EldoS | Feel safer!

Software components for data protection, secure storage and transfer

XADES DigestValue

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#12916
Posted: 04/01/2010 09:25:51
by Dmytro Bogatskyy (EldoS Corp.)

Quote
Reference nodes created from ElXMLSigner.References have Id attributes.

Is there any way to set that attribute off, or do I have to manually delete attributes 'Id' from resource nodes ?

At the moment no. It is created atomatically as it may be needed for Archive timestamp in XAdES (for version 1.1.1 and 1.2.2 only)
We have this issue in our ToDo list, it requeries zpointer support.
#38872
Posted: 03/21/2017 07:21:14
by Tomaž Tušar (Standard support level)
Joined: 11/11/2015
Posts: 6

Hi,

I had to fill the XAdESSigner.PolicyId.SigPolicyHash.DigestValue with the digest value of a file content.

That DigestValue can not calculated the way that is described in https://www.eldos.com/security/articles/6098.php,
because the result differs from the expected value.
It looks like the validator expects a custom calculated value...

I have achived that value with the following code:

Quote

// "sDocData" is alerady filled with the file content,
// but I also have access to the file (if it is needed...)
baData := ConvertFromBase64String(sDocData);
HashFunction := TElHashFunction.Create(SB_ALGORITHM_DGST_SHA1);
try
HashFunction.Update(@baData[1], Length(baData) * SizeOf(Byte));
baData := HashFunction.Finish;
finally
HashFunction.Free;
end;
str := SBUtils.BinaryToString(baData);
str := base64EncodeString(str);
// "str" is the result of XAdESSigner.PolicyId.SigPolicyHash.DigestValue


But I was wandering if there is a better, faster way to achive the same result?

Best regards
#38873
Posted: 03/21/2017 14:57:07
by Dmytro Bogatskyy (EldoS Corp.)

Hi,

Thank you for contacting us.

Quote
That DigestValue can not calculated the way that is described in https://www.eldos.com/security/articles/6098.php,
because the result differs from the expected value.
...
But I was wandering if there is a better, faster way to achive the same result?

In the article above, for digest calculation is used CalculateDigest() function, that exactly the same as using TElHashFunction class (as in your code).
So, there is no "better" or "faster" way, maybe a little bit shorter if you use this function.
Why it didn't work for you, it is not clear. Possible, you didn't decode base64 data, like you do in your code.
#38874
Posted: 03/22/2017 05:22:22
by Tomaž Tušar (Standard support level)
Joined: 11/11/2015
Posts: 6

Hi,


I will try to better explain the issue.
Instructions and sample given to me by the issuer are the folowing:

How to calcualte the digest value of the document :

- Calculate sha over the data content ( byte[] [125, 115, -95, 88, 9, -93, 113, -33, -47, 91, 94, 126, -88, 16, 100, 31, -70, -80, -91, 55])
- Convert to hexa string (7d73a15809a371dfd15b5e7ea810641fbab0a537)
- Use Base64 encoding (N2Q3M2ExNTgwOWEzNzFkZmQxNWI1ZTdlYTgxMDY0MWZiYWIwYTUzNw==)

And the desired result is :
Quote

<xad:SignaturePolicyIdentifier>
<xad:SignaturePolicyId>
<xad:SigPolicyId>
<xad:Identifier>1.3.6.1.4.1.21367.2010.1.2.157367709875522321724867</xad:Identifier>
</xad:SigPolicyId>
<xad:SigPolicyHash>
<xad:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<xad:DigestValue>N2Q3M2ExNTgwOWEzNzFkZmQxNWI1ZTdlYTgxMDY0MWZiYWIwYTUzNw==</xad:DigestValue>
</xad:SigPolicyHash>
</xad:SignaturePolicyId>
</xad:SignaturePolicyIdentifier>


But if I use the code from https://www.eldos.com/security/articles/6098.php for the upper ByteArray I get :
Quote

<xad:SignaturePolicyIdentifier>
<xad:SignaturePolicyId>
<xad:SigPolicyId>
<xad:Identifier>1.3.6.1.4.1.21367.2010.1.2.157367709875522321724867</xad:Identifier>
</xad:SigPolicyId>
<xad:SigPolicyHash>
<xad:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<xad:DigestValue>c1cc758FdMx/g0t40HEDf6Cpy3Q=</xad:DigestValue>
</xad:SigPolicyHash>
</xad:SignaturePolicyId>
</xad:SignaturePolicyIdentifier>


So, I have calculated the DigestValue by folowing the instructions and got the desired result.
Code
// "sDocData" is alerady filled with the file content,
// but I also have access to the file (if it is needed...)
baData := ConvertFromBase64String(sDocData);
HashFunction := TElHashFunction.Create(SB_ALGORITHM_DGST_SHA1);
try
HashFunction.Update(@baData[1], Length(baData) * SizeOf(Byte));
baData := HashFunction.Finish;
finally
HashFunction.Free;
end;
str := SBUtils.BinaryToString(baData);
str := base64EncodeString(str);
// "str" is the result of XAdESSigner.PolicyId.SigPolicyHash.DigestValue


With the upper code I get "str" filled with 'N2Q3M2ExNTgwOWEzNzFkZmQxNWI1ZTdlYTgxMDY0MWZiYWIwYTUzNw=='.


Best regards
#38876
Posted: 03/22/2017 11:10:38
by Dmytro Bogatskyy (EldoS Corp.)

Hi,

Quote

- Calculate sha over the data content ( byte[] [125, 115, -95, 88, 9, -93, 113, -33, -47, 91, 94, 126, -88, 16, 100, 31, -70, -80, -91, 55])
- Convert to hexa string (7d73a15809a371dfd15b5e7ea810641fbab0a537)
- Use Base64 encoding (N2Q3M2ExNTgwOWEzNzFkZmQxNWI1ZTdlYTgxMDY0MWZiYWIwYTUzNw==)

Thank you for the detailed explanation.
Your requirements are not standard. Usually raw data of the signature policy are hashed and then binary hash is encoded using Base64 encoding (without step to converting binary data to a hex string).
Then, SigPolicyHash.DigestValue property accept binary data/hash that will be Base64 encoded. So, in your case you should do similar:
Code
    XAdESSigner.PolicyId.SigPolicyHash.DigestValue := BytesOfString(LowerCase(BinaryToString(Hash)));
// Where is hash is byte[] [125, 115, -95, 88, 9, -93, 113, -33, -47, 91, 94, 126, -88, 16, 100, 31, -70, -80, -91, 55]
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 5886 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!