www.mr.gov.il signed documents
Amos Shapira
amos.shapira at gmail.com
Fri Jul 8 05:25:27 IDT 2011
On 7 July 2011 17:57, Dov Grobgeld <dov.grobgeld at gmail.com> wrote:
> There are three documents available on the page that Arie linked to. The
> whole idea of proving a signature through a closed source program is imho
> quite absurd. Why didn't they use GPG signatures or some other public
> format? Also, isn't the xml malformed in that it does not contain a pointer
> to its metaformat (forgot what it is called)?
>
I agree about the stupidity of not using standard tools, or at least
documenting the format used.
I don't think that GPG is a good solution for this situation, though. S/MIME
and certificates which can be verified against known Certificate Authorities
are more suitable for this.
I managed to extract the signed ZIP file and the signing certificate from
the XML file with an XML editor.
Fhe file, signing certificate and signature are contained inside the XML
encoded in base64.
Here is what I got so far:
$ openssl x509 -text -inform DER -in cert.x509
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6b:2f:96:bb:00:00:00:01:4a:c1
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=IL, O=Government Of Israel, CN=TAMUZ - Employee CA
Validity
Not Before: Jul 7 11:17:24 2010 GMT
Not After : Jun 21 11:17:24 2013 GMT
Subject: C=IL, O=Gov, OU=moch, CN=Forshtat Adina ID_004471157
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:8f:4f:cd:63:f5:19:83:15:77:57:e3:fe:43:37:
c2:b9:02:28:93:b2:b6:8b:4a:b7:03:0f:dc:52:1e:
cf:90:67:cb:1c:73:ea:78:1d:99:0b:fe:7b:0b:54:
c8:fa:aa:3d:eb:9f:6a:a4:d7:24:0c:32:ac:cb:42:
2a:4d:58:16:a6:59:a6:9c:3b:2a:43:ff:15:12:ae:
76:49:1f:4d:9f:d2:e1:81:d1:86:5c:7d:72:58:24:
5a:d3:07:0a:8a:c7:2d:2f:71:45:2c:34:a0:23:51:
0c:a1:08:56:ee:46:b5:7c:62:6e:18:8d:77:87:9f:
d7:6e:d1:ba:04:79:71:9f:67
Exponent: 1401475561 (0x5388d1e9)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Subject Key Identifier:
62:32:FD:46:B2:6B:0A:1B:B8:F8:FC:E6:15:DF:D1:A9:B9:51:42:3E
X509v3 Authority Key Identifier:
keyid:9C:97:AF:2B:AB:1C:13:51:00:2D:5D:DD:3B:FD:33:35:5B:EF:45:DC
X509v3 CRL Distribution Points:
URI:http://crl.tamuz.gov.il/public/tamuzEmp.crl
URI:http://cdp.smartcard.gov.il/crl/tamuzemp.crl
Authority Information Access:
CA Issuers - URI:http://crl.tamuz.gov.il/public/tamuzemp.cer
CA Issuers - URI:
http://cdp.smartcard.gov.il/aia/tamuzemp.cer
OCSP - URI:http://ocsp.tamuz.gov.il/ocsp
X509v3 Subject Alternative Name:
othername:<unsupported>, email:Adinaf at moch.gov.il
1.3.6.1.4.1.311.21.7:
0,.$+.....7....C..."......9...%a...4...B..d...
X509v3 Extended Key Usage:
Microsoft Smartcardlogin, E-mail Protection, TLS Web Client
Authentication
1.3.6.1.4.1.311.21.10:
0&0..
+.....7...0
..+.......0
..+.......
Signature Algorithm: sha1WithRSAEncryption
83:fb:b7:5b:39:fe:d1:05:ae:76:da:f4:59:c2:3d:db:9c:33:
c5:b0:cb:a6:81:43:ce:3f:c2:41:d6:26:3d:f9:f4:9b:44:bf:
a3:e5:e2:55:9c:6f:68:d9:31:71:8e:ed:54:80:c2:6d:72:8d:
0b:b8:b3:0a:82:af:b1:67:4b:00:01:00:a3:02:0b:db:cf:a8:
3a:a3:a1:61:03:f3:a5:bf:67:1a:d4:e7:99:cd:f5:5d:87:bc:
42:b7:ef:3c:a4:50:12:a8:89:78:cd:1e:4b:a3:04:6e:99:9e:
01:59:a4:3f:e9:44:90:48:8a:4f:07:a1:83:63:74:64:03:0a:
c1:d4:a0:00:40:2b:e0:a1:f2:a3:d9:2c:0e:1e:1c:c5:f8:a1:
3f:3b:2c:b2:87:11:14:1e:6c:be:f8:7a:17:69:9a:08:64:d0:
11:c8:92:0d:13:3b:1a:2a:27:5b:04:00:dc:ab:36:4b:dd:9a:
9a:97:95:98:81:68:20:bd:82:d5:37:6a:03:c8:ab:10:f2:b0:
b6:dc:06:9f:56:79:ca:37:56:a4:d5:89:1f:04:ae:6e:9e:89:
e5:23:78:41:d9:b7:4d:ab:ee:29:e8:27:88:b5:24:bc:9b:e3:
5b:2d:8c:69:cd:ef:75:a8:bb:f9:8b:9f:8e:a1:6e:e2:0f:25:
8b:2e:37:f0
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIKay+WuwAAAAFKwTANBgkqhkiG9w0BAQUFADBKMQswCQYD
VQQGEwJJTDEdMBsGA1UEChMUR292ZXJubWVudCBPZiBJc3JhZWwxHDAaBgNVBAMT
E1RBTVVaIC0gRW1wbG95ZWUgQ0EwHhcNMTAwNzA3MTExNzI0WhcNMTMwNjIxMTEx
NzI0WjBQMQswCQYDVQQGEwJJTDEMMAoGA1UEChMDR292MQ0wCwYDVQQLEwRtb2No
MSQwIgYDVQQDDBtGb3JzaHRhdCBBZGluYSBJRF8wMDQ0NzExNTcwgaAwDQYJKoZI
hvcNAQEBBQADgY4AMIGKAoGBAI9PzWP1GYMVd1fj/kM3wrkCKJOytotKtwMP3FIe
z5Bnyxxz6ngdmQv+ewtUyPqqPeufaqTXJAwyrMtCKk1YFqZZppw7KkP/FRKudkkf
TZ/S4YHRhlx9clgkWtMHCorHLS9xRSw0oCNRDKEIVu5GtXxibhiNd4ef127RugR5
cZ9nAgRTiNHpo4ICTjCCAkowCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBRiMv1GsmsK
G7j4/OYV39GpuVFCPjAfBgNVHSMEGDAWgBScl68rqxwTUQAtXd07/TM1W+9F3DBq
BgNVHR8EYzBhMF+gXaBbhitodHRwOi8vY3JsLnRhbXV6Lmdvdi5pbC9wdWJsaWMv
dGFtdXpFbXAuY3JshixodHRwOi8vY2RwLnNtYXJ0Y2FyZC5nb3YuaWwvY3JsL3Rh
bXV6ZW1wLmNybDCBrgYIKwYBBQUHAQEEgaEwgZ4wNwYIKwYBBQUHMAKGK2h0dHA6
Ly9jcmwudGFtdXouZ292LmlsL3B1YmxpYy90YW11emVtcC5jZXIwOAYIKwYBBQUH
MAKGLGh0dHA6Ly9jZHAuc21hcnRjYXJkLmdvdi5pbC9haWEvdGFtdXplbXAuY2Vy
MCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC50YW11ei5nb3YuaWwvb2NzcDA/BgNV
HREEODA2oCAGCisGAQQBgjcUAgOgEgwQMDA0NDcxMTU3QGdvdi5pbIESQWRpbmFm
QG1vY2guZ292LmlsMDsGCSsGAQQBgjcVBwQuMCwGJCsGAQQBgjcVCN2NQ4GGmSKC
4YUT1845hMfSJWGHpI40gY63QgIBZAIBBDApBgNVHSUEIjAgBgorBgEEAYI3FAIC
BggrBgEFBQcDBAYIKwYBBQUHAwIwNQYJKwYBBAGCNxUKBCgwJjAMBgorBgEEAYI3
FAICMAoGCCsGAQUFBwMEMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQCD
+7dbOf7RBa522vRZwj3bnDPFsMumgUPOP8JB1iY9+fSbRL+j5eJVnG9o2TFxju1U
gMJtco0LuLMKgq+xZ0sAAQCjAgvbz6g6o6FhA/Olv2ca1OeZzfVdh7xCt+88pFAS
qIl4zR5LowRumZ4BWaQ/6USQSIpPB6GDY3RkAwrB1KAAQCvgofKj2SwOHhzF+KE/
OyyyhxEUHmy++HoXaZoIZNARyJINEzsaKidbBADcqzZL3Zqal5WYgWggvYLVN2oD
yKsQ8rC23AafVnnKN1ak1YkfBK5unonlI3hB2bdNq+4p6CeItSS8m+NbLYxpze91
qLv5i5+OoW7iDyWLLjfw
-----END CERTIFICATE-----
I can also read the zip file using unzip:
$ unzip -l zip-file.zip
Archive: zip-file.zip
Length Date Time Name
--------- ---------- ----- ----
0 2011-07-04 08:35 ???? ?????????? 10512-11/
38346 2011-07-04 08:32 ???? ?????????? 10512-11/???????? ????????????
10512-11.pdf
--------- -------
38346 2 files
I didn't manage to get unzip to output the file names in different encoding.
I also extracted the signature.
So far I failed to find the right incantation to verify the zip file with
the signature using openssl command line.
I think they are loosely following S/MIME in their own peculiar way.
It should be possible to script something to verify the signature using
openssl and unzip, IMHO.
If anyone wants the files I got so far to work on then drop me a line.
--Amos
> Regards,
> Dov
>
>
> 2011/7/7 Amos Shapira <amos.shapira at gmail.com>
>
>> Can you provide a link or attach a sample of such a document?
>>
>> 2011/7/7 Arie Skliarouk <skliarie at gmail.com>
>>
>>> Hi,
>>>
>>> The government tenders publishing site http://www.mr.gov.il signs
>>> documents on the site. They provide an windows program to verify the
>>> signature of the documents:
>>>
>>> http://www.mr.gov.il/Purchasing/Templates/Purchasing/TendersSearch/Display_SingleTenderY.aspx?idmichraz=523481&sourceid=1
>>>
>>> Do anyone knows whether it is some standards-based format of homegrown
>>> one?
>>>
>>> If it is the latter, what is the best strategy to complain on the fact?
>>>
>>> --
>>> Arie
>>>
>>>
>>> _______________________________________________
>>> Linux-il mailing list
>>> Linux-il at cs.huji.ac.il
>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>
>>>
>>
>> _______________________________________________
>> Linux-il mailing list
>> Linux-il at cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20110708/642323c9/attachment.html>
More information about the Linux-il
mailing list