EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PDFBlackBox and signature on client computer

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#9162
Posted: 03/06/2009 03:07:52
by leti  (Basic support level)
Joined: 03/06/2009
Posts: 1

Hello,

I have a question about how the signature of the PDF is done.
I want to know if the signature is done on the server where my application is or on the user's computer (like applets JAVA).

My problem is that i have to include PDFBlackBox in my web application which is on a server, and the signature must be done on the computer of the client.

It is possible or not ?

Thanks for your answer.

Leti
#9165
Posted: 03/06/2009 04:35:46
by Eugene Mayevski (EldoS Corp.)

We get such requests from time to time. While it is possible to make the signature on the client, but this will require lots of work on your side. Basicly, you need to create a custom cryptoprovider which will do signing by sending the request to the client in some way. And you will need to create a client module (most likely an ActiveX) which will be used to sign the data. This is not a trivial task at all. We can do the described things and provide a custom module for licensing, but we would need an advance payment (i.e. we won't start work without getting the payment first).


Sincerely yours
Eugene Mayevski
#9661
Posted: 04/12/2009 06:23:29
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Hi

I have a problem vice versa. Could I do the following scenario:
1. Client loads PDF document,
2. Generate hash
3. Send the hash to the server
4. Server generates signature for the hash (The signature is in PKCS7, isn't it?)
5. Client get the signature and import the signature into the PDF document.

If it is posible, please tell me the major class names for the steps.
P/S: we are currently using SBB 6, and would like to upgrade to the SBB 7. (a quick sample code in sbb 7 will be really useful for me, Thanks)

Thank you
#9662
Posted: 04/12/2009 06:31:06
by Eugene Mayevski (EldoS Corp.)

This is possible with SecureBlackbox, but requires writing a custom cryptoprovider which will do signing on the server side. Doing this would take about 15-20 hours of work of our developer. If you are interested in such custom service, please contact us via HelpDesk.


Sincerely yours
Eugene Mayevski
#9664
Posted: 04/12/2009 06:37:11
by Eugene Mayevski (EldoS Corp.)

Please note that steps 1 and 2 of your scenario must be done with your application. I.e. the client should load the PDF file to your application that he runs, and the application would calculate the hash and communicate with the server. In this case it's possible to implement the functionality in the mentioned timeframe.


Sincerely yours
Eugene Mayevski
#9666
Posted: 04/12/2009 06:56:10
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Hi Pro. Eugene Mayevski,

It is nice that the scenario can be done. I am taking a look at the samples of the SBB 7.0.xx, I wouild like to know if we can import the signature into the PDF document using a class of PDF-SBB, please help me to know the name of the class or any reference about this in the forum.
Regarding the custom service you offered, it is nice, thanks. But we also have some experience in PKI, and I would like to do it ourself first.

Thanks for your support!
Thanh
#9669
Posted: 04/12/2009 07:09:47
by Eugene Mayevski (EldoS Corp.)

Quote
Thanh Nguyen Trung wrote:
I wouild like to know if we can import the signature into the PDF document using a class of PDF-SBB, please help me to know the name of the class or any reference about this in the forum.


Are you asking about adding a signature into the existing signature field? While I don't know exactly how to do this, this question has been asked several times in this forum. One of our developers will give you the details when he's online.

If you think about insertion of the [PKCS#1 or PKCS#7] signature into the document, - no, this is not that straightforward.

Quote
Thanh Nguyen Trung wrote:
Regarding the custom service you offered, it is nice, thanks. But we also have some experience in PKI, and I would like to do it ourself first.


It's not about PKI but about internal structure of SecureBlackbox. In brief, you need to implement a cryptoprovider, which will handle the request to sign the hash and insted of making a signature it will send the request over SSL-secured channel to the server. On the server you would need to sign the received data and send it back. If you want to implement the cryptoprovider yourself, - no problems, Innokentiy will assist you.


Sincerely yours
Eugene Mayevski
#9670
Posted: 04/12/2009 08:04:49
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Hi Pro. Eugene Mayevski,

Do you mean a custom cryptoprovider with the following objectives:
1. Load PDF, and then generate hash
or
We have to generate the hash, and the custom cryptoProvider will use the hash to generate a request, after that, the request will be send to the sever via SSL.
2. How does the client solve the signature from the server? Will the signature be loaded by the custom cryptoprovider, and then inserted the signature into the PDF Document.
3. Regarding to your reply above, I am not sure if we can develop the custom cryptoprovider ourself. Do the provider have to inherit or implement an pre-defined interface by SBB. Is there any reference or document about this problem in the SBB website?

I am not sure if you understand what I said, our our objective is to provide an external signature service. I will be easy for SBB to load PDF Documents and sign them directly, but we would like the client load the PDF document, and then send the hash to the server to sign, the signature will be sent back and import into the PDF Document.

Best regards,
Thanh
#9671
Posted: 04/12/2009 09:01:50
by Eugene Mayevski (EldoS Corp.)

This is why I said about knowledge of internals ...

1) Cryptography operations are performed by cryptoprovider classes. The default cryptoprovider does everything under the hood, but you can set a custom cryptoprovider for some particular object. This cryptoprovider should be able to handle cryptographic requests which come from this object. In your case this cryptoprovider would need to handle signing operations.
2) The signature of the hash will be calculated on the server and passed back to the cryptoprovider. And the cryptoprovider would pass this signature as a result of the signing request.
3) Your cryptoprovider would need to be a descenant of basic cryptoprovider class. Studying the source code would help you a lot, as we have several (4 or 5?) cryptoproviders implemented. Note, that the code is written in Delphi.


Sincerely yours
Eugene Mayevski
#9672
Posted: 04/12/2009 09:41:15
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

I will be back the problem in several days if we need the support of yours.

Thank you for your support!
Thanh
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 2184 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!