Failed to verify Authenticode signature on DLL msxmlsql.dll

Hello, I got this error message. The server is experiencing issue of service broker suddenly stopping, so we are ruling out all errors at this point. Server is setup with HADR.
Win Server 2008 R2 Ent SP1
SQL 2012 11.0.3349 Ent
Log Name: Application
Source: MSSQL$SQL01
Date: 4/18/2013 7:17:26 AM
Event ID: 33081
Task Category: Server
Level: Information
Keywords: Classic
User: N/A
Computer: SQL01.xxxxxx.xxx
Description:
Failed to verify Authenticode signature on DLL 'C:\Program Files\Microsoft SQL Server\MSSQL11.SQL01\MSSQL\Binn\msxmlsql.dll'.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
 <Provider Name="MSSQL$SQL01" />
 <EventID Qualifiers="16384">33081</EventID>
 <Level>4</Level>
 <Task>2</Task>
 <Keywords>0x80000000000000</Keywords>
 <TimeCreated SystemTime="2013-04-18T11:17:26.000000000Z" />
 <EventRecordID>28935</EventRecordID>
 <Channel>Application</Channel>
 <Computer>SQL01.xxxxxx.xxx</Computer>
 <Security />
</System>
<EventData>
 <Data>C:\Program Files\Microsoft SQL Server\MSSQL11.SQL01\MSSQL\Binn\msxmlsql.dll</Data>
 <Binary>398100000A0000000F000000500052004F004400530051004C0031005C0043004F00530051004C000000040000004F006E0065000000</Binary>
</EventData>
</Event>
Thanks.

Hi ASR,
Have you found C:\Program Files\Microsoft SQL Server\MSSQL11.SQL01\MSSQL\Binn\msxmlsql.dll? I think msxmlsql.dll is in the C:\Program Files\Microsoft SQL Server\110\Shared. Please check it. You could try to Copying msxmlsql.dll to the Binn folder to see
if it would be OK.
Or you could try to repair the SQL Server through SQL Server Installation Center.
Thanks.
If you have any feedback on our support, please click
here.
Maggie Luo
TechNet Community Support

Similar Messages

Acrobat 9,10 failing to validate digital signature while Acrobat 8 validating it.

I am facing an issue while validating a digital signature. I applied a certified signature with “Annotation, form fill-in, and digital signatures” but
when I apply Redaction “find and permanently remove” on a digitally signed document, Adobe Acrobat 9 and 10 complains that signature is Invalid But Adobe 8 is validating it. I have analyzed that Adobe Acrobat applying Redaction in append mode and original content of signature remains unchanged after Redaction.
Can someone let me know what should be the actual behavior?
Why Adobe Acrobat 9 and 10 failing to verify the signature even Adobe Acrobat keep enable Redaction which means it is allow to apply in a certified signed document with “Annotation, form fill-in, and digital signatures” option.
Prompt responses are greatly appreciated!!

When you sign, you should see where you can select the signature appearance name from a dropdown in the dialog.

Couldn't verify 'C:\Windows\ccmsetup\ccmsetup.cab' authenticode signature. Return code 0x80096001 - SCCM 2012 R2 Client Deployment

Hi All,
I installed SCCM 2012 R2 one primary site from one of our customer & using SQL 2012 SP1 DB at the back-end.
Facing Issues while deploying agent from one of our client machine - OS - window 7 Professional Sp1:
==========[ ccmsetup started in process 3828 ]==========
ccmsetup 25-02-2014 02:20:37 PM
284 (0x011C)
Running on platform X86 ccmsetup
25-02-2014 02:20:37 PM 284 (0x011C)
Updated security on object C:\Windows\ccmsetup\cache\.
ccmsetup 25-02-2014 02:20:37 PM
284 (0x011C)
Launch from folder C:\Windows\ccmsetup\ ccmsetup
25-02-2014 02:20:37 PM 284 (0x011C)
CcmSetup version: 5.0.7958.1000 ccmsetup
25-02-2014 02:20:37 PM 284 (0x011C)
Successfully started the ccmsetup service ccmsetup
25-02-2014 02:20:37 PM 332 (0x014C)
In ServiceMain ccmsetup
25-02-2014 02:20:37 PM 1480 (0x05C8)
Folder 'Microsoft\Configuration Manager' not found. Task does not exist.
ccmsetup 25-02-2014 02:20:37 PM
332 (0x014C)
CcmSetup is exiting with return code 0 ccmsetup
25-02-2014 02:20:37 PM 332 (0x014C)
Running on 'Microsoft Windows 7 Professional ' (6.1.7601). Service Pack (1.0). SuiteMask = 272. Product Type = 18
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
Ccmsetup command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice "/config:C:\Windows\ccmsetup\MobileClientUnicode.tcf" "/RetryWinTask:1"
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
Command line parameters for ccmsetup have been specified. No registry lookup for command line parameters is required.
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
Command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice "/config:C:\Windows\ccmsetup\MobileClientUnicode.tcf" "/RetryWinTask:1"
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
SslState value: 224 ccmsetup
25-02-2014 02:20:37 PM 1480 (0x05C8)
CCMHTTPPORT: 80 ccmsetup
25-02-2014 02:20:37 PM 1480 (0x05C8)
CCMHTTPSPORT: 443 ccmsetup
25-02-2014 02:20:37 PM 1480 (0x05C8)
CCMHTTPSSTATE: 480 ccmsetup
25-02-2014 02:20:37 PM 1480 (0x05C8)
CCMHTTPSCERTNAME: ccmsetup
25-02-2014 02:20:37 PM 1480 (0x05C8)
FSP: SCCM.MYDOMAIN.COM ccmsetup
25-02-2014 02:20:37 PM 1480 (0x05C8)
CCMCERTISSUERS: CN=MYDOMAIN-CA-CA; DC=MYDOMAIN; DC=COM
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
CCMFIRSTCERT: 1 ccmsetup
25-02-2014 02:20:37 PM 1480 (0x05C8)
Config file: C:\Windows\ccmsetup\MobileClientUnicode.tcf
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
Retry time: 10 minute(s)
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
MSI log file: C:\Windows\ccmsetup\Logs\client.msi.log
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
MSI properties: INSTALL="ALL" SMSSITECODE="PRI" CCMHTTPPORT="80" CCMHTTPSPORT="443" CCMHTTPSSTATE="480" FSP="SCCM.MYDOMAIN.COM" CCMCERTISSUERS="CN=MYDOMAIN-CA-CA; DC=MYDOMAIN; DC=COM"
CCMFIRSTCERT="1" ccmsetup
25-02-2014 02:20:37 PM 1480 (0x05C8)
Source List: ccmsetup
25-02-2014 02:20:37 PM 1480 (0x05C8)
\\SCCM.MYDOMAIN.COM\SMSClient
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
\\SCCMDMZ.MYDOMAIN.COM\SMSClient
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
\\SCCM.MYDOMAIN.COM\SMSClient
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
\\SCCMDMZ.MYDOMAIN.COM\SMSClient
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
MPs: ccmsetup
25-02-2014 02:20:37 PM 1480 (0x05C8)
SCCM.MYDOMAIN.COM
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
No version of the client is currently detected.
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
Folder 'Microsoft\Configuration Manager' not found. Task does not exist.
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
Attempting #1 retry. Max 5 retries. ccmsetup
25-02-2014 02:20:37 PM 1480 (0x05C8)
Updated security on object C:\Windows\ccmsetup\.
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
Sending Fallback Status Point message to 'SCCM.MYDOMAIN.COM', STATEID='100'.
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
Failed to get client version for sending messages to FSP. Error 0x8004100e
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
Params to send FSP message '5.0.7958.1000 Deployment '
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
Request failed: 500 Internal Server Error
FSPStateMessage
25-02-2014 02:20:37 PM 1480 (0x05C8)
Running as user "SYSTEM" ccmsetup
25-02-2014 02:20:37 PM 1480 (0x05C8)
Detected 69650 MB free disk space on system drive.
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
Checking Write Filter Status. ccmsetup
25-02-2014 02:20:37 PM 1480 (0x05C8)
This is not a supported write filter device. We are not in a write filter maintenance mode.
ccmsetup 25-02-2014 02:20:37 PM
1480 (0x05C8)
Performing AD query: '(&(ObjectCategory=mSSMSManagementPoint)(mSSMSDefaultMP=TRUE)(mSSMSSiteCode=PRI))'
ccmsetup 25-02-2014 02:20:38 PM
1480 (0x05C8)
OperationalXml '<ClientOperationalSettings><Version>5.00.7958.1000</Version><SecurityConfiguration><SecurityModeMask>0</SecurityModeMask><SecurityModeMaskEx>448</SecurityModeMaskEx><HTTPPort>80</HTTPPort><HTTPSPort>443</HTTPSPort><CertificateStoreName></CertificateStoreName><CertificateIssuers>CN=MYDOMAIN-CA-CA;
DC=MYDOMAIN; DC=COM</CertificateIssuers><CertificateSelectionCriteria></CertificateSelectionCriteria><CertificateSelectFirstFlag>1</CertificateSelectFirstFlag><SiteSigningCert>308202F2308201DAA00302010202105F02416299E5D1BC44A2DBB2F1CFDE39300D06092A864886F70D01010B05003016311430120603550403130B53697465205365727665723020170D3134303130363037333732365A180F32313133313231343037333732365A3016311430120603550403130B536974652053657276657230820122300D06092A864886F70D01010105000382010F003082010A0282010100B82EF14C5EEB69D726A3E24B3A2248ACC67667E2D4A4021792169437C5C2A03A35649F0FA3D01DC7FF3BB8668C30662B322A73562FA54EE19DF6A0533EBE895F0CA833E375CA2B8298C59C2372B05A61AF1F41360ED700508678AE2A4321F99DCE7C42139E9690009017A69568D59D2480E45EE724EF902757B66ACE24A8C1705B6628863F7C6DD9140B466F36FCB8FA891AF9F01BC1C94093EDE814D711ACB13F7067F69AD970DAF03AA58E1E5C943582B4B5D0B49BB99E7C1E51D76661BE0A4DEBA2FDF6121C7211A33E8E3092F9CFBECCD0EB9BDE2E1E83EB98F57DD905226B1693D1EEFDE826593D5538902C5292B119303CA02D41B11E762BCC1AF118630203010001A33A303830200603551D110419301782155343434D2E68656C70616765696E6469612E6F726730140603551D25040D300B06092B060104018237650B300D06092A864886F70D01010B05000382010100839328B4017E3317BD05E6D35022AFC1C0AA91E7B1EA838143B257BDAF9780B3C582547891FE4361E5D789B269C4E49CFDAA2E38E85AE7252980F392EC7378F482001909E92F752A6292AFF0FE9E9634B915A70CF3E5DECE35B272630B6CAF5A73FFF4928F847B63A35DF05E2B41F05AAD7C436B166AF6C157789FAA084BB5A38E0592F65F5C6D29588DF6B79B6A51AB6D6D2985FDB346FA88FDD36EE0DAF53603F2036371F7D6866F49A96AB9BE3ED757743033C7C3F97FDF772F699F38DB52775BD0B0090381F89B3D8AD2A49DC653991BCE031517F6BA61FCED45E23139CA01E32F61E865DBA2F5FF0E30403BFC7FEDE1892EE890B765C38FE2F06448FC58</SiteSigningCert></SecurityConfiguration><RootSiteCode>PRI</RootSiteCode><CCM>
<CommandLine>SMSSITECODE=PRI</CommandLine> </CCM><FSP> <FSPServer>SCCM.MYDOMAIN.COM</FSPServer> </FSP><Capabilities SchemaVersion ="1.0"><Property Name="SSLState" Value="0" /></Capabilities><Domain
Value="MYDOMAIN.COM" /><Forest Value="MYDOMAIN.COM" /></ClientOperationalSettings>'
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Unable to open Registry key Software\Microsoft\CCM. Return Code [80070002]. Client HTTPS state is Unknown.
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
The MP name retrieved is 'SCCM.MYDOMAIN.COM' with version '7958' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>'
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
MP 'SCCM.MYDOMAIN.COM' is compatible ccmsetup
25-02-2014 02:20:39 PM 1480 (0x05C8)
Retrieved 1 MP records from AD for site 'PRI'
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Retrived site version '5.00.7958.1000' from AD for site 'PRI'
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
SiteCode: PRI ccmsetup
25-02-2014 02:20:39 PM 1480 (0x05C8)
SiteVersion: 5.00.7958.1000
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Ccmsetup is being restarted due to an administrative action. Installation files will be reset and downloaded again.
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Only one MP SCCM.MYDOMAIN.COM is specified. Use it.
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Searching for DP locations from MP(s)... ccmsetup
25-02-2014 02:20:39 PM 1480 (0x05C8)
Current AD site of machine is Default-First-Site
LocationServices 25-02-2014 02:20:39 PM
1480 (0x05C8)
Local Machine is joined to an AD domain LocationServices
25-02-2014 02:20:39 PM 1480 (0x05C8)
Current AD forest name is MYDOMAIN.COM, domain name is MYDOMAIN.COM
LocationServices 25-02-2014 02:20:39 PM
1480 (0x05C8)
DhcpGetOriginalSubnetMask entry point is supported.
LocationServices 25-02-2014 02:20:39 PM
1480 (0x05C8)
Begin checking Alternate Network Configuration
LocationServices 25-02-2014 02:20:39 PM
1480 (0x05C8)
Finished checking Alternate Network Configuration
LocationServices 25-02-2014 02:20:39 PM
1480 (0x05C8)
Adapter {95A6D3CE-4F28-4E55-A29A-FF3F1A317C61} is DHCP enabled. Checking quarantine status.
LocationServices 25-02-2014 02:20:39 PM
1480 (0x05C8)
Adapter {6024AB68-EB5E-4370-BD9E-8B2CEFE261A8} is DHCP enabled. Checking quarantine status.
LocationServices 25-02-2014 02:20:39 PM
1480 (0x05C8)
Sending message body '<ContentLocationRequest SchemaVersion="1.00">
<AssignedSite SiteCode="PRI"/>
<ClientPackage/>
<ClientLocationInfo LocationType="SMSPACKAGE" DistributeOnDemand="0" UseProtected="0" AllowCaching="0" BranchDPFlags="0" AllowHTTP="1" AllowSMB="0" AllowMulticast="0"
UseInternetDP="0">
<ADSite Name="Default-First-Site"/>
<Forest Name="MYDOMAIN.COM"/>
<Domain Name="MYDOMAIN.COM"/>
<IPAddresses>
<IPAddress SubnetAddress="10.0.0.0" Address="10.10.10.192"/>
</IPAddresses>
</ClientLocationInfo>
</ContentLocationRequest>
' ccmsetup
25-02-2014 02:20:39 PM 1480 (0x05C8)
Sending message header '<Msg SchemaVersion="1.1"><ID>{F6331322-941A-4E44-974F-A755B1B016A4}</ID><SourceHost>POOJASETHI</SourceHost><TargetAddress>mp:[http]MP_LocationManager</TargetAddress><ReplyTo>direct:POOJASETHI:LS_ReplyLocations</ReplyTo><Priority>3</Priority><Timeout>600</Timeout><ReqVersion>5931</ReqVersion><TargetHost>SCCM.MYDOMAIN.COM</TargetHost><TargetEndpoint>MP_LocationManager</TargetEndpoint><ReplyMode>Sync</ReplyMode><Protocol>http</Protocol><SentTime>2014-02-25T08:50:39Z</SentTime><Body
Type="ByteRange" Offset="0" Length="1126"/><Hooks><Hook3 Name="zlib-compress"/></Hooks><Payload Type="inline"/></Msg>'
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
CCM_POST 'HTTP://SCCM.MYDOMAIN.COM/ccm_system/request'
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Content boundary is '--aAbBcCdDv1234567890VxXyYzZ'
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Received header '<Msg SchemaVersion="1.1">
<ID>{14ADB6F1-95C1-4EEF-B8BA-16CD020ACFCF}</ID>
<SourceID>GUID:526CE573-6351-407E-AC2A-2C3927979AD9</SourceID>
<SourceHost>SCCM</SourceHost>
<TargetAddress>direct:POOJASETHI:LS_ReplyLocations</TargetAddress>
<ReplyTo>MP_LocationManager</ReplyTo>
<CorrelationID>{00000000-0000-0000-0000-000000000000}</CorrelationID>
<Priority>3</Priority>
<Timeout>600</Timeout>
<Capabilities><Property Name="SSL" Version="1"/></Capabilities><ReplyCapabilities><AllowRegistrationReset>direct:SCCM:ClientRegistration</AllowRegistrationReset></ReplyCapabilities><TargetHost>POOJASETHI</TargetHost><TargetEndpoint>LS_ReplyLocations</TargetEndpoint><ReplyMode>Sync</ReplyMode><Protocol>https</Protocol><SentTime>2014-02-25T08:50:39Z</SentTime><Body
Type="ByteRange" Offset="0" Length="3494"/><Hooks><Hook3 Name="zlib-compress"/><Hook Name="authenticate"><Property Name="Signature">3082018C06092A864886F70D010702A082017D30820179020101310B300906052B0E03021A0500300B06092A864886F70D01070131820158308201540201013031301D310D300B060355040313045343434D310C300A06035504031303534D530210165D06FED03B9DB94FE763D9360D9AC5300906052B0E03021A0500300D06092A864886F70D010101050004820100501708FC116FFF030AF508AA81D93086786D1E088F8729906DBFC42B6239C511CF34CB5AA9008B4356FA2D314EF43E85D8555A7D185888870EDC7A3D3700AA974B5246D59D9CC72614845768082F3AB463F2F92025D4505C1E8CBF243F6245E224EAE31091A18C9B0ADE6DEF3500DC599B04BDCE176EA49159D2947C84328F7BD2F0F6C93271F72F5826ED6717C19B5C36CDA9E1B02F9810F1D6B91659E9FD5DB25AFE155ECF86A3535A28ADE0B53505C20E69FB4A6406904299D60098B9756180BA3B6D742E3483F9FE0A45A8EC1611565377D8E6788E51057F7082339BF67771BAFC985C56784CE756BCB39C59E77071BCEE7352500B961D4509FC3EFE3828</Property><Property
Name="AuthSenderMachine">SCCM;SCCM.MYDOMAIN.COM;</Property><Property Name="MPSiteCode">PRI</Property></Hook></Hooks><Payload Type="inline"/></Msg>'
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Received reply body '<ContentLocationReply SchemaVersion="1.00"><ContentInfo PackageFlags="16777216"><ContentHashValues/></ContentInfo><Sites><Site><MPSite SiteCode="PRI" MasterSiteCode="PRI"
SiteLocality="LOCAL" IISPreferedPort="80" IISSSLPreferedPort="443"/><LocationRecords><LocationRecord><URL Name="http://SCCM.MYDOMAIN.COM/SMS_DP_SMSPKG$/PRI00003" Signature="http://SCCM.MYDOMAIN.COM/SMS_DP_SMSSIG$/PRI00003"/><ADSite
Name="Default-First-Site"/><IPSubnets><IPSubnet Address="10.0.0.0"/><IPSubnet Address=""/></IPSubnets><Metric Value=""/><Version>7958</Version><Capabilities SchemaVersion="1.0"><Property
Name="SSLState" Value="0"/></Capabilities><ServerRemoteName>SCCM.MYDOMAIN.COM</ServerRemoteName><DPType>SERVER</DPType><Windows Trust="1"/><Locality>LOCAL</Locality></LocationRecord><LocationRecord><URL
Name="http://SCCMDMZ.MYDOMAIN.COM/SMS_DP_SMSPKG$/PRI00003" Signature="http://SCCMDMZ.MYDOMAIN.COM/SMS_DP_SMSSIG$/PRI00003"/><ADSite Name="Default-First-Site"/><IPSubnets><IPSubnet Address="172.16.10.0"/><IPSubnet
Address=""/></IPSubnets><Metric Value=""/><Version>7958</Version><Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities><ServerRemoteName>SCCMDMZ.MYDOMAIN.COM</ServerRemoteName><DPType>SERVER</DPType><Windows
Trust="1"/><Locality>FALLBACK</Locality></LocationRecord></LocationRecords></Site></Sites><ClientPackage FullPackageID="PRI00003" FullPackageVersion="1" FullPackageHash="BFC11E099E8F451107B43E0DBEFD93B01DB2D6453DA74F8A2CB94B73D676C1CD"
MinimumClientVersion="5.00.7958.1000" RandomizeMaxDays="7" ProgramEnabled="false" LastModifiedTime="30354761;897103744" SiteVersionMatch="true" SiteVersion="5.00.7958.1000" EnablePeerCache="true"/><RelatedContentIDs/></ContentLocationReply>'
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Found local location 'http://SCCM.MYDOMAIN.COM/SMS_DP_SMSPKG$/PRI00003'
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Found remote location 'http://SCCMDMZ.MYDOMAIN.COM/SMS_DP_SMSPKG$/PRI00003'
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Discovered 1 local DP locations. ccmsetup
25-02-2014 02:20:39 PM 1480 (0x05C8)
PROPFIND 'http://SCCM.MYDOMAIN.COM/SMS_DP_SMSPKG$/PRI00003'
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Using DP location http://SCCM.MYDOMAIN.COM/SMS_DP_SMSPKG$/PRI00003
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
GET 'http://SCCM.MYDOMAIN.COM/SMS_DP_SMSPKG$/PRI00003/ccmsetup.cab'
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Couldn't verify 'C:\Windows\ccmsetup\ccmsetup.cab' authenticode signature. Return code 0x80096001
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Sending Fallback Status Point message to 'SCCM.MYDOMAIN.COM', STATEID='316'.
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Failed to get client version for sending messages to FSP. Error 0x8004100e
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Params to send FSP message '5.0.7958.1000 Deployment Error 0x80004005. Pre-req file name: C:\Windows\ccmsetup\ccmsetup.cab'
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Request failed: 500 Internal Server Error
FSPStateMessage
25-02-2014 02:20:39 PM
1480 (0x05C8)
Failed to extract manifest cab file with error 0x80004005. Try next location.
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Enumerated all 1 local DP locations but none of them is good. Fallback to MP.
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
GET 'HTTP://SCCM.MYDOMAIN.COM/CCM_Client/ccmsetup.cab'
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
Couldn't verify 'C:\Windows\ccmsetup\ccmsetup.cab' authenticode signature. Return code 0x80096001
ccmsetup 25-02-2014 02:20:39 PM
1480 (0x05C8)
CcmSetup failed with error code 0x80004005
ccmsetup 25-02-2014 02:20:39 PM
284 (0x011C)
Please let me know any solution or workaround for this
Thanks Rahul$

Hi,
The client cannot verify the signature of ccmsetup.cab. I suggest you check the Trusted Root Certification Authorities in certificate store on the client to see whether a certificate is missing.
Try to enable verbose logging for SCCM client installation. Then check the log to see whether there are some useful information.(http://technet.microsoft.com/en-us/library/gg699356.aspx)
Best Regards,
Joyce Li
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

"Error 0x800b010a: Failed to verify signature of payload: jre" under Eclipse IDE

Hello,
This error is occurring on a system that kept is off the internet (for security reasons):
Failed authenticode verification of payload: C:\ProgramData\Package Cache\.unverified\jre
... Error 0x800b010a: Failed to verify signature of payload: jre
It is related to certificates. I found a KB that addresses the error when the IDE is VS2013 or VS2012:
https://support.microsoft.com/en-us/kb/2746268?wa=wsignin1.0
But the IDE in use in my case is Eclipse. Does the KB apply?

Hi Rich,
the WSUS forum probably isn't the best place for this, you may have better luck in one of the Eclipse forums.
However I have had to follow the steps
in this to get around similar errors when deploying software in disconnected errors, where root cert updates hadn't been deployed before, so the above may indeed help
If you find the answer of assistance please "Vote as Helpful"and/or "Mark as Answer" where applicable. This helps others to find solutions for there issues, and recognises contributions made to the community :)

Failed to Verify License File Digital Signature

We are trying test our license file with our add-on identifier as provided by SAP. We keep getting a different error each time. Now we are getting "failed to verify license file digital signature" After we did the name substitutions in our license file. How do we fix this?

Hi,
I am sorry, but this is the forum around Solution Certification - not about general SDK questions or issues.
Please use the "regular" Forum (SAP Business One SDK)!
Thanks
PS: You must never modify the license file!

Samba decode_pac_data: failed to verify PAC server signature

i have an os x server 10.6.3 bound in AD as Only Samba Fileserver
when a user connect to a share write the sambalog an error
decodepacdata: failed to verify PAC server signature
what is that ?
thx

Hi ejp,
It strips out marks headers such as sstrTxt: TXT: "g=*; k=rsa; t=y; p=
and gives me a bare public key.
For example, the output for public key without the replaceAll call gives me:
strTxt: TXT: "g=*; k=rsa; t=y; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg8yo6rDhsNiwUfVR37HgF4bWqoG13Nd9XLT+Z0VLzCkWJZOdzGNQnnm7ujoQ8gbxeDvIo9RG5I3eZteBwD91Nf6P/E9lvJQDL2Qnz4EXH/CVW9DeEfvY1UJN9kc6q6KkYEPWssvVvlDOp2slbEKZCJtaPvVuGCAqfaps8J0FjOQIDAQAB"
Output for public key with the replaceAll call gives me:
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCg8yo6rDhsNiwUfVR37HgF4bWqoG13Nd9XLT+Z0VLzCkWJZOdzGNQnnm7ujoQ8gbxeDvIo9RG5I3eZteBwD91Nf6P/E9lvJQDL2Qnz4EXH/CVW9DeEfvY1UJN9kc6q6KkYEPWssvVvlDOp2slbEKZCJtaPvVuGCAqfaps8J0FjOQIDAQAB

Problem verifying xml signature

We have a problem with verifying XML Signatures which are part of a SOAP message. Thanks a lot for helping! Hope my problem is understandable - otherwise ask.
We use the following enviroment:
Java6
Axis 2 V1.2 with XML Beans
Step 1:
The Java 6 XML Signature is an enveloped signature over an element called payload with exclusive XML canonicalization. We sign the payload and send the payload including signature to the server. At first I discovered the following namespace problem.
DigesterOutputstream Create Signature:
FEINER: <Payload Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDAyNDAwPC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><Timestamp><Created>UNDO</Created></Timestamp></Payload>
DigesterOutput Verify Signature:
FEINER: <Payload xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDAyNDAwPC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp></Payload>
31.10.2007 08:25:48 org.jcp.xml.dsig.internal.dom.DOMReference validate
FEIN: Expected digest: 71PfJ/xxn38TtQrpZOpRdqTZsBw=
31.10.2007 08:25:48 org.jcp.xml.dsig.internal.dom.DOMReference validate
FEIN: Actual digest: B1Qdei/0yW1mqR2T50LXKFfxhl0=
Soap request with payload:
<?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header><TelematikHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><ConversationID /><ServiceLocalization><Type>VSD</Type><Provider>101575519</Provider></ServiceLocalization><MessageType><Component>VSD</Component><Operation>PerformUpdates</Operation></MessageType><RoleDataProcessor /></TelematikHeader><TransportHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><InterfaceVersion>0.0.24.3</InterfaceVersion></TransportHeader></soapenv:Header><soapenv:Body><TelematikExecute xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><Payload Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDAyNDAwPC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#c623c3be-529b-4d6d-8f1e-a4a29660f344"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>71PfJ/xxn38TtQrpZOpRdqTZsBw=</DigestValue></Reference></SignedInfo><SignatureValue>FuhOdrz9kHR0MeAUq9Rxkg6w++7foR77s9AYQUQxb8qPJ44Ba6By8R/H+CCn5JP5cPFz8/mGOgOD NGKLgZp66xbVSWe1UeehmZLH1a2kvHsx/VvYo3Lr5foHsl6YikUBMXCBdhI4ukKJTuwBOK/7m3lu 7Zl07SFo0zWL73gUTxc=</SignatureValue><KeyInfo><X509Data><X509SubjectName>CN=Harris Knafla,OU=IP,O=TK,ST=Hamburg,C=DE</X509SubjectName><X509Certificate>MIIC0DCCAjmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCREUxEDAOBgNVBAgT B0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxCzAJBgNVBAoTAlRLMQswCQYDVQQLEwJJUDEUMBIG A1UEAxMLTmlscyBLbmFmbGExKjAoBgkqhkiG9w0BCQEWG0RyLk5pbHMuS25hZmxhQHRrLW9ubGlu ZS5kZTAeFw0wNzA2MjkxNzQ2MzBaFw0wODA2MjgxNzQ2MzBaMFExCzAJBgNVBAYTAkRFMRAwDgYD VQQIEwdIYW1idXJnMQswCQYDVQQKEwJUSzELMAkGA1UECxMCSVAxFjAUBgNVBAMTDUhhcnJpcyBL bmFmbGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMjAnKFGjXjbPbi4X1vnI/H7ArNfayv HO7+QbuV1FqIR+aZuAYZeR5v0s8NKyGOcMxscAQk59ZrdfqaaIiwtcXk2fNHphtSVqLqR4NLWO2q xJKXwBcAxIn7byjq/DqjiUr5nmw1cMWJtK1xwB6pVMvCv97KGg2Z8peronBxg6mVAgMBAAGjezB5 MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl MB0GA1UdDgQWBBRaMTzoUhWt1wguyvPlPuUUV8VRtTAfBgNVHSMEGDAWgBQuZ2A4G1XF+GvL7vai Zst6RUCqYjANBgkqhkiG9w0BAQUFAAOBgQAr3rtJIVNchr3pMEfFcSzbJJWo/c0LRkUnWkP1gD6f MqLoLFUbl8k6tKJ9V4P0Oe2BODRIfNyTFjKLzD1lHAFFRz9pzYUx+hq4VDWooA3MsewNDDyJwupi vlmHcM+Y8Cv97q9pERiqAY88TRMZxntl/b98W61KARAO+HUDhTnA1g==</X509Certificate></X509Data></KeyInfo></Signature></Payload></TelematikExecute></soapenv:Body></soapenv:Envelope>
The problem is the namespaces under the elements payload and timestamp. For verification the namespaces are inherited from parent element. I wonder why this happens - I thought this should not happen when using exclusive canonicalization, or?
Step 2:
Then I added the namespaces before creating the signature , e.g.
payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://ws.gematik.de/Schema/Telematik/Transport/V1");
for all attributes that are not part of the create signature log. Then the xml signature was verify successfully when I tested this against my own server. See log files:
DigesterOutputstream for create signature:
31.10.2007 11:16:00 org.jcp.xml.dsig.internal.DigesterOutputStream write
FEINER: <Payload xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDMwMjI5PC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp></Payload>
DigesterOutputstream verify signature:
31.10.2007 11:19:00 org.jcp.xml.dsig.internal.DigesterOutputStream write
FEINER: <Payload xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDMwMjI5PC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp></Payload>
The whole soap request:
<?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-3596382">MIIC0DCCAjmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxCzAJBgNVBAoTAlRLMQswCQYDVQQLEwJJUDEUMBIGA1UEAxMLTmlscyBLbmFmbGExKjAoBgkqhkiG9w0BCQEWG0RyLk5pbHMuS25hZmxhQHRrLW9ubGluZS5kZTAeFw0wNzA2MjkxNzQ2MzBaFw0wODA2MjgxNzQ2MzBaMFExCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMQswCQYDVQQKEwJUSzELMAkGA1UECxMCSVAxFjAUBgNVBAMTDUhhcnJpcyBLbmFmbGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMjAnKFGjXjbPbi4X1vnI/H7ArNfayvHO7+QbuV1FqIR+aZuAYZeR5v0s8NKyGOcMxscAQk59ZrdfqaaIiwtcXk2fNHphtSVqLqR4NLWO2qxJKXwBcAxIn7byjq/DqjiUr5nmw1cMWJtK1xwB6pVMvCv97KGg2Z8peronBxg6mVAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRaMTzoUhWt1wguyvPlPuUUV8VRtTAfBgNVHSMEGDAWgBQuZ2A4G1XF+GvL7vaiZst6RUCqYjANBgkqhkiG9w0BAQUFAAOBgQAr3rtJIVNchr3pMEfFcSzbJJWo/c0LRkUnWkP1gD6fMqLoLFUbl8k6tKJ9V4P0Oe2BODRIfNyTFjKLzD1lHAFFRz9pzYUx+hq4VDWooA3MsewNDDyJwupivlmHcM+Y8Cv97q9pERiqAY88TRMZxntl/b98W61KARAO+HUDhTnA1g==</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-8331318"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#id-28000914"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>Q2LregRFO//cXlkcThu9Bx0jal4=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#id-10464309"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>BX651XEWk4u4pGgshQhocYxPkSo=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-7651652"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>ezisLn/pGWNqMHbT6UlHyM4Ez64=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> Xl4SSEwrtyUnsqf8xOmfzojLLU18tOrikOhK+HRyqHqv0lPF+AqANLU6yygNdhbfI5qyef9BLr6I CmSPIX4QQR+Hq45l/Ewa+M2K1OOjqvBUGYyQqrKCqUFtsISr9xPudB8ZmaVfaUu5chjIvy/sPYYx TuYv2Ma6uEwek1YZpbE= </ds:SignatureValue> <ds:KeyInfo Id="KeyId-1823783"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-17125267"><wsse:Reference URI="#CertId-3596382" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /></wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-7651652"><wsu:Created>2007-10-31T10:16:00.474Z</wsu:Created><wsu:Expires>2007-10-31T10:21:00.474Z</wsu:Expires></wsu:Timestamp></wsse:Security><TelematikHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-10464309"><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><ConversationID /><ServiceLocalization><Type>VSD</Type><Provider>101575519</Provider></ServiceLocalization><MessageType><Component>VSD</Component><Operation>PerformUpdates</Operation></MessageType><RoleDataProcessor /></TelematikHeader><TransportHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><InterfaceVersion>0.0.24.3</InterfaceVersion></TransportHeader></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-28000914"><TelematikExecute xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><Payload Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDMwMjI5PC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#c623c3be-529b-4d6d-8f1e-a4a29660f344"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>XHIiHK4NYczByvAJSZH8u3hSvuQ=</DigestValue></Reference></SignedInfo><SignatureValue>JQnTQJ1TidrMuWmSmpHE3ZR5M728A3tlvKjrM3GxFPuy5YOmmybxR0T7xe72WSdWsqvFT9QGE+iP GL5POuc3s8lLc1QGZRKhZvjHAKFldDNyxAMWRL7ZXmhpjsRXT3HethKWew3669SKjJFkZ1IYEnZz QrJOmgt1MMjWx99CgaQ=</SignatureValue><KeyInfo><X509Data><X509SubjectName>CN=Harris Knafla,OU=IP,O=TK,ST=Hamburg,C=DE</X509SubjectName><X509Certificate>MIIC0DCCAjmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCREUxEDAOBgNVBAgT B0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxCzAJBgNVBAoTAlRLMQswCQYDVQQLEwJJUDEUMBIG A1UEAxMLTmlscyBLbmFmbGExKjAoBgkqhkiG9w0BCQEWG0RyLk5pbHMuS25hZmxhQHRrLW9ubGlu ZS5kZTAeFw0wNzA2MjkxNzQ2MzBaFw0wODA2MjgxNzQ2MzBaMFExCzAJBgNVBAYTAkRFMRAwDgYD VQQIEwdIYW1idXJnMQswCQYDVQQKEwJUSzELMAkGA1UECxMCSVAxFjAUBgNVBAMTDUhhcnJpcyBL bmFmbGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMjAnKFGjXjbPbi4X1vnI/H7ArNfayv HO7+QbuV1FqIR+aZuAYZeR5v0s8NKyGOcMxscAQk59ZrdfqaaIiwtcXk2fNHphtSVqLqR4NLWO2q xJKXwBcAxIn7byjq/DqjiUr5nmw1cMWJtK1xwB6pVMvCv97KGg2Z8peronBxg6mVAgMBAAGjezB5 MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl MB0GA1UdDgQWBBRaMTzoUhWt1wguyvPlPuUUV8VRtTAfBgNVHSMEGDAWgBQuZ2A4G1XF+GvL7vai Zst6RUCqYjANBgkqhkiG9w0BAQUFAAOBgQAr3rtJIVNchr3pMEfFcSzbJJWo/c0LRkUnWkP1gD6f MqLoLFUbl8k6tKJ9V4P0Oe2BODRIfNyTFjKLzD1lHAFFRz9pzYUx+hq4VDWooA3MsewNDDyJwupi vlmHcM+Y8Cv97q9pERiqAY88TRMZxntl/b98W61KARAO+HUDhTnA1g==</X509Certificate></X509Data></KeyInfo></Signature></Payload></TelematikExecute></soapenv:Body></soapenv:Envelope>
As you can see in the soap request on top of the xml signature there is a Webservice Security signature (WSSE) over three elements. This should be no problem altough WSSE adds the wsu:id attribute to the body element. WSSE was omitted in step 1 for simplicity.
I wonder that the attributes which have been set to the payloadElement are not part of the actual message. But it works!
Step 3:
The same request was sent to an external webservice server and the server reports a xml signature verification problem. I don't have any logs or further information. But I have to get this to work against this server.
Java Files for Create + Verify Signature. For Create I get a DOM Node from a XML Bean. For step 1 the attribute setting should be in comments. I use VerifySignature for step 1 + 2.
SignPayload.java:
package de.tk.signature;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.apache.xmlbeans.XmlObject;
import de.tk.schemaTools.TkSchemaHandler;
import de.tk.util.ClientProperties;
public class SignPayload {
 public static void signDocument(XmlObject telematikExecuteXmlObject, String payloadId) {
 try {
 // get Document
 org.w3c.dom.Node node = telematikExecuteXmlObject.getDomNode();
 Document documentTo = node.getOwnerDocument();
 XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
 Reference ref = fac.newReference("#"+payloadId, fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac
 .newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
 // Create the SignedInfo.
 SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
 Collections.singletonList(ref));
 KeyStore keyStore = KeyStore.getInstance("JKS");
 String keyStoreFilename = ClientProperties.getKeystorefile();
 FileInputStream keyStoreFile = new FileInputStream(keyStoreFilename);
 keyStore.load(keyStoreFile, "storePwd".toCharArray());
 keyStoreFile.close();
 KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("harris", new KeyStore.PasswordProtection("keyPwd".toCharArray()));
 X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
 // Create the KeyInfo containing the X509Data.
 KeyInfoFactory kif = fac.getKeyInfoFactory();
 List x509Content = new ArrayList();
 x509Content.add(cert.getSubjectX500Principal().getName());
 x509Content.add(cert);
 X509Data xd = kif.newX509Data(x509Content);
 KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
 Node payloadNode = new TkSchemaHandler().getNode(documentTo, "Payload");
 String prefix = payloadNode.getPrefix();
 NamedNodeMap nameNodeMap = payloadNode.getAttributes();
 // String baseUri = payloadNode.getBaseURI(); not implemented
 boolean attributes = payloadNode.hasAttributes();
 Element payloadElement = (Element) payloadNode;
 //xmlns is the prefix and first parameter the namespaceURI
 // xmlns existiert ohne WSSE, beim Create XMLOutputter ausgegeben
 payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://ws.gematik.de/Schema/Telematik/Transport/V1");
 // existiert ohne WSSE
 // bei Create nicht; aber bei Verify im DigestOutputter mit drin
 payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:soapenv", "http://schemas.xmlsoap.org/soap/envelope/");
 // existiert nur bei WSSE
 payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
 Node timestampNode = new TkSchemaHandler().getNode(documentTo, "Timestamp");
 Element timestampElement = (Element) timestampNode;
 // existiert ohne WSSE
 // beim Create Outputter angegeben sowie beim Verify
 timestampElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
 // existiert nur bei WSSE, war wohl nur notwendig da bei WSSE Signature auf falschen Timestamp zugegriffen worden ist.
 // Create a DOMSignContext and specify the RSA PrivateKey and
 // location of the resulting XMLSignature's parent element.
 DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(),payloadNode);
 // Create the XMLSignature, but don't sign it yet.
 XMLSignature signature = fac.newXMLSignature(si, ki);
 // DomInfo.visualize(document);
 SAXBuilderDemo2.print(documentTo);
 // Marshal, generate, and sign the enveloped signature.
 signature.sign(dsc);
 } catch (Exception exc) {
 throw new RuntimeException(exc.getMessage());
VerifySignature.java:
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
public class VerifySignature {
 * @param args
 public static void main(String[] args) {
 // TODO Auto-generated method stub
 try {
 String filename = args[0];
 System.out.println("Verify Document: " + filename);
 XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
 DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
 dbf.setNamespaceAware(true);
 Document doc = dbf
 .newDocumentBuilder()
 .parse(
 new FileInputStream(filename));
// Find Signature element.
// NodeList nl =
// doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
 Node node = TkSchemaHandler.getNode(doc,"/*[local-name()='Envelope' and namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/']/*[local-name()='Body' and namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/'][1]/*[local-name()='TelematikExecute' and namespace-uri()='http://ws.gematik.de/Schema/Telematik/Transport/V1'][1]/*[local-name()='Payload' and namespace-uri()='http://ws.gematik.de/Schema/Telematik/Transport/V1'][1]/*[local-name()='Signature' and namespace-uri()='http://www.w3.org/2000/09/xmldsig#'][1]");
 if (nl.getLength() == 0) {
 throw new Exception("Cannot find Signature element");
 Node node = nl.item(0); */
// Create a DOMValidateContext and specify a KeySelector
// and document context.
 DOMValidateContext valContext = new DOMValidateContext
 (new X509KeySelector(), node);
// Unmarshal the XMLSignature.
 XMLSignature signature = fac.unmarshalXMLSignature(valContext);
// Validate the XMLSignature.
 boolean coreValidity = signature.validate(valContext);
 // sample 6
// Check core validation status.
 if (coreValidity == false) {
 System.err.println("Signature failed core validation");
 boolean sv = signature.getSignatureValue().validate(valContext);
 System.out.println("signature validation status: " + sv);
 if (sv == false) {
 // Check the validation status of each Reference.
 Iterator i = signature.getSignedInfo().getReferences().iterator();
 for (int j=0; i.hasNext(); j++) {
 boolean refValid = ((Reference) i.next()).validate(valContext);
 System.out.println("ref["+j+"] validity status: " + refValid);
 } else {
 System.out.println("OK! Signature passed core validation!");
 } catch (Exception exc) {
 exc.printStackTrace();
Questions:
1. Do I really have to set all the namespace attributes? I thought with exclusive xml this should not be necessary. Is there any other solution?
2. Do you think I got all the settings right in SignPayload.java?
Thanks a lot in advance.
Cheers !
Nils

It seems to be a bug with the JDK you are using. What is the JDK version you are using?

Verifying detached signature

Hi,
Im trying to verify the PKCS& detached signature.. Verification is working fine. But if i try to alter or delete certian characters in my signature file its still saying verification success can anybody have a look at this code and help me to sort out this issue. Is there any other way with which i can verify the signature.
Here is the code:
import java.security.Security;
import java.io.*;
import org.bouncycastle.jce.PKCS7SignedData;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.util.Arrays;
import java.util.*;
import java.text.SimpleDateFormat;
import java.util.Iterator;
import java.util.List;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.io.FileInputStream;
import javax.security.auth.x500.X500Principal;
import java.lang.*;
import java.io.PrintWriter;
import java.security.cert.*;
import java.util.Vector;
import java.lang.*;
import java.io.IOException;
import java.util.Collection;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationStore;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
class VerifyP7s {
public static void main(String args[]) {
if (args.length < 2)
usage();
//Plug the Provider into the JCA/JCE
Security.addProvider(new BouncyCastleProvider());
FileInputStream freader = null;
//------ Get the content data from file -------------
File f = new File(args[1]) ;
int sizecontent = ((int) f.length());
byte[] bytes = new byte[sizecontent];
try {
freader = new FileInputStream(f);
System.out.print("\nContent Bytes: " + freader.read(bytes, 0, sizecontent));
freader.close();
catch(IOException ioe) {
System.out.println(ioe.toString());
return;
//------ Get the pkcs #7 data from file -------
File p7s = new File(args[0]) ;
int size = ((int) p7s.length());
byte[] bytessig = new byte[size];
try {
freader = new FileInputStream(p7s);
System.out.println(" PKCS#7 bytes: " + freader.read(bytessig, 0, size));
freader.close();
catch(IOException ioe) {
System.out.println(ioe.toString());
return;
// --- Use Bouncy Castle provider to attempt verification of p7s ---
if(isBase64Encoded(bytessig)){
System.out.println("Signature file is BASE64 encoded") ;
try{
sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder() ;
byte[] bdecoded = dec.decodeBuffer(new String(bytessig));
if (isVerified(bdecoded, bytes))
System.out.println("Verified pkcs#7 data: \"" + args[0] + "\" as BASE64-encoded DER file\n" +
"against content file \"" + args[1] + "\"") ;
else
System.out.println("Failed to verify " + args[0] + " as valid pkcs#7 detached signature.");
catch(Exception exc) {
System.out.println("Failed to verify " + args[0] + " as valid pkcs#7 detached signature.");
return;
else { //if NOT base64 encoded
if (isVerified(bytessig, bytes))
System.out.println("Verified pkcs#7 data: \"" + args[0] + "\" as binary DER file\n" +
"against content file \"" + args[1] + "\"") ;
else
System.out.println("Failed to verify " + args[0] + " as valid pkcs#7 detached signature.");
private static byte[] toUnicode(byte[] bytes) {
byte[] ucbytes = new byte[2*bytes.length];
for (int j = 0; j< bytes.length; j++) {
ucbytes[2*j] = bytes[j];
ucbytes[2*j+1] = 0x00; //null byte for UNICODE encoding
return ucbytes;
private static final boolean isVerified(byte[] sig, byte[] content) {
try{
PKCS7SignedData pkcs7 = new PKCS7SignedData(sig);
pkcs7.update(content, 0, content.length); // Update checksum
boolean verified = pkcs7.verify(); // Does it add up?
if(!verified) { //see if original data was UNICODE byte encoding
//System.out.println("Original byte content not verified.\nTrying UNICODE encoding ...");
pkcs7 = new PKCS7SignedData(sig);
pkcs7.update(toUnicode(content), 0, 2*content.length);
verified = pkcs7.verify();
if(verified){
System.out.println("\nUNICODE-encoding of signed content was verified.");
return true;
else
//System.out.println("\nCould NOT verify signed detached content");
return false;
else
System.out.println("ANSI-encoding of signed content was verified.");
return true ;
catch(java.security.cert.CRLException crle) {
//System.out.println("crl " + crle.toString());
return false;
catch(java.security.SignatureException sigex) {
//System.out.println("sigexcept " + sigex.toString());
return false;
catch(Exception secex) {
//System.out.println("other exception " + secex.toString());
return false;
private static final boolean isBase64Encoded(byte[] data) {
Arrays.sort(Base64Map);
for (int i=0; i<data.length; i++){
//System.out.println("data[" + i + "] " + (char)data) ;
if( Arrays.binarySearch(Base64Map, (char)data)<0
&& !Character.isWhitespace((char)data) )
return false;
return true;
public String printX509Cert(X509Certificate cert){
try{
String discrt = cert.getPublicKey().toString();
return discrt;
catch(Exception exception)
System.err.println("Exception is: "+exception.getMessage());
String ex = exception.getMessage();
return ex;
private static char[] Base64Map =
{ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
'w', 'x', 'y', 'z', '0', '1', '2', '3',
'4', '5', '6', '7', '8', '9', '+', '/', '='
private static void usage() {
System.out.println("Usage:\n java VerifyP7s <pkcs #7 signature file> <contentfile> ") ;
System.exit(1);
Here is my signature file:
MIIEoAYJKoZIhvcNAQcCoIIEkTCCBI0CAQExDjAMBggqhkiG9w0CBQUAMAsGCSqGSIb3DQEHAaCC
A3kwggN1MIICXaADAgECAhBjffJNbUvAx4VWV4qkdNLGMA0GCSqGSIb3DQEBBAUAMDExETAPBgNV
BAoTCFNJRlkgTHRkMRwwGgYDVQQDExNTSUZZIEx0ZCBQcml2YXRlIENBMB4XDTA0MDcyNjAwMDAw
MFoXDTA1MDcyNjIzNTk1OVowgZwxETAPBgNVBAoUCFNJRlkgTHRkMSIwIAYDVQQLFBlIdW1hbiBS
ZXNvdXJjZSBEZXBhcnRtZW50MRswGQYDVQQLFBJFbXBsb3llZUlEIC0gU0YwNjcxGzAZBgNVBAMT
ElN1ZGVlcCBLdW1hciBQLiBLLjEpMCcGCSqGSIb3DQEJARYac3VkZWVwa3VtYXJAc2FmZXNjcnlw
dC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANGOpSIhZEDQ5Z6cxLMpZssi5WWdD0h7
kFWkbXPQk842HqCBFPcClUUWWeT/LJ10VCC9Ff0KrI5lviGl9umnVW+LeCYiI/ksnea/p7tKfOgN
NO+UBoJ4PE5XnUEq03CFWdHhGNfukNqWZiMC+bUX8e6+blFU/6ipUtHmIkIrlNZBAgMBAAGjgaAw
gZ0wCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEQYJYIZIAYb4QgEBBAQDAgeAMF0GA1UdHwRWMFQw
UqBQoE6GTGh0dHA6Ly9vbnNpdGVjcmwuc2FmZXNjcnlwdC5jb20vU0lGWUx0ZEh1bWFuUmVzb3Vy
Y2VEZXBhcnRtZW50L0xhdGVzdENSTC5jcmwwEQYKYIZIAYb4RQEGCQQDAQH/MA0GCSqGSIb3DQEB
BAUAA4IBAQBpFEGmTHOSfA/SkeC/bvZE3sYpBU0+RG8iSm+DTbP5tiCyWT+L0AidTWDk0ZuXz7yA
eF9NR0OZyxp3/v+OQYn3Q0a1awe+JKnDCD+zayehcPbvD+q79WYHO5Ibm5UA2VnGoBbV3CDhj1qC
lCyqllEKVWk11iB6wu24PzB31uARxkar3cynFNX4P6nxy6vb83W/Wnt8eOMQHI2SiVvJtjU5SwL6
ILrkZfrm7NLcCQY2w7w4/WeFgeb2Ko8hYHSRyvJWwBUyv2ExDGnv0eqHJn6HC+4IE8wzirWre0jY
Y0529u3MfIL0F7lrkuwYnpVa3zE/b2HwCaMrN+TuY/oNkf2YMYHtMIHqAgEBMEUwMTERMA8GA1UE
ChMIU0lGWSBMdGQxHDAaBgNVBAMTE1NJRlkgTHRkIFByaXZhdGUgQ0ECEGN98k1tS8DHhVZXiqR0
0sYwDAYIKoZIhvcNAgUFADANBgkqhkiG9w0BAQEFAASBgDUpkV5Zpi781vTmtydAdOVJ7cecnQ9v
8fdTZwMgz56Q3ZI0pj6+60e8lIafO3mo596eCF2mBsZm2wEO1PhnXPKAQFXWIseDp0GVdmwTp1tH
M2e9fC2bOppNhBKkpZAr26PE6/BIDittE1rM8nJOa+9lzJcDCBBpJM3MdlHjY+8v
My Content file is:
<table width=100%><TR align=center><TH COLSPAN=3>Transfer Funds Request</TH></TR><TR><TD ALIGN=RIGHT>TRANSFER FROM</TD><TD>..........</TD><TD>Money Market</TD></TR><TR><TD ALIGN=RIGHT>TRANSFER TO</TD><TD>..........</TD><TD>Cash</TD></TR><TR><TD ALIGN=RIGHT>AMOUNT</TD><TD>..........</TD><TD>/ \ & \n</TD></TR></table> I am authorizing the transfer of the above funds by digitally signing this request.
Thanx in advance.

Your PKCS#7 signature file is dumped by DUMPASN1 as follows:
The verifying code only checks the public key against the data.
If you change some byte of the PKCS#7 data that can "blow up" the ASN.1 structures, you cannot get the public key, so the data would not be verified OK.
But if you change some other byte in the PKCS#7 signature data, it could change some things that are not important to ASN.1 Parsing, like changing 'Human Resource Department' to 'Departamentos de Recursos' that is a string with the same length. So as you don't changed the Public key bytes it's all OK.
If you are concerned about PKCS#7 signature file modification, you can try verifying the signer certificates inside - an additional step, but not difficult to do.
 0 30 1184: SEQUENCE {
 4 06 9: OBJECT IDENTIFIER signedData (1 2 840 113549 1 7 2)
15 A0 1169: [0] {
19 30 1165: SEQUENCE {
23 02 1: INTEGER 1
26 31 14: SET {
28 30 12: SEQUENCE {
30 06 8: OBJECT IDENTIFIER md5 (1 2 840 113549 2 5)
40 05 0: NULL
42 30 11: SEQUENCE {
44 06 9: OBJECT IDENTIFIER data (1 2 840 113549 1 7 1)
55 A0 889: [0] {
59 30 885: SEQUENCE {
63 30 605: SEQUENCE {
67 A0 3: [0] {
69 02 1: INTEGER 2
72 02 16: INTEGER
 : 63 7D F2 4D 6D 4B C0 C7 85 56 57 8A A4 74 D2 C6
90 30 13: SEQUENCE {
92 06 9: OBJECT IDENTIFIER
 : md5withRSAEncryption (1 2 840 113549 1 1 4)
103 05 0: NULL
105 30 49: SEQUENCE {
107 31 17: SET {
109 30 15: SEQUENCE {
111 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
116 13 8: PrintableString 'SIFY Ltd'
126 31 28: SET {
128 30 26: SEQUENCE {
130 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
135 13 19: PrintableString 'SIFY Ltd Private CA'
156 30 30: SEQUENCE {
158 17 13: UTCTime 26/07/2004 00:00:00 GMT
173 17 13: UTCTime 26/07/2005 23:59:59 GMT
188 30 156: SEQUENCE {
191 31 17: SET {
193 30 15: SEQUENCE {
195 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
200 14 8: TeletexString 'SIFY Ltd'
210 31 34: SET {
212 30 32: SEQUENCE {
214 06 3: OBJECT IDENTIFIER
 : organizationalUnitName (2 5 4 11)
219 14 25: TeletexString 'Human Resource Department'
246 31 27: SET {
248 30 25: SEQUENCE {
250 06 3: OBJECT IDENTIFIER
 : organizationalUnitName (2 5 4 11)
255 14 18: TeletexString 'EmployeeID - SF067'
275 31 27: SET {
277 30 25: SEQUENCE {
279 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
284 13 18: PrintableString 'Sudeep Kumar P. K.'
304 31 41: SET {
306 30 39: SEQUENCE {
308 06 9: OBJECT IDENTIFIER
 : emailAddress (1 2 840 113549 1 9 1)
319 16 26: IA5String '[email protected]'
347 30 159: SEQUENCE {
350 30 13: SEQUENCE {
352 06 9: OBJECT IDENTIFIER
 : rsaEncryption (1 2 840 113549 1 1 1)
363 05 0: NULL
365 03 141: BIT STRING, encapsulates {
369 30 137: SEQUENCE {
372 02 129: INTEGER
 : 00 D1 8E A5 22 21 64 40 D0 E5 9E 9C C4 B3 29 66
 : CB 22 E5 65 9D 0F 48 7B 90 55 A4 6D 73 D0 93 CE
 : 36 1E A0 81 14 F7 02 95 45 16 59 E4 FF 2C 9D 74
 : 54 20 BD 15 FD 0A AC 8E 65 BE 21 A5 F6 E9 A7 55
 : 6F 8B 78 26 22 23 F9 2C 9D E6 BF A7 BB 4A 7C E8
 : 0D 34 EF 94 06 82 78 3C 4E 57 9D 41 2A D3 70 85
 : 59 D1 E1 18 D7 EE 90 DA 96 66 23 02 F9 B5 17 F1
 : EE BE 6E 51 54 FF A8 A9 52 D1 E6 22 42 2B 94 D6
 : [ Another 1 bytes skipped ]
504 02 3: INTEGER 65537
509 A3 160: [3] {
512 30 157: SEQUENCE {
515 30 9: SEQUENCE {
517 06 3: OBJECT IDENTIFIER basicConstraints (2 5 29 19)
522 04 2: OCTET STRING, encapsulates {
524 30 0: SEQUENCE {}
526 30 11: SEQUENCE {
528 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
533 04 4: OCTET STRING, encapsulates {
535 03 2: BIT STRING 5 unused bits
 : '101'B
539 30 17: SEQUENCE {
541 06 9: OBJECT IDENTIFIER
 : netscape-cert-type (2 16 840 1 113730 1 1)
552 04 4: OCTET STRING, encapsulates {
554 03 2: BIT STRING 7 unused bits
 : '1'B (bit 0)
558 30 93: SEQUENCE {
560 06 3: OBJECT IDENTIFIER
 : cRLDistributionPoints (2 5 29 31)
565 04 86: OCTET STRING, encapsulates {
567 30 84: SEQUENCE {
569 30 82: SEQUENCE {
571 A0 80: [0] {
573 A0 78: [0] {
575 86 76: [6]
 : 'http://onsitecrl.safescrypt.com/SIFYLtdHumanReso'
 : 'urceDepartment/LatestCRL.crl'
653 30 17: SEQUENCE {
655 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 6 9'
667 04 3: OCTET STRING, encapsulates {
669 01 1: BOOLEAN TRUE
672 30 13: SEQUENCE {
674 06 9: OBJECT IDENTIFIER
 : md5withRSAEncryption (1 2 840 113549 1 1 4)
685 05 0: NULL
687 03 257: BIT STRING
 : 69 14 41 A6 4C 73 92 7C 0F D2 91 E0 BF 6E F6 44
 : DE C6 29 05 4D 3E 44 6F 22 4A 6F 83 4D B3 F9 B6
 : 20 B2 59 3F 8B D0 08 9D 4D 60 E4 D1 9B 97 CF BC
 : 80 78 5F 4D 47 43 99 CB 1A 77 FE FF 8E 41 89 F7
 : 43 46 B5 6B 07 BE 24 A9 C3 08 3F B3 6B 27 A1 70
 : F6 EF 0F EA BB F5 66 07 3B 92 1B 9B 95 00 D9 59
 : C6 A0 16 D5 DC 20 E1 8F 5A 82 94 2C AA 96 51 0A
 : 55 69 35 D6 20 7A C2 ED B8 3F 30 77 D6 E0 11 C6
 : [ Another 128 bytes skipped ]
948 31 237: SET {
951 30 234: SEQUENCE {
954 02 1: INTEGER 1
957 30 69: SEQUENCE {
959 30 49: SEQUENCE {
961 31 17: SET {
963 30 15: SEQUENCE {
965 06 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
970 13 8: PrintableString 'SIFY Ltd'
980 31 28: SET {
982 30 26: SEQUENCE {
984 06 3: OBJECT IDENTIFIER commonName (2 5 4 3)
989 13 19: PrintableString 'SIFY Ltd Private CA'
1010 02 16: INTEGER
 : 63 7D F2 4D 6D 4B C0 C7 85 56 57 8A A4 74 D2 C6
1028 30 12: SEQUENCE {
1030 06 8: OBJECT IDENTIFIER md5 (1 2 840 113549 2 5)
1040 05 0: NULL
1042 30 13: SEQUENCE {
1044 06 9: OBJECT IDENTIFIER
 : rsaEncryption (1 2 840 113549 1 1 1)
1055 05 0: NULL
1057 04 128: OCTET STRING
 : 35 29 91 5E 59 A6 2E FC D6 F4 E6 B7 27 40 74 E5
 : 49 ED C7 9C 9D 0F 6F F1 F7 53 67 03 20 CF 9E 90
 : DD 92 34 A6 3E BE EB 47 BC 94 86 9F 3B 79 A8 E7
 : DE 9E 08 5D A6 06 C6 66 DB 01 0E D4 F8 67 5C F2
 : 80 40 55 D6 22 C7 83 A7 41 95 76 6C 13 A7 5B 47
 : 33 67 BD 7C 2D 9B 3A 9A 4D 84 12 A4 A5 90 2B DB
 : A3 C4 EB F0 48 0E 2B 6D 13 5A CC F2 72 4E 6B EF
 : 65 CC 97 03 08 10 69 24 CD CC 76 51 E3 63 EF 2F
 : }

Looking for help-------"application failed to start because UID.mr.dll"

I've been having troubles with my Windows Vista PC recently and had to even system restore it just to be able to turn the computer on successfully, though it is still being buggy. However, I have been working these out and now all that remains is this error:
"PhotoshopElements.exe - Unable to Locate Component'>
This application has failed to start because UID.mr.dll was not found. Re-installing the application may fix this problem."
I have tried re-installing and it has not fixed my problem. Is my install file corrupt or something? What can I do to get Photoshop Elements 2.0 up and running again?

PSE2... on Vista... (First thing its not supported on Vista.. First PSE version supported on Vista is PSE5.0.1 and PSE7 is there in market)
Your installation completes successfully?
If yes what do you do and when do you get this error.
In the mean time I will try to get some info about the dll you mentioned.
+ Ripple

I try to purchase pages (after upgrading to maverick) and get this message: Failed to verify the preflight file. It is not signed by Apple.

I try to purchase Pages (after upgrading to Maverick OS) and keep getting this message:
Failed to verify the preflight file. It is not signed by Apple.
How to I get past this? I cannot find anything referencing preflight file. Who can identify this?

Back up all data.
Launch the Keychain Access application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
From the menu bar, select
Keychain Access ▹ Preferences ▹ Certificates
There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to CRL. Log out, log back in, and test.

Failed to verify gateway status. The remote name could not be resolved: 'machinename' Office 365, Power BI

Hi
I am trying to setup a Power BI On Premise datasource at a client site.
I successfully installed the Data Management Gateway (DataManagementGateway_1.2.5303.1_en-us (64-bit)) software on a Windows Server 2012 box and created the Gateway on the Power BI Office 365 site.
The Gateway is running correctly with no errors. When trying to setup the Datasource I get an error. As soon as I try to set the credentials the following message appears.
Failed to verify gateway 'GatewayName' status. The remote name could not be resolved: 'servername.domainname.net’
The servername which is returned in the error message is exactly the name which the DMG was installed on.
There is a firewall in place with a proxy server and I don't know if this might cause the problems. The
following website suggests adding the proxy settings in the config files of the DMG but this did not solve the problem.
The above setup process works perfectly when running the DMG from my laptop, connecting to a Gateway and creating a DataSource connecting to SQL Server.
Any assistance would be appreciated.

HI
Thank You for the reply.
I resolved the issue in the mean time. I was on laptop which does not belong to the domain.
When setting up the datasource you should be on the same domain as the datasource as per the below post.
http://sharepoint-community.net/profiles/blogs/connecting-office-365-to-on-premises-data
Regards, Drickus

SSD fails to verify after kernel panic?

I have been using a 256GB Samsung 840 Pro SSD as my main boot drive in my MBP for about 6 months now with no issues. Last week, I randomly got a kernel panic and had to reboot my mac, however, it failed to boot. After opening the recovery tools, the disk utility failed to mount the SSD. After trying to reboot several times, the drive finally mounted and I tried a verify/repair, both of which failed. I also tried the Apple hardware diagnostic tool which ran without issue.
I then took the drive out and placed it in my Windows desktop. Using Samsung's disk "magician" I ran a diagnostics of the disk which said nothing was wrong. I updated the firmware and tried it in my MBP again where it still failed to mount/verify. I then put the disk in an external SATA->thunderbolt enclosure I had and the disk was not only recognized but booted, verified, etc completely fine as an external drive.
I then took my old internal HDD and put that in my MBP, wondering if perhaps it was my macbook that had the issue. However, this also booted and verified fine, suggesting it was in fact the SSD with the issue.
I called Samsung, and (painlessly) returned the drive and they shipped another one out to me. I continued to use my old HDD in my MBP with no issues while waiting on the shipment. Today it arrived, first I restored my OS to the SSD using my external enclosure and the drive booted and verified fine with no issues. I reinstalled it inside my Macbook and suddenly the drive no longer boots or verifies properly and will not repair - disk utility tells me to format the drive, which I tried, which then produces the same result.
I then tried resetting the SMC and PRAM, both of which had no effect.
I am completely at a loss at this point....
tl;dr Kernel panic, SSD no longer works internally, but is fine in external SATA->thunderbolt enclosure, original HDD boots fine internally. Replacement SSD also fails with same weird issue (works externally but not internally). Regular HDD still works in internal bay.
After using an SSD for so long I can't go back to just using a regular HDD, the speed difference is painful...but SSD no longer seems to work. What is going on here? Has anyone experienced anything like this before and what are my options?

The new SSD seems to only have issues verifying partitions. If I select the physical volume in disk utility, it verifies fine with no errors. Any and all Mac partitions (MSDOS seems to work....) fail to verify or repair.
From what I've found, the only people with similar issues either A) had a "faulty" SATA cable or B) didn't enable TRIM on their SSD. Since a regular HDD still works fine in the internal bay where the SSD was installed, it can't be the former and I had enabled TRIM when I installed the SSD so it shouldn't be the latter.

Error msg when I compact: The folder 'Inbox' could not be compacted because writing to folder failed. Verify you have enough disk space, and have write privileg

I recently had my computer serviced. I re-downloaded Thunderbird (getting a newer version), and retrieved my saved email. Now, Thunderbird keeps asking me to compact, but when I do, I get this error message:
The folder 'Inbox' could not be compacted because writing to folder failed. Verify that you have enough disk space, and that you have write privileges to the file system, then try again.
Obviously, since I'm getting mail all the time, I have write privileges, and disk space. The question is whether there's a setting I need to specify, or whether Thunderbird is writing to a special partition that may have gotten write-protected when my computer was in the hospital - or whether this is related to a known bug.
All help appreciated.

The only know bug I can see is probably your anti virus is trying to scan the file when the new inbox is created leaving Thunderbird to think the file was not created.
As an experimental / diagnostic process. Restart the machine in safe mode with networking using Microsoft instructions for [http://windows.microsoft.com/en-us/windows/start-computer-safe-mode#start-computer-safe-mode=windows-7 Windows 7] then try the compact. If it works I was most likely right. If it does not, another idea must surface.

On windows 8 adobe touch reader, where do i get options to validate/verify digital signatures in pdf?

i have windows 8 OS in my laptop, i need to verify digital signatures present in my pdf. the steps to verify/validate them are-
1. Open the PDF file in PDF Reader.
2. Left-click on the Digital Signature field.
3. Click "Verify/Validate Signature".
4. Click "Signature Properties".
5. Click "Validate Signature or Verify Identity".
6. Add "Contact information for certificate owner:"
7. Click "Add to List".
8. Click "Close".
but i cannot find such options in adobe touch reader.
please help to verify the digital signatures.
thank you

Unfotunately, this functionality is not supported in current version of Adobe Reader Touch. But, we have noted down your feature request and we might consider it for our future releases.

How to Verify digital signature in ABAP web dynpro enviroment

Hi,
I have few questions regarding, how we can Verify digital signature in ABAP WebDynpro ?
Do we have class or function modules to verify digital signature on WAS once signed offline or online interactive form is uploaded back?
can we use function modules in function group SSFG for validating authors signature? Or any other classes or interfaces are available in NetWeaver environment.
I searched to find any sample for validating signatures in ABAP WebDynpro, however I could not find any thing. Any sample code will be very useful?
Thanks,
Nitesh Shelar.

I Found that Interface IF_FP_PDF_OBJECT can be used to extract signatures from document.
Thanks,
Nitesh Shelar.

Failed to verify Authenticode signature on DLL msxmlsql.dll

Similar Messages

Maybe you are looking for