EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TSL Verification

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#14974
Posted: 11/08/2010 04:44:45
by Eugene Mayevski (EldoS Corp.)



Sincerely yours
Eugene Mayevski
#18716
Posted: 01/13/2012 10:48:12
by Eugene Mayevski (EldoS Corp.)

Can anybody please explain what should be done in this task?

TSLs are published in human-readable form which is not possible to handle.


Sincerely yours
Eugene Mayevski
#18723
Posted: 01/14/2012 14:34:10
by Karel Benák (Standard support level)
Joined: 03/16/2011
Posts: 12

For example Czech TSL is in machine processable XML form on URL http://tsl.gov.cz/publ/TSL_CZ.xtsl, EU TSL is in machine processable XML form on URL https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml
#18724
Posted: 01/14/2012 15:04:31
by Eugene Mayevski (EldoS Corp.)

And what is "processable"? What does SecureBlackbox have to do with this?


Sincerely yours
Eugene Mayevski
#34255
Posted: 08/17/2015 11:56:23
by Nuno Pereira (Basic support level)
Joined: 08/17/2015
Posts: 3

Hi,
I'm just starting my adventures in the world of digital signatures, so I don't fully understand all of the concepts, but it seems to me that TSL is a signed document with a list of trusted authorities with their certificates (and policies?).
If I am understanding correctly the functionality provided by TSL, what SecureBlackbox could do with TSL is to allow to validate a certificate/signature using the authorities in the TSL instead of the Local machine Certificate Store (or as a complement).
I'm starting to work with digital signatures because of legal requirements for Digital Signatures on some operations/documents and in some countries (Brazil for example) the certificates used should be validated with a custom list of Root CA and allow only the use of certificates that have one of these root CA in the top of the chain.
Portugal also publishs the TSL in xml (probably all countries in the EU should do this).

Does SecureBlackbox has support for TSL?

thanks,
Nuno Pereira
#34256
Posted: 08/17/2015 12:09:25
by Eugene Mayevski (EldoS Corp.)

1) SecureBlackbox has the XML parser which you can use to process the particular TSL.
2) You can use any custom list of trusted ROOT or CA certificates when validating a certificate.

The problem with automated TSL handling is that they seem to have different formats for each TSL (or for each country), so we can't parse them easily ourselves.


Sincerely yours
Eugene Mayevski
#34387
Posted: 09/07/2015 13:10:38
by Nuno Pereira (Basic support level)
Joined: 08/17/2015
Posts: 3

Hi,

So if I understand correctly your suggestion is to parse the XML to create a list of certificates and supply the certificate list to SecureBlackbox trusted ROOT or CA lists.Is this correct?
Will SecureBlackbox XML parser offer some advantage over the standard .NET XML parser in accomplishing this task?
(I was hoping for an easier way to do this, but I guess we’ll have to do this)

Anyway, in this case it seems to me that this is an EU standard as all the TSL that I’ve found from EU member countries uses the same format, but it makes sense that a standard should be created to all TSLs around the world: It would make all our lives easier (at least my life would be easier).

Thanks,
Nuno Pereira
#34388
Posted: 09/07/2015 13:54:25
by Eugene Mayevski (EldoS Corp.)

Quote
Nuno Pereira wrote:
So if I understand correctly your suggestion is to parse the XML to create a list of certificates and supply the certificate list to SecureBlackbox trusted ROOT or CA lists.Is this correct?


Yes, almost. SecureBlackbox doesn't have "trusted root or CA lists", instead you pass the certificates you want to use or to trust to TElX509CertificateValidator when you use it for validation. But you got the idea right.

Quote
Nuno Pereira wrote:
Will SecureBlackbox XML parser offer some advantage over the standard .NET XML parser in accomplishing this task?


In case of .NET there's no particular difference.

Quote
Nuno Pereira wrote:
Anyway, in this case it seems to me that this is an EU standard as all the TSL that I’ve found from EU member countries uses the same format


Indeed I have found the specifications that describe the XML format (see https://www.eldos.com/sbb/wishlist.php?vox_idea_id=154 for references). It's possible that we'll implement some kind of parser in future.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 3296 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!