JAdESCC : unable to verify a signature with a non base64url-encoded payload

lovele0107 / signatures-conformance-checker

7 stars 0 forks source link

JAdESCC : unable to verify a signature with a non base64url-encoded payload #33

Closed bsanchezb closed 2 years ago

bsanchezb commented 2 years ago

Hello @jccruellas ,

It seems like JAdES CC fails to build a toBeSigned data for JAdES signature signing a non base64url-encoded payload (e.g. "b64" = false). When uploading such a signature, the checker returns the following error:

Location-{CodeTest}: implicitSignedInfo-{SignatureVerificationOK}
The cryptographic verification of the digital signature value must succeed. An error has occurred while trying to cryptographically verify the signature: it has not been possible to complete the to-be-signed bytes

Could you please take a look on the problem?

Interestingly, the error does not appear for a content timestamp validation, covering the same payload (see the attached file), and JAdESCC validates it successfully.

Thank you for the help!

Best regards, Aleksandr.

nonBase64UrlPayloadSig.zip

jccruellas commented 2 years ago

Good afternoon Aleksandr, Thank you veru much indeed for the report. I will take a look between tomorrow and Wednesday and let you know my findings.

jccruellas commented 2 years ago

Good afternoon Alkesandr, I have been working on the JAdESCC and I think that I have found the problem. I have now a local copy which properly deals with your signature. However, I have not been able to deploy the new version at the portal. There are some issues with the permissions that Laurent will fix.

As soon as this is fixed, I will deploy version 0.6. Meanwhile, I attach a zip with the framework of HTML reports that my fixed local version has generated 20220614_Nowina_ClearTextDigSigCryptoVerificationFailure.zip .

jccruellas commented 2 years ago

Good night Aleksandr, I have eventually managed to deploy version 0.6 of JAdESCC, which solves the issue that you reported. Now JAdESCC does not report any error for your signature. Once you confirm this issue, I should close the issue. Could you please take a look to the release notes and confirm whether you see there Notes of release 0.6? I

Regards Juan Carlos

bsanchezb commented 2 years ago

Hi @jccruellas ,

Yes, it seems updated to the version 0.6 and works perfectly with regards to the signature in question!

Thank you so much! I will close the issue.

Kind regards, Aleksandr.