Before commenting read Forum rules
Don't comment the topic if you have a new question.
You can create a new topic selecting correct category from Gurux Forum and then create a new topic selecting "New Topic" from the top left.
Forums
Dear Sir,
Not able to verify the signature of the data of digital signing APDU.
Settings: Suite : suite1 , Security : Authentication Encryption, Signing : General Signing
Following the request:
7E A0 87 00 02 BA 69 41 32 A2 C0 E6 E6 00 DF 00 08 31 32 33 34 35 36 37 38 08 44 4C 31 45 23 45 67 89 00 00 20 C8 1E 31 00 00 C3 51 CE 61 37 12 FC 50 93 4A 36 9C 4F 5C 13 82 A9 3E AA 73 76 B0 FE B9 C3 FE 0E 40 06 C9 C6 7B BC 4D 06 25 0D 02 96 61 7C 4B 06 80 D0 4D F5 82 78 A0 7F 18 D5 46 0C E3 56 AD 8E B7 A3 61 25 6B 7B B5 87 FF C6 3B 2A BB 7F 44 30 26 B9 E5 8B A3 E8 7B 64 53 6C A4 C0 1E C3 08 3F 65 EC BA 7E
Plane Text : C0 01 C1 00 40 00 00 2B 00 01 FF 02 00
Auth Tag : 82 A9 3E AA 73 76 B0 FE B9 C3 FE 0E
May i know which data is used for calculating the signature from above frame.
BR,
AP
Also may i know whether gurux
Also may i know whether gurux works as a Client or Third Part or as both and how i set gurux to work as a client and not a third party.
Dear Sir,
Dear Sir,
Sorry for bothering you!!!
Also from the request of General signing generated by gurux i understand that:
1. It follows the general signing APDU structure.
2. first encryption is applied to the plane text then Digital signature is applied
but as per the green book "If both ciphering and digital signature is applied by the same party for the same party, then normally the digital signature is applied first"
also attached the snippet. also how it is decided that which type of APDU is to be used.
BR,
AP
Hi,
Hi,
Gurux client is working as a Client. There is no Third Party who will sign the messages. The client will do it.
"If both ciphering and digital signature is applied by the same party for the same party, then normally the digital signature is applied first"
You are right about this. Our clients are reading DLMS meters with general signing and those meters are adding digital signature last. I asked this from DLMS UA from this some time ago and I received an answer that NORMALLY the digital signature is applied first.
This is implemented in the same way as our clients have done it.
This makes it possible to remove digital signing and sign the message again without knowing block cipher or authentication keys. This can be used when 3rd party signing is used.
BR,
Mikko
Dear Sir,
Dear Sir,
Thanks!!!
What inputs are used for signature calculation in general signing?
Means which data used whether it is plain text DLMS APDU or Encrypted APDU with lenght and Authentication tag.
Also i have another client which uses service specific glo ciphering APDU which encapsulating general signing APDU, for reference please go through the snap which confused me that which APDU is correct.
BR,
AP
BR,
AP
Hi,
Hi,
You will sign DLMS APDU. It doesn't matter if it's encrypted or not.
DLMS standard allows both. :-(
Gurux libraries are using the option where the digital signature is coming last at the moment. It might be that support for an option where a digital signature is applied before ciphering is added later.
BR,
Mikko