998.

    The sign cryptographic binary action generates the PKCS #7 signedData type, which is the only PKCS #7 type accepted by the cryptographic binary verify action.

    The algorithm used by the cryptobin action are defined on the advanced tab of the action.  The default is rsa-sha1, and the following are available from the drop down list:


    The signature algorithm used for PKCS#7 signing.
    dsa-sha1 : DSA with SHA-1
    rsa-md5 : RSA with MD5
    rsa-sha1 : RSA with SHA-1
    rsa-sha256 : RSA with SHA-256
    rsa-sha384 : RSA with SHA-384
    rsa-sha512 : RSA with SHA-512
     

    Hi Chris,Thank you for the reply and clarification.

    Actually I do not see any options for Signature Algorithms like mentioned above while I use CryptoBinary PKCS#7 Sign under Advanced tab.

    I was using XI50 firware 6.X.Also when I tried to test , I was not able to see the logs what Datapower is doing while executingPKCS#7 Sign

    like we see the step by step in logs for X509 sign and verify for Soap messages.Are we missing anything here ?

     

  • HermannSW
    HermannSW
    6215 Posts

    Re: Differnce between X509 sign and Crypto binary PKCS#7 SIign

    ‏2014-06-09T13:23:37Z  

    Hi Chris,Thank you for the reply and clarification.

    Actually I do not see any options for Signature Algorithms like mentioned above while I use CryptoBinary PKCS#7 Sign under Advanced tab.

    I was using XI50 firware 6.X.Also when I tried to test , I was not able to see the logs what Datapower is doing while executingPKCS#7 Sign

    like we see the step by step in logs for X509 sign and verify for Soap messages.Are we missing anything here ?

     

    > Actually I do not see any options for Signature Algorithms like mentioned above while I use CryptoBinary PKCS#7 Sign under Advanced tab.
    >

     

    Hermann.

  • 9XDH_Jatinder_Malik
    9XDH_Jatinder_Malik
    1 Post

    Re: Differnce between X509 sign and Crypto binary PKCS#7 SIign

    ‏2014-06-18T09:21:12Z  
    • HermannSW
    • ‏2014-06-09T13:23:37Z

    > Actually I do not see any options for Signature Algorithms like mentioned above while I use CryptoBinary PKCS#7 Sign under Advanced tab.
    >

     

    Hermann.

    Hello Hermann,

    Even I do not see the signature algo combo box when I open the crypto binary action :-(

    We are using XI52 appliance with firmware 6002 (Firmware:XI52.6.0.0.2)

    Is there anything special need to be done for the same?

    Thanks,

    - Jitu

  • dp_techdev
    dp_techdev
    48 Posts

    Re: Differnce between X509 sign and Crypto binary PKCS#7 SIign

    ‏2014-06-18T15:02:38Z  

    Hello Hermann,

    Even I do not see the signature algo combo box when I open the crypto binary action :-(

    We are using XI52 appliance with firmware 6002 (Firmware:XI52.6.0.0.2)

    Is there anything special need to be done for the same?

    Thanks,

    - Jitu

    Hi 

    I am also facing same issue I am not able to see the that drop down option.XI52 appliance and 6.0.0.2 firm ware version.

    I have another question I am singing the xml document and I am creating detached signature ( I have turned off Include Content Data​in Advanced Properties) .

    I am passing output of sign action to crypto Binary Verify action.but it failing while doing the verification. I am not sure am i following the right procedure for verify the signature. 

    What is the use of URL Location of Detached Data otpion in verify action ? I understand i am missing some thing while doing the verify and i am not able to identify that can any one help me on this.

    Thanks in Advance