content hash found in signed attributes different

Dexray · April 9th, 2008, 11:55 AM

I have a Problem verifying an Email Signature with BC. Both, Thunderbird and Outlook said that this Email is valid, but BC doesn't.
I am using the SignedMailValidator class.

The Error that occours is :

org.bouncycastle.cms.CM****ception: invalid signature format in message: content hash found in signed attributes different
.....
Caused by: java.security.SignatureException: content hash found in signed attributes different

The Email Content :

MIME-Version: 1.0
Content-Type: multipart/signed;
 protocol="application/x-pkcs7-signature";
 micalg=sha1;
 boundary="----F439FEDC23FA084281EC7880F017B061"
X-CheckCompat: OK
Content-class: urn:content-classes:message
Subject: XXXXXX.txt
Date: Wed, 9 Apr 2008 10:24:17 +0200
Message-ID: <XXXXXXX>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: XXXXXX.txt
Thread-Index: AciaG2tUJ9bAYyY8TAeFf/Nmys4P7w==
From: <[email protected]>
To: <[email protected]>

This is an S/MIME signed message

------F439FEDC23FA084281EC7880F017B061
Content-Type: multipart/mixed;
boundary="------------=_NextPart_000_000_000"

--------------=_NextPart_000_000_000
Content-Type: multipart/alternative;
boundary="------alternative_boundary"

--------alternative_boundary
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

In Beantwortung Ihrer Datei XXXXXX.txt' lieferte der
AKTIF-EDI-Service folgende Ergebnisse:

--------------------------------------------------------------------------=
--------
Dateiname gepackt verschl. Kommentar/Signaturdat=
ei
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
XXXXXX... not not
--------------------------------------------------------------------------=
--------

In response of your processed file XXXXXX=
XXXXXX.txt' the
AKTIF-EDI-Service sent to you the following results:

--------------------------------------------------------------------------=
--------
filename compressed encrypted comment/sigfile
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
CONTRL__9904144000002_9900496... not not
--------------------------------------------------------------------------=
--------

--
autogenerated email by AKTIF EDI Service (aedic.sm).
Please do not respond to this emailaddress.

--------alternative_boundary
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html><head><title>processed file</title></head>
<body bgcolor=3D"#ffffff">

AKTIF EDI-Service: Konvertierte Datei/converted file 'CONTRL__9=
904144000002_9900496000005_20080409_141316.txt'
 

<table cellpadding=3D"3" border=3D"0" align=3D"center">
<tr bgcolor=3D"#330866">
<td valign=3D"top">Datei 
fil=
e</td>
<td valign=3D"top">Komprimierung 
com=
pression</td>
<td valign=3D"top">Verschl=FCsselung 
enc=
ryption</td>
<td valign=3D"top">Signaturdatei/Kommentar 
sig=
naturefile/comment
</td></tr>
<tr align=3D"center">
<td>CONTRL__9904144000002_9900496000005_20080409_1 41316.txt</td>
<td>keine/none</td>
<td>keine/none</td>
<td> </td>
</tr>
</tr></table>
 

--  autogenerated email by <a href=3D"XXXXX=
om">XXXX</a>-EDIService (aedic.sm).
Please do not respond to this emailaddress.
</body></html>

--------alternative_boundary--
--------------=_NextPart_000_000_000
Content-Type: application/octet-stream;
name="XXXXXXX.txt"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="XXXXXXX.txt"

UNA:+.? 'UNB+UNOC:3+XXXXXX:500+XXXXXX:XXXXXX+XXXXXX:XXXXXX +XXXXXX=
UNH+XXXXXX+XXXXXX:D:3:UN:XXXXXX'UCI+XXXXXX+XXXXXX: XXXXXX+XXXXXX=
XXXXXX:XXXXXX+8'UNT+XXXXXX+XXXXXX+XXXXXX+XXXXXX
--------------=_NextPart_000_000_000--

------F439FEDC23FA084281EC7880F017B061
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

IIHSwYJKoZIhvcNAQcCoIIHPDCCBzgCAQExCzAJBgUrDgMCGgU AMAsGCSqGSIb3
....
(Signature)
....
kMNr5ZWzKce1iM15GhsKUViiuTBhhK2LQolwB9gnKkBMwbF9bL PuMXNvallydtM=

------F439FEDC23FA084281EC7880F017B061--

dgh · April 9th, 2008, 03:49 PM

The exception indicates that BC thinks the message has been tampered with - the signature block is most likely valid but the contents hash does not agree. The first thing you need to verify is that all the verifies are seeing the same message. If it still won't work I'd suggest taking it to [email protected] make sure you include information as to which versions of BC and JavaMail you are using - quote-printable in JavaMail is a little odd. If you post a sample mail message include it as an attachment.

Regards,

David