EldoS | Feel safer!

Software components for data protection, secure storage and transfer

XADES DigestValue

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#10999
Posted: 09/09/2009 11:03:27
by Datadec Online (Basic support level)
Joined: 09/09/2009
Posts: 29

Hi,

We are trying to generate policy information for XADES specification. We don't know how to fill the XAdESSigner.PolicyId.SigPolicyHash.DigestValue from the SimpleSigner_VS2008 example you provide. This is what we have wrote but it doesn't works.

XAdESSigner.PolicyId.SigPolicyId.Identifier = s
XAdESSigner.PolicyId.SigPolicyHash.DigestMethod = SBXMLSec.Unit.DigestMethodToURI(SBXMLSec.Unit.xdmSHA1)
XAdESSigner.PolicyId.SigPolicyHash.DigestValue = SBUtils.Unit.BytesOfString(SBUtils.Unit.Base64EncodeString(s, False))

¿Any help?

Thanks, regards
Javier Gutiérrez
#11001
Posted: 09/09/2009 12:10:06
by Dmytro Bogatskyy (EldoS Corp.)

Quote
We are trying to generate policy information for XADES specification. We don't know how to fill the XAdESSigner.PolicyId.SigPolicyHash.DigestValue from the SimpleSigner_VS2008 example you provide. This is what we have wrote but it doesn't works.
XAdESSigner.PolicyId.SigPolicyId.Identifier = s
XAdESSigner.PolicyId.SigPolicyHash.DigestMethod = SBXMLSec.Unit.DigestMethodToURI(SBXMLSec.Unit.xdmSHA1)
XAdESSigner.PolicyId.SigPolicyHash.DigestValue = SBUtils.Unit.BytesOfString(SBUtils.Unit.Base64EncodeString(s, False))

Did you check the article: http://www.eldos.com/security/articles/6098.php

In your case, the Identifier and DigestValue properties contains similar value (variable s). What does the variable 's' hold?
If it is an URI (for example: http://eldos.com/policy.pdf ) then you should download the file and calculate the digest (see the first code sample in the article above).

The XMLBlackBox doesn't calculate the digest value automatically, because the file should be downloaded and in most cases you should store or cache a digest value (it is big overhead to download policy document for each signing).
#11003
Posted: 09/10/2009 02:41:23
by Datadec Online (Basic support level)
Joined: 09/09/2009
Posts: 29

Ok, I will work with the cached digest value.
#12887
Posted: 03/30/2010 03:34:11
by Mitja Bog (Basic support level)
Joined: 03/30/2010
Posts: 5

Need help!

I'm a new user of BlackBox components, so I am sorry if my questions are stupid, but I've already checked all topics on this forum and I just can't find an answer to my problem.

I have just a signed xml sample file and I have to make an application, that will sign xml files the same way.
I am using the TElXMLSigner with TElXAdESSigner, and for now everything works except one thing.

The body of the sample xml has a node, that looks like this!

<....>
<displayTransform>
<Manifest xmlns="http://www.w3.org/2000/09/xmldsig#" Id="DisplayTransformManifest">
<Reference URI="http://www.zav-zdruzenje.si/pzz_sheme/DocZavObracun_1/DocZavObracun_1.xslt">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>qOwQl/qwdaoIHgRYcY0J4DlBxXY=</DigestValue>
</Reference>
</Manifest>
</displayTransform>
<....>


Can this be generated using the TElXMLReference or ... ? How ?

Or do I have to download the file, calculate its data with DigestMethod and fill the DigestValue ?

Any suggestions ?
#12889
Posted: 03/30/2010 04:06:42
by Dmytro Bogatskyy (EldoS Corp.)

Quote
Or do I have to download the file, calculate its data with DigestMethod and fill the DigestValue ?

Yes, you need to download the file. The digest calculation could be performed by TElXMLReference class. Also, if you have a bunch of files to sign then you can cache the DigestValue and simply re-use it.
Quote
Can this be generated using the TElXMLReference or ... ? How ?

Here is a C# sample:
Code
TElXMLReference Ref = new TElXMLReference();
Ref.DigestMethod = SBXMLSec.Unit.xdmSHA1;
Ref.URI = "http://www.zav-zdruzenje.si/pzz_sheme/DocZavObracun_1/DocZavObracun_1.xslt";
Ref.URIData = // or use URIStream property to set the file content
Ref.UpdateDigestValue();
// Ref.DigestValue = ...; assign if you store it, then no need to set URIData property and call UpdateDigestValue method

TElXMLDOMElement displayTransform = XMLDocument.CreateElement("displayTransform");
TElXMLDOMElement manifest = XMLDocument.CreateElementNS(SBXMLDefs.Unit.xmlSignatureNamespace, "Manifest");
displayTransform.AppendChild(manifest);
TElXMLDOMElement reference = Ref.SaveToXML(XMLDocument);
manifest.AppendChild(reference);
#12893
Posted: 03/30/2010 08:18:03
by Mitja Bog (Basic support level)
Joined: 03/30/2010
Posts: 5

Thanks!

I would need just a little more help here.

I chose the first choice with

Quote

Ref.URIData :=
Ref.UpdateDigestValue();


, but i just can't figure out how to fill Ref.URIData !

Can you write me a sample? (let say, with a local file)
If it is possible in Delphi.
#12895
Posted: 03/30/2010 08:54:29
by Dmytro Bogatskyy (EldoS Corp.)

Quote
but i just can't figure out how to fill Ref.URIData !

It is array of bytes: http://www.eldos.com/documentation/sb...idata.html
For example:
Code
var
f : TFileStream;
Buf : ByteArray;

f := TFileStream.Create('local.xlts', fmOpenRead);
SetLength(Buf, f.Size);
f.Read(Buf[0], Length(Buf));
f.Free;

Ref.URIData = Buf;
#12897
Posted: 04/01/2010 02:11:31
by Mitja Bog (Basic support level)
Joined: 03/30/2010
Posts: 5

Thanks!

Well I have two more questions.

The signature generates one node, that I don't want to have.
Quote

<xds:UnsignedProperties>
<xds:UnsignedSignatureProperties>
<xds:SignatureTimeStamp>
<xds:HashDataInfo uri="#DepositorSignatureValue">
<xds:Transforms/>
</xds:HashDataInfo>
<xds:EncapsulatedTimeStamp>MIIG...rmgZ/nhPtPSYL/MAIIAcM7YFMDFEAYDzIwMTAwNDAxMDY1NjMzWjAJAgEKgAEBgQEBAghJw3iICvAD+qCCA1cwggNTMIICvKADAgECAgEEMA0GCSqGSIb3DQEBBQUAMIG/MQsw...ECxM/SW5z...E84C+asGQhKpzQkkAg2hq4jGi1EkX7IfGwi5X3JRZxz3kI6oQ5uV+xNAAncQqPjHy/mBCK8y8HeUSahBwMkGXJiSO5QWhNIQOqqXLXxK/V50HKQz4RNsiwIDAQABo10wWzAOBgNVHQ8BAf8EBAMCB4AwEgYDVR0TAQH/BAgwBgEB/wIBA...VlE5+NwsvM0wDQYJKoZIhvcNAQEFBQADgYEAvSTSFK8+y/c27sKeozdD3S4Abp/BOQwiEPQs6Bhbaksoxs+f+j52TY/c6jCZeO40bDiUvCx3xiJn/dFNcZORK8ZxaNlEOgeb2l7dQrcR0ZxpXSD3jqMlBm2rxqR/SQ+Jvxre6v3LzGZdszHj8/rap7...BhuI/imNx...8rVG+MyZ85lx++zq4fRcha8GQx/B5ccLIjtdV5TdEL1h+pLPf9TUUUcW7eDNIlPLD/Cpqzt44bgfmOo4R132IeWjjdLYd8v3/15y/8R9JpmaivdLAxSCKWOKyJI+v11jjwRDNsULOOCJH9fnMDySAQzB05Vcduh1pIzC1sQ=</xds:EncapsulatedTimeStamp>
</xds:SignatureTimeStamp>
</xds:UnsignedSignatureProperties>
</xds:UnsignedProperties>


I've tried to clear it, but it stays there.
What can I do so, that that node won't be created?
PS: 'DepositorSignatureValue' is the Id attribute of <SignatureValue>

2. I need the a node SignedDataObjectProperties in the signature, that looks like this!

Quote
<xds:SignedDataObjectProperties>
<xds:DataObjectFormat ObjectReference="#DisplayTransform">
<xds:MimeType>application/xml</xds:MimeType>
</xds:DataObjectFormat>
<xds:DataObjectFormat ObjectReference="attachment.zip">
<xds:MimeType>application/x-zip-compressed</xds:MimeType>
</xds:DataObjectFormat>
</xds:SignedDataObjectProperties>


I tried with (before and after Sign) :
Quote

DataObjectFormats := TElXMLDataObjectFormat.Create;
DataObjectFormats.ObjectReference := '#DisplayTransform';
DataObjectFormats.ObjectReference := 'application/xml';
XAdESSigner.QualifyingProperties.SignedProperties.SignedDataObjectProperties.DataObjectFormats.Add(DataObjectFormats);

DataObjectFormats2 := TElXMLDataObjectFormat.Create;
DataObjectFormats2.ObjectReference := 'attachment.zip';
DataObjectFormats2.ObjectReference := 'pplication/x-zip-compressed';
XAdESSigner.QualifyingProperties.SignedProperties.SignedDataObjectProperties.DataObjectFormats.Add(DataObjectFormats2);



But it returns an exception. (e : "CreateElementNS w/ empty tag name").
#12898
Posted: 04/01/2010 04:07:35
by Dmytro Bogatskyy (EldoS Corp.)

Quote
The signature generates one node, that I don't want to have

Hmm, this is a signature timestamp. It is added using ElXAdESSigner.AddSignatureTimestamp method. If you don't want that this node is appearing, then simply remove this method.
Quote
DataObjectFormats := TElXMLDataObjectFormat.Create;

Please use a following constuctor:
DataObjectFormats := TElXMLDataObjectFormat.Create(ElXAdESSigner.XAdESVersion);
#12912
Posted: 04/01/2010 07:34:11
by Mitja Bog (Basic support level)
Joined: 03/30/2010
Posts: 5

Ok,everything works fine now.

I have just the last (informative) question.

Reference nodes created from ElXMLSigner.References have Id attributes.

Is there any way to set that attribute off, or do I have to manually delete attributes 'Id' from resource nodes ?


Anyway thanks for your time !
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 5525 times

Number of guests: 2, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!