0

I have a problem when verifying detached signature of a file of zero length. I'm using BouncyCastle (bc-csharp).

private static bool VerifyDetachedSignature(byte[] fileRawBytes, string sign)
    {
        try
        {
            var signatureFileRawBytes = Convert.FromBase64String(sign);
            var cms = new CmsSignedData(new CmsProcessableByteArray(fileRawBytes), signatureFileRawBytes);
            var signers = cms.GetSignerInfos();

            var certificates = cms.GetCertificates("Collection");
            var signerInfos = signers.GetSigners();
            foreach (SignerInformation signer in signerInfos)
            {
                var certList = new ArrayList(certificates.GetMatches(signer.SignerID));
                var cert = (X509Certificate)certList[0];
                if (cert == null) throw new NullReferenceException();

                var publicKey = cert.GetPublicKey();

                signer.Verify(publicKey);
            }

            return true;
        }
        catch (Exception exception)
        {
            return false;
        }
    }

When I'm trying to verify signature for a file of zero-length, I'm getting exception:

Message:'message-digest attribute value does not match calculated value'
StackTrace:
at Org.BouncyCastle.Cms.SignerInformation.DoVerify(AsymmetricKeyParameter key)
at Org.BouncyCastle.Cms.SignerInformation.Verify(AsymmetricKeyParameter pubKey)
at myProject.Controllers.Controller.VerifyDetachedSignature(Byte[] fileRawBytes, String sign) ...

In other cases it works well.

Alexey2040
  • 1
  • 1
  • 1
    I wonder why you allow zero length files, those are files with no content at all. I would find logical having either files with content or not having files at all. – Cleptus Nov 26 '21 at 08:43
  • It is not my decision to make. It is that way by design of application. Any thoughts why I'm getting error? – Alexey2040 Nov 26 '21 at 10:27
  • Why such an abbreviated stacktrace? It doesn't even show the Exception that was thrown. – President James K. Polk Nov 26 '21 at 17:12
  • It is full stacktrace. Same stacktrace here: https://stackoverflow.com/questions/16662408/correct-way-to-sign-and-verify-signature-using-bouncycastle I assume the problem is that i pass empty byte array to CmsProcessableByteArray constructor, so there no copy of signed data passed to CmsSignedData. What I can't figure out is how to verify signature of empty file – Alexey2040 Nov 26 '21 at 19:19
  • *Same stacktrace...* you have a strange definition of *same*. – President James K. Polk Nov 28 '21 at 23:00

0 Answers0