Verify pkcs7 signatures 
Author Message
 Verify pkcs7 signatures

In order to address some perceived "interop" issues with verification
of CMS/pkcs #7 signature data, here is a wsh/vbs command line script
"VerifyAll.vbs" that can verify most types of pkcs #7 signature files:
      http://www.*-*-*.com/ ~neutron/wsh/  (first sample)
Requires CAPICOM 2 and, for reading binary files, MDAC 2.5

The script can verify:
  - signatures with detached or included content
  - base64 or binary encoded DER file formats
  - UNICODE-encoded string or ASCII-encoded string data
  - pure binary files

This should include most types of pkcs #7 signatures, including the
Netscape 4.x crypto.signText()  Formsigning script data (which I have
tested). The script can be easily modified for use with asp, aspx etc..

The related *signing* script is at:
    http://www.*-*-*.com/ ~neutron/wsh/capicom/signing/SignDetBinary.vbs

- Mitch Gallant



Thu, 16 Dec 2004 23:28:54 GMT  
 Verify pkcs7 signatures
Too funny.  I couldn't remember your URL and was just coming over to
look for a post of yours.

--
Please respond in the newsgroup.  I've still got unread email from the
week Win95 was released, if that tells you anything.
http://www.bittnet.com/winremote
http://www.bittnet.com/scripting


Quote:
> In order to address some perceived "interop" issues with verification
> of CMS/pkcs #7 signature data, here is a wsh/vbs command line script
> "VerifyAll.vbs" that can verify most types of pkcs #7 signature files:
>      http://home.istar.ca/~neutron/wsh/  (first sample)
> Requires CAPICOM 2 and, for reading binary files, MDAC 2.5

> The script can verify:
>   - signatures with detached or included content
>   - base64 or binary encoded DER file formats
>   - UNICODE-encoded string or ASCII-encoded string data
>   - pure binary files

> This should include most types of pkcs #7 signatures, including the
> Netscape 4.x crypto.signText()  Formsigning script data (which I have
> tested). The script can be easily modified for use with asp, aspx
etc..

> The related *signing* script is at:
>    http://home.istar.ca/~neutron/wsh/capicom/signing/SignDetBinary.vbs

> - Mitch Gallant



Thu, 16 Dec 2004 23:56:24 GMT  
 Verify pkcs7 signatures
On a related topic, Mitch, I did VBScript conversions of the script
policy settings from your Trust Policy Editor HTA... below:

Function ScriptTrustPolicy
 ' Returns Script Trust Policy Setting
 ' legitimate values are currently (WSH 5.6)
 ' 0, 1, 2
 ' Returns empty value if not found
 ' based on Mitch Gallant's Trust Policy Editor
 Dim sValueName, Sh
 On Error Resume Next
 sValueName = "HKLM\SOFTWARE\Microsoft\" _
 & "Windows Script Host\Settings\TrustPolicy"
 Set Sh = CreateObject("WScript.Shell")
 ScriptTrustPolicy = Sh.RegRead(sValueName)
 If Err.Num<>0 Then Err.Clear:On Error Goto 0
End Function

Function SetScriptTrustPolicy(iLevel)
 ' Attempts to set a script trust policy.
 ' Returns true if no errors during set attempt
 ' legitimate values are currently (WSH 5.6)
 ' 0, 1, 2
 ' based on Mitch Gallant's Trust Policy Editor
 On Error Resume Next
 SetScriptTrustPolicy = False
 i = CInt(iLevel)
 If (i<0) OR (i>2) Then Exit Function
 sValueName = "HKLM\SOFTWARE\Microsoft\" _
 & "Windows Script Host\Settings\TrustPolicy"
 Set Sh = CreateObject("WScript.Shell")
 Sh.RegWrite sValueName, i, "REG_DWORD"
 iCheck = Sh.RegRead(sValueName)
 If (Err.Number = 0) AND (iCheck = i) Then
  ' It worked correctly
  SetScriptTrustPolicy = True
 Else Err.Clear
 End If
 On Error Goto 0
End Function

--
Please respond in the newsgroup.  I've still got unread email from the
week Win95 was released, if that tells you anything.
http://www.bittnet.com/winremote
http://www.bittnet.com/scripting


Quote:
> In order to address some perceived "interop" issues with verification
> of CMS/pkcs #7 signature data, here is a wsh/vbs command line script
> "VerifyAll.vbs" that can verify most types of pkcs #7 signature files:
>      http://home.istar.ca/~neutron/wsh/  (first sample)
> Requires CAPICOM 2 and, for reading binary files, MDAC 2.5

> The script can verify:
>   - signatures with detached or included content
>   - base64 or binary encoded DER file formats
>   - UNICODE-encoded string or ASCII-encoded string data
>   - pure binary files

> This should include most types of pkcs #7 signatures, including the
> Netscape 4.x crypto.signText()  Formsigning script data (which I have
> tested). The script can be easily modified for use with asp, aspx
etc..

> The related *signing* script is at:
>    http://home.istar.ca/~neutron/wsh/capicom/signing/SignDetBinary.vbs

> - Mitch Gallant



Fri, 17 Dec 2004 01:03:24 GMT  
 Verify pkcs7 signatures
Thanks Alex. Also of interest, and related to the WinXP Note in this page:
   http://home.istar.ca/~neutron/wsh/signascript/regsec.html
G. Born, in his recent German Title has build on this hta, with inclusion
of a test for XP and that reg. setting.
Cheers,
 - Mitch


Quote:
> On a related topic, Mitch, I did VBScript conversions of the script
> policy settings from your Trust Policy Editor HTA... below:

> Function ScriptTrustPolicy
>  ' Returns Script Trust Policy Setting
>  ' legitimate values are currently (WSH 5.6)
>  ' 0, 1, 2
>  ' Returns empty value if not found
>  ' based on Mitch Gallant's Trust Policy Editor
>  Dim sValueName, Sh
>  On Error Resume Next
>  sValueName = "HKLM\SOFTWARE\Microsoft\" _
>  & "Windows Script Host\Settings\TrustPolicy"
>  Set Sh = CreateObject("WScript.Shell")
>  ScriptTrustPolicy = Sh.RegRead(sValueName)
>  If Err.Num<>0 Then Err.Clear:On Error Goto 0
> End Function

> Function SetScriptTrustPolicy(iLevel)
>  ' Attempts to set a script trust policy.
>  ' Returns true if no errors during set attempt
>  ' legitimate values are currently (WSH 5.6)
>  ' 0, 1, 2
>  ' based on Mitch Gallant's Trust Policy Editor
>  On Error Resume Next
>  SetScriptTrustPolicy = False
>  i = CInt(iLevel)
>  If (i<0) OR (i>2) Then Exit Function
>  sValueName = "HKLM\SOFTWARE\Microsoft\" _
>  & "Windows Script Host\Settings\TrustPolicy"
>  Set Sh = CreateObject("WScript.Shell")
>  Sh.RegWrite sValueName, i, "REG_DWORD"
>  iCheck = Sh.RegRead(sValueName)
>  If (Err.Number = 0) AND (iCheck = i) Then
>   ' It worked correctly
>   SetScriptTrustPolicy = True
>  Else Err.Clear
>  End If
>  On Error Goto 0
> End Function

> --
> Please respond in the newsgroup.  I've still got unread email from the
> week Win95 was released, if that tells you anything.
> http://www.bittnet.com/winremote
> http://www.bittnet.com/scripting



> > In order to address some perceived "interop" issues with verification
> > of CMS/pkcs #7 signature data, here is a wsh/vbs command line script
> > "VerifyAll.vbs" that can verify most types of pkcs #7 signature files:
> >      http://home.istar.ca/~neutron/wsh/  (first sample)
> > Requires CAPICOM 2 and, for reading binary files, MDAC 2.5

> > The script can verify:
> >   - signatures with detached or included content
> >   - base64 or binary encoded DER file formats
> >   - UNICODE-encoded string or ASCII-encoded string data
> >   - pure binary files

> > This should include most types of pkcs #7 signatures, including the
> > Netscape 4.x crypto.signText()  Formsigning script data (which I have
> > tested). The script can be easily modified for use with asp, aspx
> etc..

> > The related *signing* script is at:
> >    http://home.istar.ca/~neutron/wsh/capicom/signing/SignDetBinary.vbs

> > - Mitch Gallant



Fri, 17 Dec 2004 01:35:31 GMT  
 
 [ 4 post ] 

 Relevant Pages 

1. I have a problem : registry base and outlook signature

2. digital signatures in IE

3. no &^$(*%% signature

4. Check Signatures

5. Automatic generation of signature-file

6. Signatures in Outlook

7. PB : registry base and outlook signature

8. Outlook 2002 - Signatures

9. Digital Signature in MS Outlook 98 forms

10. MSINET.OCX & Digital Signatures (ATT: M. HARRIS)

11. Digital signature in user's forms

12. Color info in a Signature file?

 

 
Powered by phpBB® Forum Software