EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CAdES Async Sign

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
Posted: 06/08/2011 17:24:17
by Ken Ivanov (EldoS Corp.)

Your code is not completely correct. Please find the correct one below:
        ' 1. Pre-signing stage (client side)

        Dim sigIndex As Integer
        Dim FCMS As New TElSignedCMSMessage
        FCMS.CreateNew(System.Text.UnicodeEncoding.Unicode.GetBytes("test"), 0, 4)

        sigIndex = FCMS.AddSignature()
        ' Note: you cannot use csoIncludeCertToAttributes option if no certificate is available on client side
        FCMS.Signatures(sigIndex).SigningOptions = SBCMS.Unit.csoIncludeCertToMessage Or SBCMS.Unit.csoInsertContentType Or SBCMS.Unit.csoInsertMessageDigests Or SBCMS.Unit.csoInsertSigningTime
        FCMS.Signatures(sigIndex).DigestAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA1
        FCMS.Signatures(sigIndex).SigningTime = DateTime.Now
        FCMS.Signatures(sigIndex).PublicKeyAlgorithm = SBUtils.Unit.SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION
        Dim state As TElDCAsyncState = Nothing
        Dim preSigStream As New MemoryStream
        preSigStream.Position = 0
        Dim reqStream As New System.IO.MemoryStream
        Dim encoder As New TElDCXMLEncoding
        state.SaveToStream(reqStream, encoder)
        reqStream.Position = 0

        ' 2. Digest signing stage (server side)

        Dim server As New TElDCStandardServer
        Dim sigHandler As New TElDCX509SignOperationHandler
        Dim certStore As New SBCustomCertStorage.TElMemoryCertStorage

        Dim SignerCert As New SBX509.TElX509Certificate
        SignerCert.LoadFromFileAuto("c:\projects\secureblackbox\certificates\cert.pfx", "password")
        certStore.Add(SignerCert, True)

        sigHandler.CertStorage = certStore

        Dim respStream As New System.IO.MemoryStream
        server.Process(reqStream, respStream, New TElDCXMLEncoding(), New TElDCXMLEncoding())
        respStream.Position = 0

        ' 3. Finalization stage (client side)

        Dim finalState As New TElDCAsyncState
        Dim decoderFinal As New TElDCXMLEncoding
        finalState.LoadFromStream(respStream, decoderFinal)

        Dim finalCMS As New TElSignedCMSMessage
        finalCMS.Open(preSigStream, Nothing, 0, 0)
        Dim sigStream As New MemoryStream()

However, I've just found out that distributed signing of the CMS messages has been broken in the last SBB build. We'll prepare a fix and make it available in the future build (hopefully tomorrow). No other classes (SBMessages, PDF, XML) are affected. We are sorry for the inconvenience.

Why MainWebRole has an certificate? I hoped to find a certificate (and private key) only on the MainWorkerRole.

In general, certificate is not needed on client side. It may be needed in some cases though (e.g. if you need to add the SigningCertificate attribute to, which is involved into hash calculation). The code above does not use certificates on client side.
Posted: 06/09/2011 06:28:40
by Qualisoft CQPD (Standard support level)
Joined: 03/13/2007
Posts: 55

I am concerned with the following code:

Dim SignerCert As New SBX509.TElX509Certificate
SignerCert.LoadFromFileAuto("c:\projects\secureblackbox\certificates\cert.pfx", "password")
certStore.Add(SignerCert, True)

If the certificate is in smartcard we can not "copy" the private key.
This "copy = true" is only a reference to private key?

thanks for help
Posted: 06/09/2011 06:36:12
by Ken Ivanov (EldoS Corp.)

You must pass True to CopyPrivateKey independently of where the certificate is originating from. In the case if the certificate is stored on a smart card only a reference to the private key is copied.



Topic viewed 3944 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!