You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
constdata=awaitDeno.readFile("./README.md");constcertificate=(awaitloadPEM("./playground/domain.pem"))[0]asCertificate;constprivateKey=(awaitloadPEM("./playground/domain-pkcs8-nocrypt.key","PRIVATE KEY"))[0]asCryptoKey;constsignedData=awaitsignData(data.buffer,certificate,privateKey);// verify sameconstok=awaitsignedData.verify({signer: 0,checkChain: true,trustedCerts: [certificate],data: data.buffer})console.log(ok);// false :(// verify external signed like this// openssl cms -sign -signer domain.pem -inkey domain-pkcs8-nocrypt.key -binary -in README.md -outform der -out signatureconstcms=ContentInfo.fromBER(awaitDeno.readFile("./playground/signature"))asContentInfo;if(cms.contentType!==ContentInfo.SIGNED_DATA)thrownewError("CMS is not Signed Data");constsignedData1=newSignedData({schema: cms.content});constok1=awaitsignedData1.verify({signer: 0,checkChain: true,trustedCerts: [certificate],data: data.buffer})console.log(ok1);// true
In the first part I sign data and then I verify it against loaded certificate and it FAILS
In the second part I load a generated signature with openssl with same certificate and private key used in the first part and the verification against the loaded certificate is OK. So, since verification method is the same in both examples, I guess my signature method has something wrong. Here is the code for signature creation
exportasyncfunctionsignData(data:ArrayBuffer,certificate: Certificate,privateKey: CryptoKey):Promise<SignedData>{constcmsSigned=newSignedData({encapContentInfo: newEncapsulatedContentInfo({eContentType: ContentInfo.DATA,//eContent: new ans1js.OctetString({ valueHex: data })}),signerInfos: [newSignerInfo({sid: newIssuerAndSerialNumber({issuer: certificate.issuer,serialNumber: certificate.serialNumber})})],certificates: [certificate]});awaitcmsSigned.sign(privateKey,0,"SHA-256",data);returncmsSigned;}
Consider the following code
In the first part I sign data and then I verify it against loaded certificate and it FAILS
In the second part I load a generated signature with openssl with same certificate and private key used in the first part and the verification against the loaded certificate is OK. So, since verification method is the same in both examples, I guess my signature method has something wrong. Here is the code for signature creation
Here is how I load certificate and key:
The text was updated successfully, but these errors were encountered: