Before commenting read Forum rules
Don't comment the topic if you have a new question.
You can create a new topic selecting correct category from Gurux Forum and then create a new topic selecting "New Topic" from the top left.
Forums
Hii,
I am trying to generate the certificate request to the meter, but getting error "Specified cast is not valid" when getting response from meter.
Please go through the log and suggest.
Best Regards,
Aoudumbar Pawar
10:08:34
TX: 7E A0 1E 00 02 BA 69 61 76 5C 95 E6 E6 00 C3 01 C1 00 40 00 00 2B 00 01 FF 05 01 16 00 AC 24 7E
10:08:34
RX: 7E A1 9C 61 00 02 BA 69 96 B6 FD E6 E7 00 C7 01 C1 00 00 09 82 01 84 30 82 01 80 30 82 01 1D A0 03 02 01 02 02 03 5E 42 0F 30 0A 06 08 2A 86 48 CE 3D 04 03 02 30 51 31 1A 30 18 06 03 55 04 03 0C 11 54 53 33 44 4C 30 42 30 37 30 32 32 30 30 30 35 39 31 17 30 15 06 03 55 04 0A 0C 0E 41 6E 61 63 6C 65 20 53 79 73 74 65 6D 73 31 0D 30 0B 06 03 55 04 07 0C 04 50 75 6E 65 31 0B 30 09 06 03 55 04 06 13 02 49 4E 30 1E 17 0D 32 31 30 32 32 36 30 35 34 35 30 35 5A 17 0D 32 32 30 32 32 36 30 35 34 35 30 35 5A 30 1B 31 19 30 17 06 03 55 04 03 0C 10 33 33 34 34 34 63 30 37 30 32 32 30 30 30 35 39 30 59 30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A 86 48 CE 3D 03 01 07 03 42 00 04 14 D6 D2 EE 50 63 8D 0C D2 9E 77 F1 38 08 68 25 E1 FF 69 87 6C 64 63 8E D4 13 53 09 BA CC 4E A1 CB 09 E0 C2 9A 8E 26 6B 32 A4 0A 0C 84 2E 4E 68 A7 BF 2F 99 4F 47 9C BA 60 69 40 6E F3 4C 62 B3 A3 1A 30 18 30 09 06 03 55 1D 13 04 02 30 00 30 0B 06 03 55 1D 0F 04 04 03 02 07 80 30 0A 06 08 2A 86 48 CE 3D 04 03 02 03 51 00 30 4E 06 08 2A 86 48 CE 3D 04 03 02 02 20 2D C5 5E E6 65 65 24 48 68 6B 2D 65 AB 38 E8 8B F2 3B C1 63 BE 48 AD 4E C6 5B 34 03 EE 63 4C D1 02 20 01 69 F3 95 01 F0 35 3C D8 8E 0C C6 B1 AF 4B 1A 5A 6C 21 B3 FE F6 6D A9 23 69 4C 4B 22 57 42 80 7A 4D 7E
Hi,
Hi,
The certificate is not an PKCS #10 certificate as DLMS expects. This certificate is in another format. You need to ask the meter manufacturer to fix it.
BR,
Mikko
Hii,
Hii,
Thanks you very much!!!
Please suggest any tool which can verify the PkCS#10 CSR generated and which shows errors in CSR generated
Best Regards,
Aoudumbar Pawar
Hii,
Hii,
Can provide sample PKCS #10 CSR in pem format?
Best Regards,
Aoudumbar Pawar
Hi,
Hi,
-----BEGIN CERTIFICATE REQUEST-----
MIIBkjCCATcCAQAwgZcxCzAJBgNVBAYTAkZJMRIwEAYDVQQIDAlQaXJrYW5tYWExEDAOBgNVBAcMB1RhbXBlcmUxEjAQBgNVBAoMCUd1cnV4IEx0ZDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxGTAXBgNVBAMMEDMxMzIzMzM0MzUzNjM3MzgxHTAbBgkqhkiG9w0BCQEWDmd1cnV4QGd1cnV4LmZpMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIPjcmb64MjHZB+Dg2RlF4gguIIrnr4n4vOwvT8uxbg6SnH5Ld0XoGgF5ee13SLlVDlMm9VAxl78TEZFW3vPdeKA9MBgGCSqGSIb3DQEJBzELDAljaGFsbGVuY2UwIQYJKoZIhvcNAQkCMRQMEkd1cnV4IEx0ZCBvcHRpb25hbDAKBggqhkjOPQQDAgNJADBGAiEA29LNUmpCR84A7vy0LjNvM27MHkeKSvHiAo70Re+U6VACIQDG3irIVw6fYBZcotTAjrB7r7X2u7ePP2uw2RASBD7B5g==
-----END CERTIFICATE REQUEST-----
BR,
Mikko
Hii,
Hii,
Thanks!!!
Now gurux gives error "Invalid Signature"
But i have verified the signature, which is valid.
Following is the log:
09:32:26
TX: 7E A0 1E 00 02 BA 69 61 54 4C 97 E6 E6 00 C3 01 C1 00 40 00 00 2B 00 01 FF 05 01 16 00 AC 24 7E
09:32:27
RX: 7E A0 F2 61 00 02 BA 69 74 B1 9A E6 E7 00 C7 01 C1 00 00 09 82 00 DA 30 82 00 D6 30 82 00 7B 02 01 00 30 1B 31 19 30 17 06 03 55 04 03 0C 10 33 33 34 34 34 63 30 37 30 32 32 30 30 30 35 39 30 59 30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A 86 48 CE 3D 03 01 07 03 42 00 04 49 98 C8 22 7C EF 5E 99 61 84 D7 E7 3F 4E AA 45 EC F3 BE C1 97 95 C8 BF D2 B9 C5 70 8D BC 98 A4 9B 8C 96 28 22 72 1D FB E8 5D C4 C3 B0 30 E6 86 86 85 86 7A 02 B0 F8 DE 60 F4 98 A4 64 1E B0 84 30 0A 06 08 2A 86 48 CE 3D 04 03 02 03 49 00 30 46 02 21 00 9C A7 2A 2D 6C 28 2B 49 54 85 9A FE B5 12 35 4B D4 97 29 F2 1D A4 6B 3D 8D AA CF BE 07 D8 69 5F 02 21 00 FD CC 5F 7F 4E 3E BB FE E0 66 D0 4B A2 F5 CE 81 A4 00 A0 09 71 A2 8F 14 38 F2 3C 15 36 CD F7 C2 CF A5 7E
Following is the signature verification process:
Data used to calculate SHA-256 (TBS Certificate info):
30 82 00 7B 02 01 00 30 1B 31 19 30 17 06 03 55 04 03 0C 10 33 33 34 34 34 63 30 37 30 32 32 30 30 30 35 39 30 59 30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A 86 48 CE 3D 03 01 07 03 42 00 04 49 98 C8 22 7C EF 5E 99 61 84 D7 E7 3F 4E AA 45 EC F3 BE C1 97 95 C8 BF D2 B9 C5 70 8D BC 98 A4 9B 8C 96 28 22 72 1D FB E8 5D C4 C3 B0 30 E6 86 86 85 86 7A 02 B0 F8 DE 60 F4 98 A4 64 1E B0 84
Result of SHA-256 of TBS info:
8B 64 60 0A 16 5E 08 27 E8 EC E8 80 BC 5B 96 BB E9 CE 74 E5 DC B1 38 F8 3D 7A B0 3C 69 06 F6 17
Inputs used to verify the signature:
1. SHA-256 above
2. Public key: (in the certificate info)
49 98 C8 22 7C EF 5E 99 61 84 D7 E7 3F 4E AA 45 EC F3 BE C1 97 95 C8 BF D2 B9 C5 70 8D BC 98 A4
9B 8C 96 28 22 72 1D FB E8 5D C4 C3 B0 30 E6 86 86 85 86 7A 02 B0 F8 DE 60 F4 98 A4 64 1E B0 84
3. Signature : (calculated over TBS cert info):
3A 6A 03 AF 7C D3 01 85 99 FF DE DB B2 A6 8E 7E C3 CD 24 1C 4A 0A 4E 0E 73 3E 6A 25 2C 4C B5 DA
86 68 00 72 EB 2D A5 89 05 EC 30 1B 0C 3E AF FD A8 41 AD 47 68 4A 27 08 01 1C 0B B1 5B 96 08 D6
Signature verification result: Valid
Also find the snap of signature verification.
Also can suggest which fields are mendatory and which fields are optional in tbscertificate.
Hi,
Hi,
The signature must sign with Sha256WithEcdsa, not SHA-256.
BR,
Mikko
Hii,
Hii,
Signature is signed with SHA256WithECDSA.
Best Regards,
Aoudumbar Pawar
Hii,
Hii,
Congratulation for got an award!!!
Able to get CSR successfully but now when click on "Generate" button gurux throws an error of "Invalid Signature", please suggest what is going wrong.
Below is the log and snap is also attached:
22:55:42
TX: 7E A0 1E 00 02 BA 69 61 54 4C 97 E6 E6 00 C3 01 C1 00 40 00 00 2B 00 01 FF 05 01 16 00 AC 24 7E
22:55:43
RX: 7E A0 ED 61 00 02 BA 69 74 8C 36 E6 E7 00 C7 01 C1 00 00 09 82 00 D5 30 81 D2 30 7B 02 01 00 30 1B 31 19 30 17 06 03 55 04 03 0C 10 33 33 34 34 34 63 30 37 30 32 32 30 30 30 35 39 30 59 30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A 86 48 CE 3D 03 01 07 03 42 00 04 1A 70 B2 F0 85 6F 05 36 AC C6 77 D2 9E EE 4C 56 4E 97 6D 30 47 61 42 42 D4 8B DB 4F 1E 08 5C 98 40 85 6D 14 3A 1A FA 30 7B 94 BE 21 B7 F8 3F F2 40 B6 AA F7 BE A6 DF 34 B8 9D 97 ED C3 F5 89 17 30 0A 06 08 2A 86 48 CE 3D 04 03 02 03 47 00 30 44 02 20 25 F6 EB B0 42 93 95 48 02 F9 14 4D 80 E8 6F 91 EB EE 4C 27 18 FF D1 47 A5 FC 53 B1 16 C3 3C A4 02 20 85 67 B7 7F 12 FA 62 6A 08 CE 62 C3 EB 65 FA 03 4E C3 90 E8 13 6C AB 05 65 07 93 F1 DD 92 E5 B9 AC 11 7E
Hii,
Hii,
When i verified CSR generated using following Link then it shows valid signature:
Link : https://redkestrel.co.uk/products/decoder/
Regards,
Aoudumbar Pawar
Hi Aoudumbar,
Hi Aoudumbar,
This is updated and we are just testing this. You can use your certificate with the next version.
It's released this week as soon as tests are over.
BR,
Mikko
Hii,
Hii,
Thanks!!!
Have you released the updated GuruxDirector?
Best Regards,
Aoudumbar Pawar
Hi,
Hi,
Not yet. Tests are still in progress. I believe that it's released at the end of this month.
BR,
Mikko
Hi,
Hi,
The new version is released where this is fixed.
BR,
Mikko
Hii,
Hii,
Thank you very much!!!:)
it works , i am getting the digital signature certificate successfully.
Best Regards,
Aoudumbar Pawar
Hii,
Hii,
Is the Gurux Root CA certificate changed?
verification of certificate signature using public key of Gurux root CA public key gets failed.
Best Regards,
Aoudumbar Pawar
Hii,
Hii,
is last released guruxdirector has digital signing APDU?
Best Regards,
Aoudumbar Pawar
Hi Aoudumbar,
Hi Aoudumbar,
Support for digital signing is not in that release.
BR,
Mikko
Hii,
Hii,
Is the Gurux Root CA certificate changed?
verification of certificate signature using public key of Gurux root CA public key gets failed.
Best Regards,
Aoudumbar Pawar
Hi Aoudumbar,
Hi Aoudumbar,
No, Are you using C# version? Can you send the failed certificate to me by email so I can check it?
BR,
Mikko
Hii,
Hii,
On which email i have to send certificate?
anyway all certificates even client certificates signature verification getting failed while import the certificate.
Below are the certificates in PEM format:
GuruX CA certificate:
-----BEGIN CERTIFICATE-----
MIIBzjCCAXugAwIBAgIDCEUPMAoGCCqGSM49BAMCME4xFDASBgNVBAMMC1Jvb3QgQ0EgMjU2MRcwFQYDVQQKDA5HdXJ1eCBTZWN1cml0eTEQMA4GA1UEBwwHVGFtcGVyZTELMAkGA1UEBhMCRkkwHhcNMjEwMTAxMDAwMDAwWhcNNDAwMTAxMDAwMDAwWjBOMRQwEgYDVQQDDAtSb290IENBIDI1NjEXMBUGA1UECgwOR3VydXggU2VjdXJpdHkxEDAOBgNVBAcMB1RhbXBlcmUxCzAJBgNVBAYTAkZJMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdCZnNDVxEFikQqjaEHchZZM1xyRtcDFcY/RH4Gyy9Teim6G1TOa2y4DJGhbwx5/UtJZwi5FAQ4cbgx3f4amIOqNIMEYwKQYDVR0OBCIEIBlGt4our0/g8DVWgsNweU7b2hIkbEY1S+QhpC17hfgdMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0EAJH7ENQOwPV0oXkav3z3+gDRL0o/ump93drcacbRXDY84L1vcag1LETxMaxylaV73MUhWWugPpuDqBFkxV2PoLQ==
-----END CERTIFICATE-----
Client Digital signature certificate:
-----BEGIN CERTIFICATE-----
MIIBfTCCARqgAwIBAgIDQEYPMAoGCCqGSM49BAMCME4xFDASBgNVBAMMC1Jvb3QgQ0EgMjU2MRcwFQYDVQQKDA5HdXJ1eCBTZWN1cml0eTEQMA4GA1UEBwwHVGFtcGVyZTELMAkGA1UEBhMCRkkwHhcNMjEwNDEzMDkzMDUwWhcNMjIwNDEzMDkzMDUwWjAbMRkwFwYDVQQDDBAzMTMyMzMzNDM1MzYzNzM4MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESQ2XkJLyPW2CWEjoqv/M4p9ckOEktKE4vH6V3Ofiq7Bys8fLeDGbeLAwHu7cmbY8wz1S4F2JxkBRklRJEIp69aMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDUQAwTgYIKoZIzj0EAwICIOcEJ7FEJkEYTKz05B4bo9eRoEQ6DKZC8+O14XYVvKvjAiD29RdBWfBbNpwYpqzmfw3Xi5AX9pYpCpvY9byjcILpMw==
-----END CERTIFICATE-----
Server Digital signature certificate:
-----BEGIN CERTIFICATE-----
MIIBfTCCARqgAwIBAgIDe0YPMAoGCCqGSM49BAMCME4xFDASBgNVBAMMC1Jvb3QgQ0EgMjU2MRcwFQYDVQQKDA5HdXJ1eCBTZWN1cml0eTEQMA4GA1UEBwwHVGFtcGVyZTELMAkGA1UEBhMCRkkwHhcNMjEwNDIyMDg0MzAzWhcNMjIwNDIyMDg0MzAyWjAbMRkwFwYDVQQDDBAzMzQ0NEMwNzAyMjAwMDU5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEReGz0y8548QdgqjETvHEx3oEPXsQAN2nJa0KeSdmJYz/xgdmVD2NDaBMIQM0sdxK9aLYphUjLLqQ0aSt/FjPqaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDUQAwTgYIKoZIzj0EAwICIDO8kWt/+xZ3/uQXNS+/CKLAmXPBFCb2C9nRDUBW9SUaAiD6KcOQ9Q73hXfKH/a6hVzNl8954X5Qjhnqd6r75nUH3Q==
-----END CERTIFICATE-----
Best Regards,
Aoudumbar Pawar
Hi Aoudumbar Pawar,
Hi Aoudumbar Pawar,
All certificates can be open and they look good. What is your GXDLMSDirector version?
What kind of error you are receiving?
BR,
Mikko
Hii,
Hii,
Thanks!!!
Version is : 8.2.2104.2101
Actually no error from the GURUX, When i import the certificate in meter while debug the meter code verification of the signature of the certificate (certificate which is signed by gurux on success response against CSR request) which is received for import from client.
are you able to verify the signature of these certificates that i had sent to you using Gurux Root CA certificates public key?
Best Regards,
Aoudumbar Pawar
Hii,
Hii,
Following is the processure of certificate signature verification (client dig. sig, certificate)
1. Extract the TBS certificate data from received certificate for import:
30 82 01 1A A0 03 02 01 02 02 03 40 46 0F 30 0A 06 08 2A 86 48 CE 3D 04 03 02 30 4E 31 14 30 12 06 03 55 04 03 0C 0B 52 6F 6F 74 20 43 41 20 32 35 36 31 17 30 15 06 03 55 04 0A 0C 0E 47 75 72 75 78 20 53 65 63 75 72 69 74 79 31 10 30 0E 06 03 55 04 07 0C 07 54 61 6D 70 65 72 65 31 0B 30 09 06 03 55 04 06 13 02 46 49 30 1E 17 0D 32 31 30 34 31 33 30 39 33 30 35 30 5A 17 0D 32 32 30 34 31 33 30 39 33 30 35 30 5A 30 1B 31 19 30 17 06 03 55 04 03 0C 10 33 31 33 32 33 33 33 34 33 35 33 36 33 37 33 38 30 59 30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A 86 48 CE 3D 03 01 07 03 42 00 04 49 0D 97 90 92 F2 3D 6D 82 58 48 E8 AA FF CC E2 9F 5C 90 E1 24 B4 A1 38 BC 7E 95 DC E7 E2 AB B0 72 B3 C7 CB 78 31 9B 78 B0 30 1E EE DC 99 B6 3C C3 3D 52 E0 5D 89 C6 40 51 92 54 49 10 8A 7A F5 A3 1A 30 18 30 09 06 03 55 1D 13 04 02 30 00 30 0B 06 03 55 1D 0F 04 04 03 02 07 80
2. Calculate the SHA-256 of TBS certificate in step 1 (resultant digest is below)
94 9D 25 12 98 C4 D6 C3 59 9E 92 2F 6F 41 64 67 B4 24 CC 4B A0 36 D0 A3 D2 08 49 5A 8A 3C 0D 1D
3. Verify the certificate signature which is at the end of the certificate
3.1 Inputs used to verify the signature of the TBS certificate
3.1.1 SHA-256 digest calculated in step 2
94 9D 25 12 98 C4 D6 C3 59 9E 92 2F 6F 41 64 67 B4 24 CC 4B A0 36 D0 A3 D2 08 49 5A 8A 3C 0D 1D
3.1.2 Signature of the certificate
E7 04 27 B1 44 26 41 18 4C AC F4 E4 1E 1B A3 D7 91 A0 44 3A 0C A6 42 F3 E3 B5 E1 76 15 BC AB E3
F6 F5 17 41 59 F0 5B 36 9C 18 A6 AC E6 7F 0D D7 8B 90 17 F6 96 29 0A 9B D8 F5 BC A3 70 82 E9 33
3.1.3 Public key of the Gurux CA certificate
74 26 67 34 35 71 10 58 A4 42 A8 DA 10 77 21 65 93 35 C7 24 6D 70 31 5C 63 F4 47 E0 6C B2 F5 37
A2 9B A1 B5 4C E6 B6 CB 80 C9 1A 16 F0 C7 9F D4 B4 96 70 8B 91 40 43 87 1B 83 1D DF E1 A9 88 3A
signature verification result : Invalid signature
Also find the snap of signature verification.
Best Regards,
Aoudumbar Pawar
Hii,
Hii,
Please help to find out whether the last comment procedure is correct or wrong.
If wrong please correct me.
Best Regards,
Aoudumbar Pawar
Hi,
Hi,
Your TBS certificate is in the wrong format. I hope this will help you.
http://www.gurux.fi/CustomCertificate
BR,
Mikko
Hii,
Hii,
As per my study TBS certificate is in correct format.
I think my procedure of signature verification of certificate using root CA public key is correct.
Please go through the following information taken from link below:
https://gist.github.com/genaromadrid/9075d315e949fb4b3760db5c36c9a8ca
### Other way to validate the certificate:
# Since the CA signed the DER format of the TBSCertificate, you can just
# verify the signature of the certificate with the public key of the root
# passing the TBSCertificate as a param
# If everything its fine you'll get a 'Verified OK' message or a 'Verification Failure' instead.
openssl dgst -sha1 -verify $root_pub_key_path -signature $sig_path $tbs_path
Notes
The TBS certificate is the body of the actual certificate; it contains all the naming and key information held in the certificate. The only information in the actual certificate that is not held in the TBS certificate is the name of the algorithm used to sign the certificate and the signature itself.
The TBS certificate is used as the input data to the signature algorithm when the certificate is signed or verified.
Best Regards,
Aoudumbar Pawar
Hii,
Hii,
When i am trying to verify the gurux digital signature certificate using gurux root ca certificate in openssl i am getting error "error in verify"
Snap is attached.
Best Regards,
Aoudumbar Pawar
Hi,
Hi,
We have found the reason for this. There is a new method GXx509Certificate.IsCertified that you can use to check is x509 certificated by the given certifier.
The new version is released today.
BR,
Mikko
Hii,
Hii,
Thanks!!!
is GXDLMSDirector released today?
I am not getting notification of updated on GXDLMSDirector still.
Best Regards,
Aoudumbar Pawar
Hi,
Hi,
You need to get a new certificate and it will start to work. There was an issue with the root certificate.
It's now fixed.
BR,
Mikko
Hii,
Hii,
can share the new root certificate.
Best Regards,
Aoudumbar Pawar
Hii,
Hii,
Got the new root certificate from link that you had provided at the time of release with suite1.
Trying to import this new certificate but guruxdirector gives error "Unable to cast object of type 'system.boolean' to type 'Gurux.DLMS.ASN1Sequence'.
Best Regards,
Aoudumbar Pawar
Hii,
Hii,
Thanks a lot!!!
I have hardcoded New Gurux Root CA public key and used for verification of the certificate and it verifies the new certificates signed by the new root CA successfully.
Best Regrads,
Aoudumbar Pawar
Hi,
Hi,
This is fixed to Gurux.DLMS.Net and it will update to GXDLMSDirector in the next release (today).
BR,
Mikko
Hii,
Hii,
Thank you!!!!
Got update and working just fine. :)
BR,
Aoudumbar Pawar
Hii,
Hii,
waiting for the release with digital signing.
Any planning of including digital signing.
Also may how may i test key agreement method in non suite mode.
BR,
AP
Hi,
Hi,
Digital signing is released after we have made few changes.
You can send key_agreement when you select the Security Setup object and press "Update Key..." Button.
Then select Key type and set new key and correct KEK. The key agreement will fail if KEK is wrong.
BR,
Mikko