I am trying to verify the signature of ENC (Electronic Navigational Charts). The files are signed with a certificate using DSA with SHA1.
The signature file for an individual ENC looks like the following
// Signature part R:
0DA3 AFDB CE55 B926 00D6 D97A ADE2 CAAF 8AD1 51C3.
// Signature part S:
1A25 7FDD B1E9 FE28 AE12 15CE 4DF8 7616 3E32 4312.
// Signature part R:
53AA DA93 CEA4 162D 01A1 BDB3 2A66 D9A7 9D4A 02F8.
// Signature part S:
7DF3 9C2C EB93 73C6 CC2C 65A1 AE7C C7D6 5BCB BFBA.
// BIG p
FCA6 82CE 8E12 CABA 26EF CCF7 110E 526D B078 B05E DECB CD1E B4A2 08F3 AE16 17AE 01F3 5B91 A47E 6DF6 3413 C5E1 2ED0 899B CD13 2ACD 50D9 9151 BDC4 3EE7 3759 2E17.
// BIG q
962E DDCC 369C BA8E BB26 0EE6 B6A1 26D9 346E 38C5.
// BIG g
6784 71B2 7A9C F44E E91A 49C5 147D B1A9 AAF2 44F0 5A43 4D64 8693 1D2D 1427 1B9E 3503 0B71 FD73 DA17 9069 B32E 2935 630E 1C20 6235 4D0D A20A 6C41 6E50 BE79 4CA4.
// BIG y
AA25 DF9E C3CA 96B7 9D01 3ED8 D572 D47C B3F3 80D0 731D EA47 B106 26BA C387 C1FA 3C33 EC55 6845 3744 76BE 5825 6E07 A74D 607F 7A5E 7B7E 3455 71D8 2110 4C8A C4BF.
The text below is an extract from the IHO S-63 spec. The full PDF linked here.
5.4.2.7 The ENC Signature File Format
The signature file must contain a signature and certificate pair. A file with just a signature is invalid as it does not certify the Data Server‟s identity. The ENC digital signature file has format, structure and order as in the following example:
The second R and S pair is used to authenticate the Data Server digital certificate (p, q, g and y strings). If verified successfully, the Data Server public key (y string) can be extracted and used to verify the digital signature (first R and S pair) of the encrypted ENC. This allows the Data Client to verify the SA digital certificate, to extract the Data Server public key, and to verify the digital signature of the ENC data.
My code as converted from the existing implementation does the following:
Initialise a new DSACryptoServiceProvider with the byte array values of p,q,g and y (spaces and trailing . removed)
Read the BIG P, Q, G and Y sections of the signature file (including headers) as a byte array and SHA1.Hash the array.
Take the byte array of the following string
var asn = string.Format("{0}{1}{2}{3}", "302E021500", rPart, "021500", sPart);
And call
dsa.VerifySignature(hashedPQGY,asn);
Suffice to say I have not managed to verify the p,q,g and y. Could somebody point me at a good source of documentation, examples or just explain what I am missing.
Thanks, Ben.
Your total length indicator is 2E, which is 46.
Is this correct? Usually I think this would be 2C or 2D.
I have some C# code at home which will do what you want.
Otherwise check this out; it shows how to produce a signature rather than verify it, but it might help.