EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Nesting signed data in xml

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#14957
Posted: 11/04/2010 10:37:50
by Vsevolod Ievgiienko (EldoS Corp.)

Visit http://eldos.com/sbb/desc-xml.php page for more information.
#15853
Posted: 02/22/2011 07:40:46
by Grazyna Polomska (Basic support level)
Joined: 02/07/2011
Posts: 9

Dear Sirs,

I've tried to apply needed changes listed above to SimpleSigner /modified code You can find below at the end of this message; I marked changes in red/.

In attachement You can find three files:
1) decl.xml - file to sign
2) decl - SBB.xml.xades - file signed using SimpleSigner in Enveloped mode; object has proper Id="Dokument-0", but...
3) decl - SUNIZETO.xml.xades - file signed using different application

If I try to verify files 2) and 3): file 3) is OK, but with file 2) there is message like "Not verified - null reference"; I don't know why :-|
What I've made wrong? Where is a mistake? Please, help.



Moreover, in 2) is:
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

But should be
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloping-signature"/>
If I use Enveloping mode in Simple Signer, there no be possibility do modify object a.s.o., so I have to use Enveloped - how to resolve this?


Best Regards,
Grazyna Polomska


------------------------------------------------
procedure TfrmMain.btnSignClick(Sender: TObject);
var
Signer: TElXMLSigner;
...
TSPClient: TElHttpTSPClient;
obj : TElXMLObject;

begin
XAdESSigner := nil;
...

Ref := TElXMLReference.Create;
Ref.DigestMethod := xdmSHA1;
if TElXMLDOMNode(tvXML.Selected.Data) is TElXMLDOMDocument then
begin
Ref.URINode := TElXMLDOMDocument(tvXML.Selected.Data).DocumentElement;
Ref.URI := '#Dokument-0';
end
else
...
MessageDlg('Please, select node for signing.', mtInformation, [mbOK], 0);
Exit;
end;

Signer.Sign;
Signer.Signature.SignaturePrefix := 'ds'; // the default value is: "#default ds"
SigNode := TElXMLDOMNode(tvXML.Selected.Data);
if SigNode is TElXMLDOMDocument then
SigNode := TElXMLDOMDocument(SigNode).DocumentElement;

obj := TElXMLObject.Create();
obj.ID := 'Dokument-0';
obj.DataList.Add(SigNode.CloneNode(True)); // where Node is Deklaracja
Signer.Signature.Objects.Add(obj);

TmpNode := TElXMLDOMNode.Create;
TmpNode := SigNode;
SigNode := TmpNode.ParentNode;
SigNode.RemoveChild(TmpNode);

try
// If the signature type is enveloping, then the signature is placed into the passed node and the contents of the node are moved to inside of the signature.
// If the signature type is enveloped, the signature is placed as a child of the passed node.
Signer.Save(SigNode);
...


[ Download ]
#15855
Posted: 02/22/2011 07:58:48
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Both files are successfully verified using SimpleSigner demo. Do you use another software for files verification?
#15858
Posted: 02/22/2011 11:37:34
by Grazyna Polomska (Basic support level)
Joined: 02/07/2011
Posts: 9

I've tried to verify using SimpleSigner and I've received
message about invalid certificate /it is valid, so why SimpleSigner gives information like that?/.
In other aplication -
http://www.unizeto.pl/upload_module/wysiwyg/software/proCertumSmartSign_3_3_0_1583.exe - I receive failed verification because of missing reference.

When I try to verify decl-UNIZETO.xml.xades all is OK.
If You want to check it by yourself, please, download this soft, install, click from main menu "Weryfikowanie", "Dodaj plik" at the bottom left and "Weryfikuj" at the bottom right.

UNIZETO is big (maybe even the biggest) digital sign cerificates, software etc. in
Poland and if their software can't verify signed document, in Financial and
Tax Department verification will fail too.

I still don't know why... maybe that there is "enveloped" instead "enveloping" in transformations?


------- detailed message from UNIZETO soft -------------


Błąd podpisu XAdES. Walidacja (reference) nie udała się (sygnatura: Signature-1773557229; referencja: null). Prawdopodobnie dane zostały zmienione.
// XAdES Sinature not valid. Validation (reference) failed (signature Signature-1773557229; reference null). Probably somebody changed the document.




or in one case /with little different code/:

Can not find XMLObject element

class java.lang.IllegalArgumentException: Can not find XMLObject element
pl.unizeto.procertum.xades.c.a(Unknown Source)
pl.unizeto.procertum.xades.q.getContent(Unknown Source)
pl.unizeto.swing.table.FileToVerify.exportSignatureContent(FileToVerify.java:245)
pl.unizeto.swing.table.FileToVerify.exportSignatureContent(FileToVerify.java:272)
pl.unizeto.pcja.gui.r.a(PkiUtils.java:367)
pl.unizeto.pcja.gui.r.a(PkiUtils.java:129)
pl.unizeto.pcja.gui.q$d.a(VerifyPanel.java:1273)
pl.unizeto.pcja.gui.q$d.doInBackground(VerifyPanel.java:1247)
javax.swing.SwingWorker$1.call(Unknown Source)
java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
java.util.concurrent.FutureTask.run(Unknown Source)
javax.swing.SwingWorker.run(Unknown Source)
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
java.lang.Thread.run(Unknown Source)
#15862
Posted: 02/22/2011 17:00:28
by Dmytro Bogatskyy (EldoS Corp.)

Quote
But should be
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloping-signature"/>
If I use Enveloping mode in Simple Signer, there no be possibility do modify object a.s.o., so I have to use Enveloped - how to resolve this?

There is no such transform like "enveloping-signature". And I don't see it in "decl - UNIZETO.xml.xades" file too.
Your code uses enveloped signature transform, but in your case you can omit it. (Enveloped signature transform removes a Signature element from a referenced node, in your case referenced node is object element and it doesn't contain a Signature element.)
So just remove your code where you create an instance of TElXMLEnvelopedSignatureTransform class.
Also it will be good to add TElXMLC14NTransform like it is in "decl - UNIZETO.xml.xades" file and set a CanonicalizationMethod property of it to xcmCanonComment.
Then to set obj.MimeType to "text/xml".
And set an Id's for references too, never knows what a third party application think is important.
#15863
Posted: 02/23/2011 08:21:24
by Grazyna Polomska (Basic support level)
Joined: 02/07/2011
Posts: 9

Quote
Dmytro Bogatskyy wrote:
Quote
But should be
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloping-signature"/>
If I use Enveloping mode in Simple Signer, there no be possibility do modify object a.s.o., so I have to use Enveloped - how to resolve this?

There is no such transform like "enveloping-signature". And I don't see it in "decl - UNIZETO.xml.xades" file too.


I mean in decl-SBB is:
Quote
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>


In decl-UNIZETO is only:
Quote
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
</ds:Transforms>



I will try to apply your directions - I hope it helps.

Thank You very much for your help.
#36741
Posted: 05/16/2016 13:24:17
by Wieslaw Rudziewicz (Standard support level)
Joined: 05/16/2016
Posts: 4

Hello ,

I'm about decision to buy XMLBlackbox package .

My question is:
It's possible to create detached/enveloped xades bes signature ,with both signature , and base64 encoded data - signed ( encoded data as a second reference and finally ds:object) .
See attachment file


[ Download ]
#36742
Posted: 05/16/2016 14:18:21
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us,

Quote
It's possible to create detached/enveloped xades bes signature ,with both signature , and base64 encoded data - signed ( encoded data as a second reference and finally ds:object) .
See attachment file

Yes, it is possible to create such signature. The only thing that TElXMLSigner component always place XAdES info in the last ds:Object element, in general, the order of ds:Object elements shouldn't be important, but if it is then you can change the order of ds:Object elements after signing.

On a side note, please don't post unrelated questions to old topics. If you have a question, please start a new topic. This will help everyone avoid mess in topics.
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 9004 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!