EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Timestamp changed SignedInfo

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#14681
Posted: 10/11/2010 06:20:44
by Dmytro Bogatskyy (EldoS Corp.)

Quote

In attachment is the original file that I try to create. It has no SignatureValue ID and no UnsignedProperties. Is there a way to remove this items?

It doesn't have a timestamp. So, if you will not set XAdESSigner.TSPClient property and set "XAdESSigner.XAdESForm := XAdES;" then resulting signature should be similar to the signature in your original file.
Quote
When I remove it myself I get an error from verifier that "Signing certificate from signed properties does not match the real one
".

Verifier doesn't accept signatures with a following elements?
Maybe they require a certificate from special CA?
#14697
Posted: 10/15/2010 02:12:41
by Sašo Osenk (Standard support level)
Joined: 09/20/2010
Posts: 35

Thank you for helping. Could you please take a look if my signature, the file is in attachment, is ok and if there is a chance that there are differences in data of the certificate.
Thank you.

Sašo


[ Download ]
#14698
Posted: 10/15/2010 05:13:09
by Dmytro Bogatskyy (EldoS Corp.)

Did you do any changes to this xml document after signing? (for example changing whitespace formatting of signed element or signature)
Because both signature and references in this xml document are invalid for me
#14699
Posted: 10/15/2010 05:25:46
by Sašo Osenk (Standard support level)
Joined: 09/20/2010
Posts: 35

I only deleted SignedSignatureProperties ID which I can't remove in the program and I have to remove it.
The orignal file without modification is in attachment.

Thank you.

Sašo


[ Download ]
#14701
Posted: 10/15/2010 09:27:13
by Dmytro Bogatskyy (EldoS Corp.)

It is strange, but your orignal file without modification is still invalid.
Could please post your last code for signing including a code for loading and saving xml document, and your original file before signing. (better in archive as attachment)
#14713
Posted: 10/18/2010 01:13:36
by Sašo Osenk (Standard support level)
Joined: 09/20/2010
Posts: 35

Both file's are in attachment.
Thank you for helping.

Sašo


[ Download ]
#14726
Posted: 10/19/2010 06:44:15
by Dmytro Bogatskyy (EldoS Corp.)

1. In your code there is a call to "SigNode.Free;" that variable is not initialized, so this could lead to unexpected behaviour.

2. You are using enveloped signature (you sre signing a document element and a signature is inserted as a child) in this case you must to add enveloped signature transform, otherwise this reference will be invalid.
For example:
Ref.TransformChain.Add(TElXMLEnvelopedSignatureTransform.Create);

3. For the signature policy you calculate a digest based on the original xml document that you are signing, it is not good. You should have a separate document that referenced by SigPolicyId.Identifier (usually it is an URI).

4. For timestamping you are creating TElFileTSPServer object and timestamp with the same certificate as used for signing. You should use different certificates, otherwise timestamp will not have much sense. Of course for test it is ok.
#14733
Posted: 10/20/2010 04:51:27
by Martin Hren (Basic support level)
Joined: 10/20/2010
Posts: 13

Hi Dmytro,

I have the exact same problem as Sašo has - I need to remove the Id attribute from elements SignedInfo and SignedSignatureProperties.

The problem is that we have to generate signature for invoices, which depends on specific schema for our country. [URL=http://www.gzs.si/e-poslovanje/sheme/eSlog_1-5_EnostavniRacun_signature.xsd]That schema[/URL] requires Xades 1.1.1, but with no Id's on elements mentioned above.

So, now when I sign the document, the signature is successfuly generated, but it fails when I try to validate document against schema.

I realy need to know if or when it will be possible to remove Id's, otherwise we will unfortunately have to use some other library.


With best regards,
Martin
#14746
Posted: 10/20/2010 17:03:56
by Dmytro Bogatskyy (EldoS Corp.)

For the next version I will ensure that all auto-generated ID's will be moved to Sign (or GenerateSignature/GenerateSignatureAsync) method.
So, you will be able to modify them without using FormatElement event.
For example to remove auto-generated ID for SignedSignatureProperties you will need tO set:
Signer.Signature.QualifyingProperties.SignedProperties.SignedSignatureProperties.ID = '';
#14747
Posted: 10/21/2010 01:57:38
by Martin Hren (Basic support level)
Joined: 10/20/2010
Posts: 13

Great, that should simplify things a lot! When approximately do you plan for next release to be available?
Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.

Reply

Statistics

Topic viewed 26349 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!