EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CAdES Async Sign

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#16573
Posted: 06/07/2011 13:07:50
by Qualisoft CQPD (Standard support level)
Joined: 03/13/2007
Posts: 55

When i try to sign (CAdES) async
(...)
FCMS.Signatures(0).InitiateAsyncSign(state)
(...)

The exception was thrown:
"Unsupported algorithm: 32767"

Could you help me?

SBB 9.0.202 DEMO VERSION
thanks
Luis Ricardo
#16574
Posted: 06/07/2011 13:36:45
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

Please check that you are assigning the DigestAlgorithm property before signing.
#16575
Posted: 06/07/2011 14:07:48
by Qualisoft CQPD (Standard support level)
Joined: 03/13/2007
Posts: 55

Hi Innokentiy,

I did not specify this property.
In previous versions this property had a default value?
Thank you.
#16576
Posted: 06/07/2011 14:54:58
by Qualisoft CQPD (Standard support level)
Joined: 03/13/2007
Posts: 55

The method InitiateAsyncSign of the class ElCMSSignature works successfully (after filling PublicKeyAlgorithm property).
I saved the state stream in a xml file (c:\distrib.xml).

Now I'm using the following code (VB.NET)

Dim index As Integer = 0
Dim state As New TElDCAsyncState
Dim decoder As New TElDCXMLEncoding
Dim input As New System.IO.FileStream ("c:\distrib.XML" System.IO.FileMode.Open, System.IO.FileAccess.Read)
input.Position = 0
state.LoadFromStream (input, decoder)
input.Close ()

Dim FCMS as TElSignedCMSMessage = Nothing
FCMS = New TElSignedCMSMessage
index =FCMS.AddSignature()
FCMS.Signatures(index).CompleteAsyncSign (state)

The CompleteAsyncSign thrown

SBCMS.EElCMSError was unhandled
ErrorCode=0
Message=Bad asynchronous state
Source=SecureBlackbox.PKI

thanks for help
#16577
Posted: 06/07/2011 16:58:10
by Ken Ivanov (EldoS Corp.)

The distrib.xml document (a serialized state which was obtained from the InitiateAsyncSign() call) is actually a *signing request*. After obtaining the request from InitiateAsyncSign() you should pass it to the DC server for actual signing. DC server will respond you with another state, a *signing response*. Signing response is what you should pass to the CompleteAsyncSign() method. What you are doing now is passing the signing request to CompleteAsyncSign(), and this has no sense, as CompleteAsyncSign() needs the result of signing operation.

I suggest you to have a look at the DC PDF signer sample for WinAzure. Though this one has little relation to CMS signing, it demonstrates main concepts of DC subsystem. MainWebRole fulfills the client-side part of the system, while MainWorkerRole is a DC server. In fact, the implementation of DC server will be mainly the same independently of what exactly (CMS, PDF, XML) is signed on the client.
#16585
Posted: 06/08/2011 07:19:11
by Qualisoft CQPD (Standard support level)
Joined: 03/13/2007
Posts: 55

I can´t find the call for the DC Server in the sample: Samples\C#\CloudBlackbox\WinAzure

Could you please send the class, method and property to do *signing response*?

luis ricardo
#16586
Posted: 06/08/2011 07:26:12
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

I think Innokentiy wrote you about a sample from \EldoS\SecureBlackbox.NET\Samples\C#\PDFBlackbox\Azure\DistributedPDFSigner folder.
#16588
Posted: 06/08/2011 07:41:58
by Ken Ivanov (EldoS Corp.)

Please see the WorkerRole.SignRequest() method (MainWorkerRole project) - it's exactly what you are asking about.
#16591
Posted: 06/08/2011 09:33:52
by Qualisoft CQPD (Standard support level)
Joined: 03/13/2007
Posts: 55

The code :

'server
Dim sigIndex As Integer
Dim FCMS As New TElSignedCMSMessage
FCMS.CreateNew(System.Text.UnicodeEncoding.Unicode.GetBytes("test"), 0, 4)

sigIndex = FCMS.AddSignature()
FCMS.Signatures(sigIndex).PublicKeyAlgorithm = SBUtils.Unit.SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION
FCMS.Signatures(sigIndex).SigningOptions = SBCMS.Unit.csoIncludeCertToAttributes Or SBCMS.Unit.csoIncludeCertToMessage Or SBCMS.Unit.csoInsertContentType Or SBCMS.Unit.csoInsertMessageDigests Or SBCMS.Unit.csoInsertSigningTime

Dim state As TElDCAsyncState = Nothing
FCMS.Signatures(sigIndex).InitiateAsyncSign(state)

Dim output As New System.IO.MemoryStream
Dim encoder As New TElDCXMLEncoding
state.SaveToStream(output, encoder)

FCMS.Close()

'client sign
Dim server As New TElDCStandardServer
Dim sigHandler As New TElDCX509SignOperationHandler
Dim certStore As New SBCustomCertStorage.TElMemoryCertStorage

Dim SignerCert As New SBX509.TElX509Certificate
SignerCert.LoadFromFileAuto("c:\cert.pfx", "test")
certStore.Add(SignerCert, False)

sigHandler.CertStorage = certStore

Dim respStream As New System.IO.MemoryStream
output.Position = 0
server.Process(output, respStream, New TElDCXMLEncoding(), New TElDCXMLEncoding())
server.Dispose()

respStream.Position = 0

Dim finalState As New TElDCAsyncState
Dim decoderFinal As New TElDCXMLEncoding
finalState.LoadFromStream(respStream, decoderFinal)

Dim finalFCMS As New TElSignedCMSMessage
Dim finalIndex As Integer

finalIndex = finalFCMS.AddSignature()
finalFCMS.Signatures(finalIndex).PublicKeyAlgorithm = SBUtils.Unit.SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION
finalFCMS.Signatures(finalIndex).CompleteAsyncSign(finalState)


The CompleteAsyncSign thrown:
SBCMS.EElCMSError was unhandled
ErrorCode=0
Message=Bad asynchronous state
Source=SecureBlackbox.PKI
#16597
Posted: 06/08/2011 13:33:18
by Qualisoft CQPD (Standard support level)
Joined: 03/13/2007
Posts: 55

In the sample Samples\C#\PDFBlackbox\Azure\DistributedPDFSigner:

Why MainWebRole has an certificate? I hoped to find a certificate (and private key) only on the MainWorkerRole.

I have a document on a web server and I have a client machine with a browser to make the signatures of documents. The signer's certificate is only in the client machine. I want to use the distributed signature to sign the document that is on the web server on the client machine without sending it to the client and without the signer's certificate is in my web server.
In the ELDOS examples that I found, certificates have been used in the web server and the client machine.

Can you help me?

thanks
Luis Ricardo
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 3996 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!