0

I am trying to implement a SCEP service, my experience with cryptography++ is quite limited so this has been an uphill battle. Currently I am accepting a certificate request from a client, and I am working de interpret the request. The certificate request should be in the form of a CMS/PKCS#7, however I am having great difficulties interpreting it:

  1. When using the ASN.1 edtor at http://lipingshare.com/Asn1Editor/ I just get "Failed to read data".
  2. When using 'openssl asn1parse -inform DER < bytes' on Linux I get something which seems quite sensible. The application should run on Windows .NET so the detr into linux was mainly one of despair.

  3. Trying to decode in .NET fails:

    byte[] data = Convert.FromBase64String( input_message );
    SignedCms signerInfo = new SignedCms();
    EnvelopedCms contentInfo = new EnvelopedCms();
    signerInfo.decode(data);
    contentInfo.Decode( signerInfo.ContentInfo.Content );
    contentInfo.Decrypt();[*]

    [*]: This fails with a CryptographicException and message: "Cannot find object or property".

  4. Trying to decode with BouncyCastle .NET classes fails:

    byte[] data = Convert.FromBase64String( input_message );
    Org.BouncyCastle.Cms.CmsSignedData signedData = new CmsDignedData( data );
    Org.BouncyCastle.Cms.CmsEnvelopedData ed = new CmsEnvelopedData( signedD.ContentInfo);[*]

    [*] This fails with "ArgumentException" and message: "unknown object in factor: BerTaggedObject".

I realize this does not satisfy StackOverflows requirements of a clear and concise question; but I guess that just reflects the lack of clearness on my side :-( Basically I would be very grateful for any tips on how to to interpret a SCEP message (CMS/PKCS#7) in .NET, using either standard Windows classes or the BouncyCastle API; but to conclude with some concrete questions:

  1. Can I infer something from the fact that asn1parse on Linux seems to handle my message, whereas the Lipingshare Asn.1 editor fails?
  2. The SCEP standards says that the CMS message should be BER encoded; whereas the asn1parse programs takes a '-inform DER' switch (and still works...), and the BouncyCastle class seems to complain about a BERTaggedObject.

Grateful for any ideas, thoughts or suggestions.

Joakim

user422005
  • 1,989
  • 16
  • 34
  • You have about 10 questions tied up in there. An answer requires expertise in some combination of SCEP, CMS, Bouncycastle C# library, .NET CMS classes, openssl asn1parse, lipingshare.com asn1editor, BER versus DER encoding, and so on. A BER or DER encoded ASN.1 structure can't really be successfully parsed without knowing the ASN.1 structures it is supposed to represent. The various tools such as asn1parse just use heuristics to try and get as far as they can. – President James K. Polk Jul 10 '12 at 23:31
  • I realize my 'question' was not really adequately formulated; but thank you for the comment about asn.1 heuristics. – user422005 Jul 11 '12 at 05:35

0 Answers0