EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Timestamp changed SignedInfo

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#14837
Posted: 10/28/2010 05:45:12
by Dmytro Bogatskyy (EldoS Corp.)

Quote
I have some old/new troubles. When I add timestamp, the code is below, I get the same error that before.
Is my timestamp code ok?

This code looks okay.
Could you try to sign your xml document with and without timestamp and compare the difference. If the signed data is the same you should receive the same digest values and signature value. Timestamp object is placed in UnsignedSignatureProperties element that doesn't change a main signature.

Quote
Do you give me warranty that when we buy the SecureBlackBox we will be able to remove SignedSignatureProperties.ID?

The code that allows to change those IDs is already in repository, and will be included in the next version.
#14840
Posted: 10/28/2010 06:21:50
by Sašo Osenk (Standard support level)
Joined: 09/20/2010
Posts: 35

When I compare both files the difference is that SignedSignatureProperties ID is gone and SignatureValue ID is added despite that I have in FormatElement
Code
      if Element.LocalName = 'SignatureValue' then
        Element.RemoveAttribute('Id');
.
The first reference (#data) is the same, the second (SignedPropertiesId) is changed and SignatureValue is different.
Any idea why?

Can you tell when will be new version? We are a bit in a hurry.

Sašo
#14846
Posted: 10/28/2010 08:11:16
by Dmytro Bogatskyy (EldoS Corp.)

Quote
When I compare both files the difference is that SignedSignatureProperties ID is gone

That's strange, if you don't modify an xml document after signing.
Quote
SignatureValue ID is added despite that I have in FormatElement

It is needed for timestamping, timestamped data are referenced explicitly in version 1.1.1
Quote
the second (SignedPropertiesId) is changed and SignatureValue is different.

As I can see from your source, you have:
XAdESSigner.QualifyingProperties.SignedProperties.ID:='SignedPropertiesId';

The ID could be changed (generated at random) if you didn't set it before calling Signer.Sign() method.
#14848
Posted: 10/28/2010 10:16:12
by Sašo Osenk (Standard support level)
Joined: 09/20/2010
Posts: 35

No modification is made after signing.

But my xml schema has no ID. Is posible that I will be able to remove it with new version?

I set the SignedProperties.ID after Generate and before Sign. Is there any problem?
#14855
Posted: 10/28/2010 18:00:57
by Dmytro Bogatskyy (EldoS Corp.)

Quote
But my xml schema has no ID. Is posible that I will be able to remove it with new version?

For SignatureValue?
Check a XML-DSig schema, it allows Id:
http://www.w3.org/TR/xmldsig-core/xml...schema.xsd

However, it will be possible to remove it in next version. But I wouldn't recommend to do this as Id is required for signature timestamp. Timestamp element is referencing signature value (data that will be timestamped) by an Id.

Quote
I set the SignedProperties.ID after Generate and before Sign.

It should be ok to set an Id like this.
With your old code (that you post before) I could sign with or without timestamp and SignedProperties has a correct ID.
#14862
Posted: 10/29/2010 02:07:30
by Martin Hren (Basic support level)
Joined: 10/20/2010
Posts: 13

Quote
Check a XML-DSig schema, it allows Id:
http://www.w3.org/TR/xmldsig-core/xml...schema.xsd

The problem is that we have to use specific schemas for creating our signature. They do not allow IDs on elements like SignatureValue and SignedSignatureProperties.Those two schemas are:

[URL=http://www.gzs.si/e-poslovanje/sheme/eSlog_1-5_EnostavniRacun_signature.xsd]Schema for signature[/URL]
[URL=http://www.gzs.si/e-poslovanje/sheme/eSlog_1-5_EnostavniRacun_XAdES.xsd]Schema for XAdES[/URL]


Quote
However, it will be possible to remove it in next version. But I wouldn't recommend to do this as Id is required for signature timestamp. Timestamp element is referencing signature value (data that will be timestamped) by an Id.

After removing ID with new release version, will signing and timestamping still work ok?

Thanks.
#14863
Posted: 10/29/2010 02:09:09
by Sašo Osenk (Standard support level)
Joined: 09/20/2010
Posts: 35

[URL=http://www.gzs.si/e-poslovanje/sheme/eSlog_1-5_EnostavniRacun_signature.xsd]Schema[/URL] in our country has no ID for SignatureValue.
In my message I wasn't precise. When I compare xml with timestamp and without timestamp the xml with timestamp has different digestvalue in second reference and SignatureValue ID is added and SignatureValue text is different.
Everything else is the same in both files.
#14865
Posted: 10/29/2010 06:31:33
by Dmytro Bogatskyy (EldoS Corp.)

Quote

Schema in our country has no ID for SignatureValue.

I see, possible it is based on old version standard.
Quote

After removing ID with new release version, will signing and timestamping still work ok?

Yes, it will timestamp ok, as internally Id is not used. But you will not be able to verify this timestamp, maybe with some tweaks.
Do you have any sample signature with signature timestamp that follow your schema?
#14866
Posted: 10/29/2010 08:18:48
by Martin Hren (Basic support level)
Joined: 10/20/2010
Posts: 13

Quote
But you will not be able to verify this timestamp, maybe with some tweaks.

I think (hope) this won't be necessary.

Sample document (this is how my xml should look like, signature is at the bottom):


[ Download ]
#14870
Posted: 10/29/2010 13:12:01
by Dmytro Bogatskyy (EldoS Corp.)

Quote
Sample document (this is how my xml should look like, signature is at the bottom):

This xml document doesn't contain signature timestamp (SignatureTimeStamp element under UnsignedProperties).
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 26401 times

Number of guests: 2, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!