Anyone else having issues with verifying signatures using the MilestoneSystems.VideoOS.Platform.SDK v24.2.3 and this MIlestone project on github https://github.com/milestonesys/mipsdk-samples-component/tree/main/ExportSample
If I export using the XProtect Smart Client and use the included SmartClient-Player.exe everything works I can verify signatures.
The same cannot be said for the ExportSample project above, export works fine, I can see the video playback using the player.exe from the xprotect smart client install folder by simply loading the project.scp file in the export, but verify signatures fail/fail.
Thing to note, if you compare the Exported Project.scp file Xprotect Smart Client generates with the project.scp the exportsample project generates, they are very different, project.scp seems to be missing alot of information compared with Exported Project.scp!?
Seems to me like there is a bug with SDK 24.2.3.
Some additional findings I just discovered when examining the “Public Key Certificate.xml” files found in the exports.
The “Public Key Certificate.xml” found in the XProtect Smart Client Export has the algorithm set to SHA2
but the export from the Milestone ExportSample project has the algorithm set to ECDSA_SECP256R1_SHA256 !?
I cannot reproduce your observations.
I used the sample and made sure I built with 24.2.3, I made an export with “Sign export”. I opened the export in Smart Client 24.2.3 and was able to verify signature.
If there is a detail I might be missing in the way I reproduce, please let me know your ideas. If you do anything different please let me know the details.
As a first go at troubleshooting I would like to ask you to rebuild the sample, do a clean to verify that you do not end with a mix of new and old dependencies. When you have rebuilt see if VideoOS.Platform.dll and VideoOS.Platform.SDK.dll have the version 24.2.x.3.
Please include a small screen capture of the error shown in the Smart Client.
Thank you for taking the time to have a look at this, I will try your suggestions and get back to you asap. The only thing I’m not sure about is if you used the player.exe to load the project or the actual XProtect Smart Client.exe ?
You can either double-click a .SCP file (and Windows association helps you) or you can open the .SCP file after having started the player.exe, it should not matter. I have tested a little with both.
The usual way to start Smart Client I can only login, not open an export, so this is not what I did.
There could potentially be something as basic as opening the Smart Client / Smart Client player to explain differences in our observations, so thank you for the clarifying question,
This morning I noticed that the Milestone management server is only at v2024R1 or 24.1.1. I rolled back the sdk version in the export sample project to match 24.1.1 now I’m getting: Verified(Partially)/Verified(Partially)
I still don’t understand why the XProtect Smart Client exports have signatures verified successfully vs the export with SDK 24.1.1 end up verified(partially), when the exports are roughly the same ? I requested a 2024R2 server be setup so I can test SDK 24.2.3 signatures.
Even more so: A Export sample should work correctly no matter the version, there is no requirement that you must use the same version as the server holds. My suspicion is that it is not one version being better, but that you in one of your builds has a mix of versions that cause the issue (or somehow a corrupt build).
More information about versions and compatibility: https://developer.milestonesys.com/s/article/about-MIP-SDK-compatibility-with-XProtect-product-versions
Interesting, what about my findings I explained in the first answer about the algorithms not being the same in the Public Key Certificate.xml files when exporting with SDK 24.2.3 against the 2024R1 server?
I cannot reproduce, my Public Key Certificate.xml file does not look like that.
If you don’t mind what is your server version and what is the algorithm set to in your Public Key Certificate.xml when you export with SDK 24.2.3
On our test server 2024R2 build 13454 with a test camera that only started recording this morning, when I use xprotect smart client and export I now get Not Signed / Verified, when I click Verified the algorithm is ECDSA_SECP256R1_SHA256
When I export using the Milestone Export Sample project with SDK 24.2.1 or 24.2.2 or 24.2.3 I get Not Signed / Verified(Partially) if I click the Verified(Partially) on the left I see Verified without (Partially) and the algorithm is ECDSA_SECP256R1_SHA256
All exports are for the same timeframe using the same server and camera, why is the XProtect Smart Client export Verified vs the Export Sample Project export Verified(Partially) !?
In further testing I was able to observe that an export from a newer MIP SDK fails in an older XProtect Smart Client Player. My first testing was wrong, so there is an issue like you have observed it. I will work with Milestone Development to further observe and possibly fix.
I am at the same time trying to find information on why it says Verified(Partially) and not just Verified. I will get back when I have more information to share.
That is great news, looking forward to hearing back from you, thank you.
There is a change to the way the data is being signed going from 24.1 to 24.2.
This means that an export made with 2024R1 Smart Client (SC) or MIP SDK, can be verified by the SC player in any version.
But it also means that an export made with 2024R2 SC or MIP SDK, can be verified by the SC player in 2024R2, not in older versions.
I hope this also fits your observations.
Why MIP SDK exports are “Verified (Partially)” while SC exports are “Verified” nobody could answer without a deeper investigation. Such an investigation is now on the backlog, I will let you know the outcome of the investigation once it is completed,
Thank you for the update, this does indeed match with what I have personally observed during testing.
What kind of timeframe are we looking at when it comes to this investigation? This could potentially be used against us in certain scenarios as the validity of the video evidence could be put in question!
For now: When you click on details you observe that everything is verified, no exceptions saying something isn’t verified, maybe you can for now use this if anybody asks.
The investigating has not been marked as high priority and for now I have no timeframe I can tell you.
Good day, we developed our own in house exporter many years ago, the only difference with your sample exporter is that ours has a scheduler to automatically export video evidence on a daily basis. With that said and from what I can tell looking back at some of our own unresolved internal tickets, this was working perfectly until we started using the 2023R1 MilestoneSystems.VideoOS.Platform.SDK 23.1.1.
This issue was first reported to another developer in our team around 2023-11-05, where almost identical observations were made almost 2 years ago! Knowing that this issue has been present for almost 2 years now and that the video evidence we collect is used in law enforcement, I would appreciate it if this could be taken out of the backlog and resolved asap.
Milestone has developed a fix. The fix will be in MIP SDK 2025R2. (It did not make it in time for being part of the MIP SDK 2025R1.)
Good day Sir, that is great news! Thank you for the update. When is the MIP SDK 2025R1 set to be released and how long after can we expect MIP SDK 2025R2 to be released?