We are using the following code to validate a detached signature in NET 1.1, which is working in Windows XP and Windows Server 2003:
[Test]
public void should_validate_with_old_capicom()
{
string data = "GDNNOT172789407LGAR10277825619622017-01-0412.28.330000";
string signed = "MIIJnAYJKoZIhvcNAQcCoIIJjTCCCYkCAQExCzAJBgUrDgMCGgUAME4GCSqGSIb3DQEHAaBBBD9HRE5OT1QxNzI3ODk0MDdMR0FSNzI3ODk0MDdMMTAyNzc4MjU2MTk2MjIwMTctMDEtMDQxMi4yOC4zMzAwMDCgggd8MIIHeDCCBmCgAwIBAgIQGpXb9B2s0/1VS3myyrb9sTANBgkqhkiG9w0BAQsFADBqMQswCQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNFUkVTMRIwEAYDVQQFEwlRMjgyNjAwNEoxJDAiBgNVBAMMG0FDIEFkbWluaXN0cmFjacOzbiBQw7pibGljYTAeFw0xNTA1MDcxNDQxNTRaFw0xODA1MDcxNDQxNTRaMIGnMQswCQYDVQQGEwJFUzEsMCoGA1UECgwjRkFCUklDQSBOQUNJT05BTCBERSBNT05FREEgWSBUSU1CUkUxGzAZBgNVBAsMEnNlbGxvIGVsZWN0csOzbmljbzESMBAGA1UEBRMJUTI4MjYwMDRKMTkwNwYDVQQDDDBTRVJWSUNJTyBERSBOT1RJRklDQUNJT05FUyBFTEVDVFJPTklDQVMgRk5NVC1SQ00wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuyGB85oj/EJlgqkvrS2NN7werC5AlKPiMqktqDOwpLyIlUFl0DhF9fHDX5CsWx7z4zriVB7jwDx7W7JJWir+yYvEPwrbly+FF3v+HlZBQrkDOvYBzDQW7FNEPeWoMxP0M09bCjmcU/QWB5DJo0B1mpdn9osLMqlxQ4VIWBJdajm3OoDJUj8DzTxUZMAfT/zcMzGSdYASLd022YDI3fzlQQ9C/f48Qb2y58pgEjgahcULuGxv+3HLoGT+qZO9ldg0aTtJxAPVuMVib7SjEnB1mQeiss/vJD4RKuBDVvZG3esREFKyQ2jJCrQjj0RL9BDU6zJn12VqzOS7onPN158M3AgMBAAGjggPaMIID1jCBxQYDVR0RBIG9MIG6pIG3MIG0MUAwPgYJYIVUAQMFAgIFDDFTRVJWSUNJTyBERSBOT1RJRklDQUNJT05FUyBFTEVDVFLDk05JQ0FTIEZOTVQtUkNNMRgwFgYJYIVUAQMFAgIDDAlRMjgyNjAwNEoxMzAxBglghVQBAwUCAgIMJEbDgUJSSUNBIE5BQ0lPTkFMIERFIE1PTkVEQSBZIFRJTUJSRTEhMB8GCWCFVAEDBQICAQwSc2VsbG8gZWxlY3Ryw7NuaWNvMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQWBBSNvf02Tp/7zIX5RFYxYIHO09hJYzAfBgNVHSMEGDAWgBQUEeK1K7mMmK1o0zFUQORYXwMbfTAlBggrBgEFBQcBAwQZMBcwCAYGBACORgEBMAsGBgQAjkYBAwIBDzCB7wYDVR0gBIHnMIHkMIHhBgsrBgEEAaxmAwMDAjCB0TApBggrBgEFBQcCARYdaHR0cDovL3d3dy5jZXJ0LmZubXQuZXMvZHBjcy8wgaMGCCsGAQUFBwICMIGWDIGTU3VqZXRvIGEgbGFzIGNvbmRpY2lvbmVzIGRlIHVzbyBleHB1ZXN0YXMgZW4gbGEgRGVjbGFyYWNpw7NuIGRlIFByw6FjdGljYXMgZGUgQ2VydGlmaWNhY2nDs24gZGUgbGEgRk5NVC1SQ00gKEMvSm9yZ2UgSnVhbiAxMDYtMjgwMDktTWFkcmlkLUVzcGHDsWEpMH8GCCsGAQUFBwEBBHMwcTA7BggrBgEFBQcwAYYvaHR0cDovL29jc3BhcC5jZXJ0LmZubXQuZXMvb2NzcGFwL09jc3BSZXNwb25kZXIwMgYIKwYBBQUHMAKGJmh0dHA6Ly93d3cuY2VydC5mbm10LmVzL2NlcnRzL0FDQVAuY3J0MCMGA1UdJQQcMBoGBFUdJQAGCCsGAQUFBwMCBggrBgEFBQcDBDCB7gYDVR0fBIHmMIHjMIHgoIHdoIHahoGqbGRhcDovL2xkYXBhcGUuY2VydC5mbm10LmVzL0NOPUNSTDE5OSxDTj1BQyUyMEFkbWluaXN0cmFjaSVGM24lMjBQJUZBYmxpY2EsT1U9Q0VSRVMsTz1GTk1ULVJDTSxDPUVTP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q7YmluYXJ5P2Jhc2U/b2JqZWN0Y2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGK2h0dHA6Ly93d3cuY2VydC5mbm10LmVzL2NybHNhY2FwL0NSTDE5OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAJRImLcBB5vCmihD3uS0uPG+u+MepnKQ4I5xGDLmtPmKWDmK77JPDNHUrs+SHY/RhMUjYMdrumqN8zGEg9YsbMS7+2ZDrTYg4jyvTP2+NuAVG223wHAoTzxYKyTo+KAWvmd+om83vR/YYVDBpCcabGDPU1DyNeUYm/8BKzLhrd2QZ82v++SJD1p/CznwgoZufFHNiijjtDo3h1mxxuzR6WTTM7iEyBXpDyb+xnoBJ+/KmnIza0PYrs0oEfT2DilC+8a806XTfL9nz86iKPDlOSlnHYmPbqLsT79yXIZUZV35a/TZj77AWYgWOka1aEXjoeQczC9ZRgaFii7FN/tBQJ4xggGlMIIBoQIBATB+MGoxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEOMAwGA1UECwwFQ0VSRVMxEjAQBgNVBAUTCVEyODI2MDA0SjEkMCIGA1UEAwwbQUMgQWRtaW5pc3RyYWNpw7NuIFDDumJsaWNhAhAaldv0HazT/VVLebLKtv2xMAkGBSsOAwIaBQAwDQYJKoZIhvcNAQEBBQAEggEAKxwcLWLDbFBaaqhZE2PQe884oJbYUfHGsyDihWblLX1G5yNGrjD8NH934ojVOXuaHccMQUW28Z7sEEbRx7hI/5DVoKRoEggTXTd1tkHGBFpR6yDDaXiFnUV3zi1htXoV0BmoTjJTmibKUIRZGY7yPC6IuCDWtsdvgLtl3CUX7quuSsoeTJs0PNlMSiV3zXzCuDYD9EFfqTBS+Ine077tGWuKgTMTWtp/RVsGD4lnIQGx4YcRXIMT3R/CLmNoLAJMPzsLPUMCX2CkpG6gqEUDdtGYrwX8uOUfCpJdaAnZUHYSaM4pDnC6kW71M2ENg44sm7WM9l/RF9Ld3+sj66Ra7g==";
var signedData = new SignedDataClass();
var utilities = new UtilitiesClass();
signedData.set_Content(utilities.ByteArrayToBinaryString(
Encoding.Default.GetBytes(data)
));
signedData.Verify(
signed,
true,
CAPICOM_SIGNED_DATA_VERIFY_FLAG.CAPICOM_VERIFY_SIGNATURE_ONLY
);
var signer = (Signer)signedData.Signers[1];
Assert.Pass("It was verified with capicom.");
}
We are using the same code in an NET45 project on an x64 Windows 7 machine with x86 build configuration, but it is failing with an Invalid Signature System.Runtime.InteropServices.COMException.
We have also tried to verify with System.Cryptography with no success. We add the public key of the certificate just in case it is needed. The certificate can be downloaded here.
[Test]
public void should_validate_against_dot_net_implementation()
{
string data = "GDNNOT172789407LGAR10277825619622017-01-0412.28.330000";
string signed = "MIIJnAYJKoZIhvcNAQcCoIIJjTCCCYkCAQExCzAJBgUrDgMCGgUAME4GCSqGSIb3DQEHAaBBBD9HRE5OT1QxNzI3ODk0MDdMR0FSNzI3ODk0MDdMMTAyNzc4MjU2MTk2MjIwMTctMDEtMDQxMi4yOC4zMzAwMDCgggd8MIIHeDCCBmCgAwIBAgIQGpXb9B2s0/1VS3myyrb9sTANBgkqhkiG9w0BAQsFADBqMQswCQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNFUkVTMRIwEAYDVQQFEwlRMjgyNjAwNEoxJDAiBgNVBAMMG0FDIEFkbWluaXN0cmFjacOzbiBQw7pibGljYTAeFw0xNTA1MDcxNDQxNTRaFw0xODA1MDcxNDQxNTRaMIGnMQswCQYDVQQGEwJFUzEsMCoGA1UECgwjRkFCUklDQSBOQUNJT05BTCBERSBNT05FREEgWSBUSU1CUkUxGzAZBgNVBAsMEnNlbGxvIGVsZWN0csOzbmljbzESMBAGA1UEBRMJUTI4MjYwMDRKMTkwNwYDVQQDDDBTRVJWSUNJTyBERSBOT1RJRklDQUNJT05FUyBFTEVDVFJPTklDQVMgRk5NVC1SQ00wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuyGB85oj/EJlgqkvrS2NN7werC5AlKPiMqktqDOwpLyIlUFl0DhF9fHDX5CsWx7z4zriVB7jwDx7W7JJWir+yYvEPwrbly+FF3v+HlZBQrkDOvYBzDQW7FNEPeWoMxP0M09bCjmcU/QWB5DJo0B1mpdn9osLMqlxQ4VIWBJdajm3OoDJUj8DzTxUZMAfT/zcMzGSdYASLd022YDI3fzlQQ9C/f48Qb2y58pgEjgahcULuGxv+3HLoGT+qZO9ldg0aTtJxAPVuMVib7SjEnB1mQeiss/vJD4RKuBDVvZG3esREFKyQ2jJCrQjj0RL9BDU6zJn12VqzOS7onPN158M3AgMBAAGjggPaMIID1jCBxQYDVR0RBIG9MIG6pIG3MIG0MUAwPgYJYIVUAQMFAgIFDDFTRVJWSUNJTyBERSBOT1RJRklDQUNJT05FUyBFTEVDVFLDk05JQ0FTIEZOTVQtUkNNMRgwFgYJYIVUAQMFAgIDDAlRMjgyNjAwNEoxMzAxBglghVQBAwUCAgIMJEbDgUJSSUNBIE5BQ0lPTkFMIERFIE1PTkVEQSBZIFRJTUJSRTEhMB8GCWCFVAEDBQICAQwSc2VsbG8gZWxlY3Ryw7NuaWNvMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQWBBSNvf02Tp/7zIX5RFYxYIHO09hJYzAfBgNVHSMEGDAWgBQUEeK1K7mMmK1o0zFUQORYXwMbfTAlBggrBgEFBQcBAwQZMBcwCAYGBACORgEBMAsGBgQAjkYBAwIBDzCB7wYDVR0gBIHnMIHkMIHhBgsrBgEEAaxmAwMDAjCB0TApBggrBgEFBQcCARYdaHR0cDovL3d3dy5jZXJ0LmZubXQuZXMvZHBjcy8wgaMGCCsGAQUFBwICMIGWDIGTU3VqZXRvIGEgbGFzIGNvbmRpY2lvbmVzIGRlIHVzbyBleHB1ZXN0YXMgZW4gbGEgRGVjbGFyYWNpw7NuIGRlIFByw6FjdGljYXMgZGUgQ2VydGlmaWNhY2nDs24gZGUgbGEgRk5NVC1SQ00gKEMvSm9yZ2UgSnVhbiAxMDYtMjgwMDktTWFkcmlkLUVzcGHDsWEpMH8GCCsGAQUFBwEBBHMwcTA7BggrBgEFBQcwAYYvaHR0cDovL29jc3BhcC5jZXJ0LmZubXQuZXMvb2NzcGFwL09jc3BSZXNwb25kZXIwMgYIKwYBBQUHMAKGJmh0dHA6Ly93d3cuY2VydC5mbm10LmVzL2NlcnRzL0FDQVAuY3J0MCMGA1UdJQQcMBoGBFUdJQAGCCsGAQUFBwMCBggrBgEFBQcDBDCB7gYDVR0fBIHmMIHjMIHgoIHdoIHahoGqbGRhcDovL2xkYXBhcGUuY2VydC5mbm10LmVzL0NOPUNSTDE5OSxDTj1BQyUyMEFkbWluaXN0cmFjaSVGM24lMjBQJUZBYmxpY2EsT1U9Q0VSRVMsTz1GTk1ULVJDTSxDPUVTP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q7YmluYXJ5P2Jhc2U/b2JqZWN0Y2xhc3M9Y1JMRGlzdHJpYnV0aW9uUG9pbnSGK2h0dHA6Ly93d3cuY2VydC5mbm10LmVzL2NybHNhY2FwL0NSTDE5OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAJRImLcBB5vCmihD3uS0uPG+u+MepnKQ4I5xGDLmtPmKWDmK77JPDNHUrs+SHY/RhMUjYMdrumqN8zGEg9YsbMS7+2ZDrTYg4jyvTP2+NuAVG223wHAoTzxYKyTo+KAWvmd+om83vR/YYVDBpCcabGDPU1DyNeUYm/8BKzLhrd2QZ82v++SJD1p/CznwgoZufFHNiijjtDo3h1mxxuzR6WTTM7iEyBXpDyb+xnoBJ+/KmnIza0PYrs0oEfT2DilC+8a806XTfL9nz86iKPDlOSlnHYmPbqLsT79yXIZUZV35a/TZj77AWYgWOka1aEXjoeQczC9ZRgaFii7FN/tBQJ4xggGlMIIBoQIBATB+MGoxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEOMAwGA1UECwwFQ0VSRVMxEjAQBgNVBAUTCVEyODI2MDA0SjEkMCIGA1UEAwwbQUMgQWRtaW5pc3RyYWNpw7NuIFDDumJsaWNhAhAaldv0HazT/VVLebLKtv2xMAkGBSsOAwIaBQAwDQYJKoZIhvcNAQEBBQAEggEAKxwcLWLDbFBaaqhZE2PQe884oJbYUfHGsyDihWblLX1G5yNGrjD8NH934ojVOXuaHccMQUW28Z7sEEbRx7hI/5DVoKRoEggTXTd1tkHGBFpR6yDDaXiFnUV3zi1htXoV0BmoTjJTmibKUIRZGY7yPC6IuCDWtsdvgLtl3CUX7quuSsoeTJs0PNlMSiV3zXzCuDYD9EFfqTBS+Ine077tGWuKgTMTWtp/RVsGD4lnIQGx4YcRXIMT3R/CLmNoLAJMPzsLPUMCX2CkpG6gqEUDdtGYrwX8uOUfCpJdaAnZUHYSaM4pDnC6kW71M2ENg44sm7WM9l/RF9Ld3+sj66Ra7g==";
var contentInfo = new ContentInfo(
Encoding.Default.GetBytes(data));
var signedCms = new SignedCms(contentInfo, true);
signedCms.Decode(Convert.FromBase64String(signed));
var certs = new X509Certificate2Collection();
certs.Import(_validatingCertPart);
signedCms.CheckSignature(certs, true);
Assert.Pass("Verified with DotNet");
}
In this case, we also get an Invalid Signature message for exception System.Security.Cryptography.CryptographicException.
