Topic
  • 7 replies
  • Latest Post - ‏2013-09-11T03:12:13Z by rock3111
SystemAdmin
SystemAdmin
6772 Posts

Pinned topic Decode signature failed

‏2012-08-24T13:00:57Z |
i am trying to verify the signed string with the same set of key/certs, hash value and algorithms.
i am getting 'Decode signature failed' error. Can anybody guide what can be the possible reason for this?
Updated on 2012-08-28T15:30:24Z at 2012-08-28T15:30:24Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Decode signature failed

    ‏2012-08-24T13:48:25Z  
    This means the string you passed into dp:verify() was not valid base64 data.
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Decode signature failed

    ‏2012-08-24T13:58:18Z  
    This means the string you passed into dp:verify() was not valid base64 data.
    Now i sent the base-64 encoded signature value in verify function. I am getting 'RSA signature did not verify'.
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Decode signature failed

    ‏2012-08-24T14:17:44Z  
    Now i sent the base-64 encoded signature value in verify function. I am getting 'RSA signature did not verify'.
    That means either the hash is incorrect, the signature is incorrect, or the cert is incorrect.

    How are you implementing this? It is very easy to break a signature when done manually in a stylesheet.
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Decode signature failed

    ‏2012-08-28T10:53:18Z  
    That means either the hash is incorrect, the signature is incorrect, or the cert is incorrect.

    How are you implementing this? It is very easy to break a signature when done manually in a stylesheet.
    below code is used for signing

    <func:function name="dpfunc:sign">
    <xsl:param name="text" />
    <xsl:param name="pubCertObj" />
    <xsl:variable name="result">
    <xsl:variable name="algorithm"
    select="'http://www.w3.org/2001/04/xmlenc#sha256'" />
    <xsl:variable name="signMechanism"
    select="'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'" />
    <xsl:variable name="hashValue"
    select="dp:hash($algorithm, $text)" />
    <dp:set-variable
    name="'var://context/contextname/cv_hashValue'"
    value="normalize-space($hashValue)" />
    <xsl:variable name="signature"
    select="dp:sign($signMechanism, $hashValue, $pubCertObj)" />
    <xsl:value-of select="$signature" />
    </xsl:variable>
    <func:result select="$result" />
    </func:function>

    code in xslt1 that is signing#

    <xsl:variable name="SignedTS"
    select="dpfunc:sign($TS, $signCryptoKeyObj)" />
    <xsl:variable name="serializedSignedTS"><dp:serialize select="$SignedTS" /></xsl:variable>

    <xsl:variable name="encodedSignedTS" select="dp:encode($serializedSignedTS,'base-64')" />
    and code in xslt2 for verify is#

    <xsl:variable name="signMechanism"
    select="'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'" />

    <xsl:variable name="hashValue"
    select="dp:variable('var://context/contextname/cv_hashValue')" />

    <xsl:variable name="verify"
    select="dp:verify($signMechanism, normalize-space($hashValue), normalize-space($encodedSignedTS),$signCryptoKeyObj)" />
    <dp:set-variable
    name="'var://context/contextname/cv_verify'" value="$verify" />

    here i have verified we have same value for signCryptoKeyObj as used for signing.
    encodedSignedTS is having signed string in base-64 encoded.

    in verify function, if i pass signed value (base-64 decoded), i am getting 'Decode signature failed'.
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Decode signature failed

    ‏2012-08-28T11:50:10Z  
    below code is used for signing

    <func:function name="dpfunc:sign">
    <xsl:param name="text" />
    <xsl:param name="pubCertObj" />
    <xsl:variable name="result">
    <xsl:variable name="algorithm"
    select="'http://www.w3.org/2001/04/xmlenc#sha256'" />
    <xsl:variable name="signMechanism"
    select="'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'" />
    <xsl:variable name="hashValue"
    select="dp:hash($algorithm, $text)" />
    <dp:set-variable
    name="'var://context/contextname/cv_hashValue'"
    value="normalize-space($hashValue)" />
    <xsl:variable name="signature"
    select="dp:sign($signMechanism, $hashValue, $pubCertObj)" />
    <xsl:value-of select="$signature" />
    </xsl:variable>
    <func:result select="$result" />
    </func:function>

    code in xslt1 that is signing#

    <xsl:variable name="SignedTS"
    select="dpfunc:sign($TS, $signCryptoKeyObj)" />
    <xsl:variable name="serializedSignedTS"><dp:serialize select="$SignedTS" /></xsl:variable>

    <xsl:variable name="encodedSignedTS" select="dp:encode($serializedSignedTS,'base-64')" />
    and code in xslt2 for verify is#

    <xsl:variable name="signMechanism"
    select="'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'" />

    <xsl:variable name="hashValue"
    select="dp:variable('var://context/contextname/cv_hashValue')" />

    <xsl:variable name="verify"
    select="dp:verify($signMechanism, normalize-space($hashValue), normalize-space($encodedSignedTS),$signCryptoKeyObj)" />
    <dp:set-variable
    name="'var://context/contextname/cv_verify'" value="$verify" />

    here i have verified we have same value for signCryptoKeyObj as used for signing.
    encodedSignedTS is having signed string in base-64 encoded.

    in verify function, if i pass signed value (base-64 decoded), i am getting 'Decode signature failed'.
    with above code i am getting 'RSA signature did not verify' (passing base-64 encoded signed string to verify function).
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Decode signature failed

    ‏2012-08-28T15:30:24Z  
    issue was with the code.
  • rock3111
    rock3111
    8 Posts

    Re: Decode signature failed

    ‏2013-09-11T03:12:13Z  
    issue was with the code.

    what was the issue in the above stylesheets. why are you getting the error msg. Can you please share the info