Sign server signature not verified by client

[shahriar1628]

hello,
We used a old signserver version, 3.1 (may be). We created a mrtd signer. create generatekey by command. and call getpublickey pi for getting mod and exp and save it in database.
after that call processdata and save sign data in database.
then client verify the signature by mod, exp, signed_data and original data, it shows verification false. our verification code.

public static bool VerifyRSASignature(byte[] bytesToVerify, byte[] signedBytes, byte[] publicKeyMod, byte[] publicKeyExp, int length) { bool success = false; using (var rsa = new RSACryptoServiceProvider()) { try { RSAParameters rsaParam = new RSAParameters(); rsaParam.Modulus = TurncateBytes(publicKeyMod, length); rsaParam.Exponent = publicKeyExp; rsa.ImportParameters(rsaParam); //success = rsa.VerifyData(bytesToVerify, CryptoConfig.MapNameToOID("SHA1"), signedBytes); success = rsa.VerifyData(bytesToVerify, CryptoConfig.MapNameToOID("SHA256"), signedBytes); } catch (CryptographicException e) { Log.Error("There was an exception when verify data.\n" + e.ToString()); } finally { rsa.PersistKeyInCsp = false; } } return success; }

our worker properties file are attached.

Can anyone help. its really urgant.

sk_nid_mrtdsigner_config.txt

[primetomas]

You can find test cases how a request is sent and verified here.
https://github.com/Keyfactor/signserver-ce/tree/main/signserver/modules/SignServer-Test-System/src/test/java/org/signserver/module/mrtdsigner

There is also the MRTD SOD Signer, which may be of bigger interest.

[shahriar1628]

Thank you for your reply. I created self sign certificate and uploaded it in worker and try to verify by your sample code, but it says verification false.

I found a sample code when testkey command is enteded from cmd, I can sign and verify that sample code. is tehre any problem if i doing this ?

and one more question. why in your sample code signerCertificate is used for verification, why not using public key from keystore.

[primetomas]

I'm not sure what you mean. signerCertificate is the certificate with the public key that corresponds to the private key that is used to sign the SOD.
What keystore do you mean?