InvalidCastException on c# bouncy castle verify signature

Question

I try to verify an ecdsa (256) signature, the only data I have to do it is the public key in the given format below, the original data and the signature:

        string pubKey_ecdsa = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+noecsW+vdfd8DNo5dsAxU4DOaNt6PGmSCLFo/EvQG4xmVzv464qXvDPIrPN8GtLnubzoa9rtWJD52VlGOpFsA==";

        string data_ecdsa = ";\"4399901526945\";\"AAAA-BBBBBBBBB-123456789000\";\"5010112544615\";\"20130802063109143\";";

        string signature_ecdsa = @"BEcwRQIgJFwnCvm8lRjlRt+G+f4viJktDYVyOiXUd5BJ0V761eECIQDBTHLjJI7KK3FhczEHjunenYWXylDdW91jbS23EmeznA==";

When I try to use bouncy castle to verify the signature by calling:

        //Create the public key from string
        AsymmetricKeyParameter pubKey = PublicKeyFactory.CreateKey(Convert.FromBase64String(pubKey_ecdsa));

        // create byte array from string
        byte[] b_signature = Convert.FromBase64String(signature_ecdsa);

        ASCIIEncoding encoder = new ASCIIEncoding();
        byte[] inputData = encoder.GetBytes(data_ecdsa);
        ISigner signer = SignerUtilities.GetSigner("SHA-256withECDSA");
        signer.Init(false, pubKey);
        signer.BlockUpdate(inputData, 0, inputData.Length);

        bool valid =  signer.VerifySignature(b_signature);

I receive an InvalidCastException:

Unable to cast object of type 'Org.BouncyCastle.Asn1.DerOctetString'
to type 'Org.BouncyCastle.Asn1.Asn1Sequence'. 

at the following line:

bool valid =  signer.VerifySignature(b_signature);

So, something seems wrong with the signature, but I can not figure out. I hope anybody could help with an good idea.

By the way, the provided data in this example was modified, so the signature would be evaluated to false, if it would work.

Answer 1

This may be too late to help, but for the benefit of later readers:

A DSA signature is expected to be the ASN.1 encoding of a SEQUENCE containing two INTEGERs. The problem here is that b_signature is actually an OCTET STRING, with the octets inside it being the correct encoding. So there is an extra "outer" wrapping around the real signature. You can see this by dumping out the structure:

Asn1OctetString outer =(Asn1OctetString)Asn1Object.FromByteArray(b_signature);
byte[] inner = outer.GetOctets();

Console.WriteLine(Asn1Dump.DumpAsString(outer));
Console.WriteLine(Asn1Dump.DumpAsString(Asn1Object.FromByteArray(inner)));

For me, this prints:

DER Octet String[71]

DER Sequence Integer(16446081942964531772961165410855935370418106604815444975891408706004345083361) Integer(87431453076334980518600256741994746667679967157867025465393185500427926877084)

So, the 'inner' octets look to be correctly encoded. Now:

bool valid = signer.VerifySignature(inner);

For me, this prints 'false', which you say is expected because the data has been modified.