EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CAdES Async Sign

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
Posted: 06/07/2011 13:07:50
by QualiSign Infomática S/A (Premium support level)
Joined: 03/13/2007
Posts: 55

When i try to sign (CAdES) async

The exception was thrown:
"Unsupported algorithm: 32767"

Could you help me?

Luis Ricardo
Posted: 06/07/2011 13:36:45
by Ken Ivanov (Team)

Thank you for contacting us.

Please check that you are assigning the DigestAlgorithm property before signing.
Posted: 06/07/2011 14:07:48
by QualiSign Infomática S/A (Premium support level)
Joined: 03/13/2007
Posts: 55

Hi Innokentiy,

I did not specify this property.
In previous versions this property had a default value?
Thank you.
Posted: 06/07/2011 14:54:58
by QualiSign Infomática S/A (Premium support level)
Joined: 03/13/2007
Posts: 55

The method InitiateAsyncSign of the class ElCMSSignature works successfully (after filling PublicKeyAlgorithm property).
I saved the state stream in a xml file (c:\distrib.xml).

Now I'm using the following code (VB.NET)

Dim index As Integer = 0
Dim state As New TElDCAsyncState
Dim decoder As New TElDCXMLEncoding
Dim input As New System.IO.FileStream ("c:\distrib.XML" System.IO.FileMode.Open, System.IO.FileAccess.Read)
input.Position = 0
state.LoadFromStream (input, decoder)
input.Close ()

Dim FCMS as TElSignedCMSMessage = Nothing
FCMS = New TElSignedCMSMessage
index =FCMS.AddSignature()
FCMS.Signatures(index).CompleteAsyncSign (state)

The CompleteAsyncSign thrown

SBCMS.EElCMSError was unhandled
Message=Bad asynchronous state

thanks for help
Posted: 06/07/2011 16:58:10
by Ken Ivanov (Team)

The distrib.xml document (a serialized state which was obtained from the InitiateAsyncSign() call) is actually a *signing request*. After obtaining the request from InitiateAsyncSign() you should pass it to the DC server for actual signing. DC server will respond you with another state, a *signing response*. Signing response is what you should pass to the CompleteAsyncSign() method. What you are doing now is passing the signing request to CompleteAsyncSign(), and this has no sense, as CompleteAsyncSign() needs the result of signing operation.

I suggest you to have a look at the DC PDF signer sample for WinAzure. Though this one has little relation to CMS signing, it demonstrates main concepts of DC subsystem. MainWebRole fulfills the client-side part of the system, while MainWorkerRole is a DC server. In fact, the implementation of DC server will be mainly the same independently of what exactly (CMS, PDF, XML) is signed on the client.
Posted: 06/08/2011 07:19:11
by QualiSign Infomática S/A (Premium support level)
Joined: 03/13/2007
Posts: 55

I can´t find the call for the DC Server in the sample: Samples\C#\CloudBlackbox\WinAzure

Could you please send the class, method and property to do *signing response*?

luis ricardo
Posted: 06/08/2011 07:26:12
by Vsevolod Ievgiienko (Team)


I think Innokentiy wrote you about a sample from \EldoS\SecureBlackbox.NET\Samples\C#\PDFBlackbox\Azure\DistributedPDFSigner folder.
Posted: 06/08/2011 07:41:58
by Ken Ivanov (Team)

Please see the WorkerRole.SignRequest() method (MainWorkerRole project) - it's exactly what you are asking about.
Posted: 06/08/2011 09:33:52
by QualiSign Infomática S/A (Premium support level)
Joined: 03/13/2007
Posts: 55

The code :

Dim sigIndex As Integer
Dim FCMS As New TElSignedCMSMessage
FCMS.CreateNew(System.Text.UnicodeEncoding.Unicode.GetBytes("test"), 0, 4)

sigIndex = FCMS.AddSignature()
FCMS.Signatures(sigIndex).PublicKeyAlgorithm = SBUtils.Unit.SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION
FCMS.Signatures(sigIndex).SigningOptions = SBCMS.Unit.csoIncludeCertToAttributes Or SBCMS.Unit.csoIncludeCertToMessage Or SBCMS.Unit.csoInsertContentType Or SBCMS.Unit.csoInsertMessageDigests Or SBCMS.Unit.csoInsertSigningTime

Dim state As TElDCAsyncState = Nothing

Dim output As New System.IO.MemoryStream
Dim encoder As New TElDCXMLEncoding
state.SaveToStream(output, encoder)


'client sign
Dim server As New TElDCStandardServer
Dim sigHandler As New TElDCX509SignOperationHandler
Dim certStore As New SBCustomCertStorage.TElMemoryCertStorage

Dim SignerCert As New SBX509.TElX509Certificate
SignerCert.LoadFromFileAuto("c:\cert.pfx", "test")
certStore.Add(SignerCert, False)

sigHandler.CertStorage = certStore

Dim respStream As New System.IO.MemoryStream
output.Position = 0
server.Process(output, respStream, New TElDCXMLEncoding(), New TElDCXMLEncoding())

respStream.Position = 0

Dim finalState As New TElDCAsyncState
Dim decoderFinal As New TElDCXMLEncoding
finalState.LoadFromStream(respStream, decoderFinal)

Dim finalFCMS As New TElSignedCMSMessage
Dim finalIndex As Integer

finalIndex = finalFCMS.AddSignature()
finalFCMS.Signatures(finalIndex).PublicKeyAlgorithm = SBUtils.Unit.SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION

The CompleteAsyncSign thrown:
SBCMS.EElCMSError was unhandled
Message=Bad asynchronous state
Posted: 06/08/2011 13:33:18
by QualiSign Infomática S/A (Premium support level)
Joined: 03/13/2007
Posts: 55

In the sample Samples\C#\PDFBlackbox\Azure\DistributedPDFSigner:

Why MainWebRole has an certificate? I hoped to find a certificate (and private key) only on the MainWorkerRole.

I have a document on a web server and I have a client machine with a browser to make the signatures of documents. The signer's certificate is only in the client machine. I want to use the distributed signature to sign the document that is on the web server on the client machine without sending it to the client and without the signer's certificate is in my web server.
In the ELDOS examples that I found, certificates have been used in the web server and the client machine.

Can you help me?

Luis Ricardo
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.



Topic viewed 4256 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!