(Node.js) Create Egypt ITIDA CAdES-BES Signature with Automatic JSON Canonicalization

Question

I am using an example (Node.js Create Egypt ITIDA CAdES-BES Signature with Automatic JSON Canonicalization) but I always get this error ( 4043 4043:message-digest attribute value does not match calculated value[message-digest attribute value does not match calculated value] ).

Can you help me with the solution?

Code Used:

 // This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

var crypt = new chilkat.Crypt2();
crypt.VerboseLogging = true;

var cert = new chilkat.Cert();
cert.VerboseLogging = true;

// Set the smart card PIN, which will be needed for signing.
cert.SmartCardPin = "12345678";

// There are many ways to load the certificate.  
// This example was created for a customer using an ePass2003 USB token.
// Assuming the USB token is the only source of a hardware-based private key..
var success = cert.LoadFromSmartcard("");
if (success !== true) {
    console.log(cert.LastErrorText);
    return;
}

// Tell the crypt class to use this cert.
success = crypt.SetSigningCert(cert);
if (success !== true) {
    console.log(crypt.LastErrorText);
    return;
}

var cmsOptions = new chilkat.JsonObject();
// Setting "DigestData" causes OID 1.2.840.113549.1.7.5 (digestData) to be used.
cmsOptions.UpdateBool("DigestData",true);
cmsOptions.UpdateBool("OmitAlgorithmIdNull",true);

// Indicate that we are passing normal JSON and we want Chilkat do automatically
// do the ITIDA JSON canonicalization:
cmsOptions.UpdateBool("CanonicalizeITIDA",true);

crypt.CmsOptions = cmsOptions.Emit();

// The CadesEnabled property applies to all methods that create CMS/PKCS7 signatures. 
// To create a CAdES-BES signature, set this property equal to true. 
crypt.CadesEnabled = true;

crypt.HashAlgorithm = "sha256";

var jsonSigningAttrs = new chilkat.JsonObject();
jsonSigningAttrs.UpdateInt("contentType",1);
jsonSigningAttrs.UpdateInt("signingTime",1);
jsonSigningAttrs.UpdateInt("messageDigest",1);
jsonSigningAttrs.UpdateInt("signingCertificateV2",1);
crypt.SigningAttributes = jsonSigningAttrs.Emit();

// By default, all the certs in the chain of authentication are included in the signature.
// If desired, we can choose to only include the signing certificate:
crypt.IncludeCertChain = false;


var jsonToSign = "{ ... }";

// Create the CAdES-BES signature.
crypt.EncodingMode = "base64";

// Make sure we sign the utf-8 byte representation of the JSON string
crypt.Charset = "utf-8";

var sigBase64 = crypt.SignStringENC(jsonToSign);
if (crypt.LastMethodSuccess == false) {
    console.log(crypt.LastErrorText);
    return;
}

console.log("Base64 signature:");
console.log(sigBase64);

Answer 1

检查此 Chilkat 博客文章中的信息是否有帮助： https ://cknotes.com/itida-4043message-digest-attribute-value-does-not-match-calculated-value/

Answer 2

有关调试的详细信息以及可以发送给 Chilkat 的内容，请参阅此示例： https ://www.example-code.com/nodejs/itida_egypt_debug.asp

Answer 3

We were having this error, until we were advised of not using any null values in the json file. So, pls try to replace any null values in json file with "".