received MDN error: content hash found in signed attributes different

Ed,

If the header "Content-Transfer-Encoding" is set in the signature part the signature is decoded before checked. If it is not set or set to binary no decoding should happen.

What value is used for the signatures part header "Content-Transfer-Encoding" in your message?

Regards
Heller

Here is a cut-and-paste of the MDN that creates the error message:

HTTP/1.1 100 Continue
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Subject: amazon;tpcxhub
Recipient-Address: http://localhost/ediint/ediintReceiver.jsp
AS2-To: amazon
From: tpcxhub
Message-ID: <#1190901493527mec_as2-1190901492573-7@amazon_tpcxhub>
Mime-Version: 1.0
AS2-From: tpcxhub
Content-Type: multipart/signed; boundary="----=_Part_3_6160567.1190901493527"; protocol="application/pkcs7-signature"; micalg="sha1"
Content-Length: 2400
Date: Thu, 27 Sep 2007 13:58:13 GMT
Connection: close

------=_Part_3_6160567.1190901493527

Content-Type:multipart/report; boundary="----=_1190901493495"; report-type=disposition-notification

------=_1190901493495

Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
The MDN Response Message is for:

Message-id:
From: amazon
Date received:Thu Sep 27 09:58:13 EDT 2007

------=_1190901493495
Content-Type: message/disposition-notification
Content-Transfer-Encoding: 7bit
Reporting-UA: yar-dev-726km21
Disposition: automatic-action/MDN-sent-automatically; processed

Original-Message-ID:
Original-Recipient: rfc822; tpcxhub
Final-Recipient: rfc822; tpcxhub
Received-Content-MIC: el2WY+k6tQ0YFyGy4NIocmqE08Y=, sha1

------=_1190901493495--

------=_Part_3_6160567.1190901493527

Content-Type: application/pkcs7-signature
Content-Transfer-Encoding: binary

0€ *†H†÷

 €0€

10 +

hi there,

any solution so for this problem so far?

when i send a message to my partner, everything works fine. if i receive a message from the same partner i get this error:

xxxxx Eingehende Übertragung ist eine AS2 Nachricht,
Rohdatengrösse: 4,00 KB

xxxxxx: AS2 Nachricht ist nicht verschlüsselt.

xxxxxx: AS2 Nachricht ist digital signiert.
xxxxxx: Benutze das Zertifikat "xxxx" zum Überprüfen
xxxxxx: Ausgehende MDN wurde mit dem Algorithmus "SHA1" signiert.
xxxxxx: MDN erstellt, Status auf [processed/error: authentication-failed] gesetzt.
xxxxxx:
MDN Details:
--------------
Error verifying the senders digital signature: invalid signature format in message:
content hash found in signed attributes different.
--------------

Header:
-------------------------------------------------
host = xxxx:8080
accept-encoding = deflate, gzip, x-gzip, compress, x-compress
connection = Close, TE
date = Tue, 02 Oct 2007 07:06:20 GMT
content-type = multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="1191308780075GEGXS-AS2Message"
as2-from = xxxxx
mime-version = 1.0
disposition-notification-options = signed-receipt-protocol=optional,pkcs7-signature; signed-receipt-micalg=optional,sha1
message-id =
te = trailers, deflate, gzip, compress
user-agent = RPT-HTTPClient/0.3-3I (Linux)
disposition-notification-to = http://xxxx
content-length = 4734
from = xxxx
as2-to = xxxx
as2-version = 1.1
subject = AS2 Data Message Request
--------------------------------------------------

Any ideas??

thank you

red

This has been fixed and will be available in the next release.

Regards
Heller

geschu,

thank you. We have no idea so far when to release the next version but I think it will be early next year.

Regards
Heller

Slobo,

we have released it already last week, it contains the code that should fix this problem. Are you using the build 21?

Regards
Heller

Slobo,

ok, please post a feedback if this version works fine for you. Else we will investigate the problem.

Regards
Heller

mourovaz,

I think it was a content transfer encoding problem.

Regards
Heller

pkoch,

not without more information. This error message means that the receipt server could not verify the signature of the sender in the message/mdn. This could have several reasons:

*The receiver does not use the public key of the sender to verify its signature

*The message content has been changed somehow after it has been signed (e.g. by a content transfer encoding error)

*Security package/key incompatibilities (e.g. between bouncycastle and OpenSSL)

*A bug in m-e-c as2 or the partner server

*Signature incompatibilities

Regards
Heller

Philip,

Are you sure you have set the right certificate to verify your partners signature in the partner panel (security)?

Regards
Heller

Philip,

It would be better to use portecle to import the certificate directly. .p7b indicates that this may be a PKCS #7 certificate, portecle should have no problem with it.

Regards
Heller

Philip,

OpenSSL. This is very powerful but not that easy to use because it uses command line commands.

This is the project page:

http://www.openssl.org/

This is a page that contains useful samples and hints on how to use OpenSSL:

http://www.madboa.com/geek/openssl/

Regards
Heller

Philip,

The verification process could not be debugged, it runs in an external lib (bouncycastle). The errormessage "content hash found in signed attributes different" is an error message this library provides.
But you could go ahead to see if this is a certificate issue or a m-e-c as2 issue: is it possible for you to exchange data with an other partner (signed)? Does there occure the same problem? Which vendor is the other as2 server from? Could you compare the certificate fingerprint between you and your partner? Are they the same?

Regards
Heller

Philip,

lets fix this problem per email, I think I need more information about this issue. Please contact me at sh at mendelson dot de

Regards
Heller