www.mr.gov.il signed documents
Amos Shapira
amos.shapira at gmail.com
Fri Jul 8 08:12:53 IDT 2011
On 8 July 2011 12:25, Amos Shapira <amos.shapira at gmail.com> wrote:
> On 7 July 2011 17:57, Dov Grobgeld <dov.grobgeld at gmail.com> wrote:
>
>> There are three documents available on the page that Arie linked to. The
>> whole idea of proving a signature through a closed source program is imho
>> quite absurd. Why didn't they use GPG signatures or some other public
>> format? Also, isn't the xml malformed in that it does not contain a pointer
>> to its metaformat (forgot what it is called)?
>>
>
> I agree about the stupidity of not using standard tools, or at least
> documenting the format used.
> I don't think that GPG is a good solution for this situation, though.
> S/MIME and certificates which can be verified against known Certificate
> Authorities are more suitable for this.
>
> I managed to extract the signed ZIP file and the signing certificate from
> the XML file with an XML editor.
> Fhe file, signing certificate and signature are contained inside the XML
> encoded in base64.
>
Actually I just noticed that the XML file contains reference to "xmldgst",
which a quick google points to: http://www.w3.org/TR/xmldsig-core/
--Amos
>
> Here is what I got so far:
>
> $ openssl x509 -text -inform DER -in cert.x509
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> 6b:2f:96:bb:00:00:00:01:4a:c1
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: C=IL, O=Government Of Israel, CN=TAMUZ - Employee CA
> Validity
> Not Before: Jul 7 11:17:24 2010 GMT
> Not After : Jun 21 11:17:24 2013 GMT
> Subject: C=IL, O=Gov, OU=moch, CN=Forshtat Adina ID_004471157
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> RSA Public Key: (1024 bit)
> Modulus (1024 bit):
> 00:8f:4f:cd:63:f5:19:83:15:77:57:e3:fe:43:37:
> c2:b9:02:28:93:b2:b6:8b:4a:b7:03:0f:dc:52:1e:
> cf:90:67:cb:1c:73:ea:78:1d:99:0b:fe:7b:0b:54:
> c8:fa:aa:3d:eb:9f:6a:a4:d7:24:0c:32:ac:cb:42:
> 2a:4d:58:16:a6:59:a6:9c:3b:2a:43:ff:15:12:ae:
> 76:49:1f:4d:9f:d2:e1:81:d1:86:5c:7d:72:58:24:
> 5a:d3:07:0a:8a:c7:2d:2f:71:45:2c:34:a0:23:51:
> 0c:a1:08:56:ee:46:b5:7c:62:6e:18:8d:77:87:9f:
> d7:6e:d1:ba:04:79:71:9f:67
> Exponent: 1401475561 (0x5388d1e9)
> X509v3 extensions:
> X509v3 Key Usage:
> Digital Signature, Key Encipherment
> X509v3 Subject Key Identifier:
> 62:32:FD:46:B2:6B:0A:1B:B8:F8:FC:E6:15:DF:D1:A9:B9:51:42:3E
> X509v3 Authority Key Identifier:
>
> keyid:9C:97:AF:2B:AB:1C:13:51:00:2D:5D:DD:3B:FD:33:35:5B:EF:45:DC
>
> X509v3 CRL Distribution Points:
> URI:http://crl.tamuz.gov.il/public/tamuzEmp.crl
> URI:http://cdp.smartcard.gov.il/crl/tamuzemp.crl
>
> Authority Information Access:
> CA Issuers - URI:
> http://crl.tamuz.gov.il/public/tamuzemp.cer
> CA Issuers - URI:
> http://cdp.smartcard.gov.il/aia/tamuzemp.cer
> OCSP - URI:http://ocsp.tamuz.gov.il/ocsp
>
> X509v3 Subject Alternative Name:
> othername:<unsupported>, email:Adinaf at moch.gov.il
> 1.3.6.1.4.1.311.21.7:
> 0,.$+.....7....C..."......9...%a...4...B..d...
> X509v3 Extended Key Usage:
> Microsoft Smartcardlogin, E-mail Protection, TLS Web Client
> Authentication
> 1.3.6.1.4.1.311.21.10:
> 0&0..
> +.....7...0
> ..+.......0
> ..+.......
> Signature Algorithm: sha1WithRSAEncryption
> 83:fb:b7:5b:39:fe:d1:05:ae:76:da:f4:59:c2:3d:db:9c:33:
> c5:b0:cb:a6:81:43:ce:3f:c2:41:d6:26:3d:f9:f4:9b:44:bf:
> a3:e5:e2:55:9c:6f:68:d9:31:71:8e:ed:54:80:c2:6d:72:8d:
> 0b:b8:b3:0a:82:af:b1:67:4b:00:01:00:a3:02:0b:db:cf:a8:
> 3a:a3:a1:61:03:f3:a5:bf:67:1a:d4:e7:99:cd:f5:5d:87:bc:
> 42:b7:ef:3c:a4:50:12:a8:89:78:cd:1e:4b:a3:04:6e:99:9e:
> 01:59:a4:3f:e9:44:90:48:8a:4f:07:a1:83:63:74:64:03:0a:
> c1:d4:a0:00:40:2b:e0:a1:f2:a3:d9:2c:0e:1e:1c:c5:f8:a1:
> 3f:3b:2c:b2:87:11:14:1e:6c:be:f8:7a:17:69:9a:08:64:d0:
> 11:c8:92:0d:13:3b:1a:2a:27:5b:04:00:dc:ab:36:4b:dd:9a:
> 9a:97:95:98:81:68:20:bd:82:d5:37:6a:03:c8:ab:10:f2:b0:
> b6:dc:06:9f:56:79:ca:37:56:a4:d5:89:1f:04:ae:6e:9e:89:
> e5:23:78:41:d9:b7:4d:ab:ee:29:e8:27:88:b5:24:bc:9b:e3:
> 5b:2d:8c:69:cd:ef:75:a8:bb:f9:8b:9f:8e:a1:6e:e2:0f:25:
> 8b:2e:37:f0
> -----BEGIN CERTIFICATE-----
> MIIE6zCCA9OgAwIBAgIKay+WuwAAAAFKwTANBgkqhkiG9w0BAQUFADBKMQswCQYD
> VQQGEwJJTDEdMBsGA1UEChMUR292ZXJubWVudCBPZiBJc3JhZWwxHDAaBgNVBAMT
> E1RBTVVaIC0gRW1wbG95ZWUgQ0EwHhcNMTAwNzA3MTExNzI0WhcNMTMwNjIxMTEx
> NzI0WjBQMQswCQYDVQQGEwJJTDEMMAoGA1UEChMDR292MQ0wCwYDVQQLEwRtb2No
> MSQwIgYDVQQDDBtGb3JzaHRhdCBBZGluYSBJRF8wMDQ0NzExNTcwgaAwDQYJKoZI
> hvcNAQEBBQADgY4AMIGKAoGBAI9PzWP1GYMVd1fj/kM3wrkCKJOytotKtwMP3FIe
> z5Bnyxxz6ngdmQv+ewtUyPqqPeufaqTXJAwyrMtCKk1YFqZZppw7KkP/FRKudkkf
> TZ/S4YHRhlx9clgkWtMHCorHLS9xRSw0oCNRDKEIVu5GtXxibhiNd4ef127RugR5
> cZ9nAgRTiNHpo4ICTjCCAkowCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBRiMv1GsmsK
> G7j4/OYV39GpuVFCPjAfBgNVHSMEGDAWgBScl68rqxwTUQAtXd07/TM1W+9F3DBq
> BgNVHR8EYzBhMF+gXaBbhitodHRwOi8vY3JsLnRhbXV6Lmdvdi5pbC9wdWJsaWMv
> dGFtdXpFbXAuY3JshixodHRwOi8vY2RwLnNtYXJ0Y2FyZC5nb3YuaWwvY3JsL3Rh
> bXV6ZW1wLmNybDCBrgYIKwYBBQUHAQEEgaEwgZ4wNwYIKwYBBQUHMAKGK2h0dHA6
> Ly9jcmwudGFtdXouZ292LmlsL3B1YmxpYy90YW11emVtcC5jZXIwOAYIKwYBBQUH
> MAKGLGh0dHA6Ly9jZHAuc21hcnRjYXJkLmdvdi5pbC9haWEvdGFtdXplbXAuY2Vy
> MCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC50YW11ei5nb3YuaWwvb2NzcDA/BgNV
> HREEODA2oCAGCisGAQQBgjcUAgOgEgwQMDA0NDcxMTU3QGdvdi5pbIESQWRpbmFm
> QG1vY2guZ292LmlsMDsGCSsGAQQBgjcVBwQuMCwGJCsGAQQBgjcVCN2NQ4GGmSKC
> 4YUT1845hMfSJWGHpI40gY63QgIBZAIBBDApBgNVHSUEIjAgBgorBgEEAYI3FAIC
> BggrBgEFBQcDBAYIKwYBBQUHAwIwNQYJKwYBBAGCNxUKBCgwJjAMBgorBgEEAYI3
> FAICMAoGCCsGAQUFBwMEMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4IBAQCD
> +7dbOf7RBa522vRZwj3bnDPFsMumgUPOP8JB1iY9+fSbRL+j5eJVnG9o2TFxju1U
> gMJtco0LuLMKgq+xZ0sAAQCjAgvbz6g6o6FhA/Olv2ca1OeZzfVdh7xCt+88pFAS
> qIl4zR5LowRumZ4BWaQ/6USQSIpPB6GDY3RkAwrB1KAAQCvgofKj2SwOHhzF+KE/
> OyyyhxEUHmy++HoXaZoIZNARyJINEzsaKidbBADcqzZL3Zqal5WYgWggvYLVN2oD
> yKsQ8rC23AafVnnKN1ak1YkfBK5unonlI3hB2bdNq+4p6CeItSS8m+NbLYxpze91
> qLv5i5+OoW7iDyWLLjfw
> -----END CERTIFICATE-----
>
> I can also read the zip file using unzip:
>
> $ unzip -l zip-file.zip
> Archive: zip-file.zip
> Length Date Time Name
> --------- ---------- ----- ----
> 0 2011-07-04 08:35 ???? ?????????? 10512-11/
> 38346 2011-07-04 08:32 ???? ?????????? 10512-11/????????
> ???????????? 10512-11.pdf
> --------- -------
> 38346 2 files
>
> I didn't manage to get unzip to output the file names in different
> encoding.
>
> I also extracted the signature.
>
> So far I failed to find the right incantation to verify the zip file with
> the signature using openssl command line.
>
> I think they are loosely following S/MIME in their own peculiar way.
>
> It should be possible to script something to verify the signature using
> openssl and unzip, IMHO.
>
> If anyone wants the files I got so far to work on then drop me a line.
>
> --Amos
>
>
>> Regards,
>> Dov
>>
>>
>> 2011/7/7 Amos Shapira <amos.shapira at gmail.com>
>>
>>> Can you provide a link or attach a sample of such a document?
>>>
>>> 2011/7/7 Arie Skliarouk <skliarie at gmail.com>
>>>
>>>> Hi,
>>>>
>>>> The government tenders publishing site http://www.mr.gov.il signs
>>>> documents on the site. They provide an windows program to verify the
>>>> signature of the documents:
>>>>
>>>> http://www.mr.gov.il/Purchasing/Templates/Purchasing/TendersSearch/Display_SingleTenderY.aspx?idmichraz=523481&sourceid=1
>>>>
>>>> Do anyone knows whether it is some standards-based format of homegrown
>>>> one?
>>>>
>>>> If it is the latter, what is the best strategy to complain on the fact?
>>>>
>>>> --
>>>> Arie
>>>>
>>>>
>>>> _______________________________________________
>>>> Linux-il mailing list
>>>> Linux-il at cs.huji.ac.il
>>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Linux-il mailing list
>>> Linux-il at cs.huji.ac.il
>>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20110708/b84ea541/attachment-0001.html>
More information about the Linux-il
mailing list