[openssl-users] PKCS7->signerInfo->encryptedDigest not type X509_SIG

Jakob Bohm jb-openssl at wisemo.com
Mon Sep 14 19:01:49 UTC 2015

On 14/09/2015 17:40, Michael Heide wrote:
> Am Mon, 14 Sep 2015 16:39:15 +0200 schrieb Jakob Bohm <jb-openssl at wisemo.com>:
>> Where can I see the actual file (Not the virustotal
>> description of the signature), I would need to look
>> at the actual details to make sense of this.
> I think you have to use some kind of a subscription and use their APIs to access their database.
> I've searched the web and found:
> http://admdownload.adobe.com/bin/live/flashplayer18ax_ha_install.exe
> (md5: 0c6b5474223a4b5bf90a46844ed865db)
> Seems to be a file with the same criteria here.
That one is a big surprise to me.

It seems that as late as in August 17 2015 (4 weeks ago),
Symantec/Verisign issued a timestamp signature, whose
"EncryptedDigest"was made on the following non-standard

00|01|FF...|00|00 87 34 69 20 D5 4C 68 F4 B1 30 6DEA 3E 40 CC B7 71 AC 1D

The first parts (00|01|FF...|00) form the PKCS#1 padding
for a PCS#1 v1.x signature.

But the last part is a 20 byte string that doesn't seem to
match anything permitted by PKCS#1 v1.5 (or v2.1).  I also
note that the SignerInfo specifies "version 1" (aka PKCS#7
v1.5), so I don't think this could be the elusive PKCS#7
v1.4 signature format.

It might hypothetically be an SHA1 SUM, but the initial 00
byte looks strange.

I am struggling a bit with trying to figure out what bytes
are covered by the hash value, so far I have failed to
manually extract a relevant subset of of the message, but I
may have made some basic mistake since I usually don't do
this by hand.

Well, the good news is that at least the PKCS#1 padding is
still there, which makes it a lot less vulnerable than what
your e-mails made me think.

> ...
>> And this file is very new (July 2015), are you sure
>> it uses the nonstandard EncryptedDigest calculation?
> No, I'm not. Maybe I'm doing something wrong. I don't know.
It seems not, now I really wonder what is going on.


Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150914/39ab954b/attachment-0001.html>

More information about the openssl-users mailing list