EldoS | Feel safer!

Software components for data protection, secure storage and transfer

remote signature functionality (secure bb 9)

Posted: 08/01/2011 03:54:45
by Christoph Moar (Standard support level)
Joined: 08/28/2009
Posts: 46

Hi, we are currently using sbb 8.x, and I read that in the release 9 you have added a "remote signature" functionality. By rapidly overwiewing your email description, it seemed to work in such a way that on the client pc (holding the token) some kind of activex or browser plugin is enabled, so that when we start a server-side signature the client will be asked to insert the token and pincode. the server will only send the document hashsum to the plugin, and the latter will then sign the hashsum, thus not needing to send the whole document over the network anymore. This is aproximately what I read in your announcement.

Now for a bit deeper question:
is it possible to implement such a remote signature solution without any custom activex or browser plugin installation? I would like to have something like this: our client (c++) communicates with our server (c++, soap webservice). Our server fetches the document, computes the hashsum, passes the hashsum to our client where the signature is applied and sent back to the server to be stored.

All by using the classic eldos sbb functions, without need for a custom activex installation or such. Is this a makeable scenario?

Can you (very briefly) depict how your remote signature solution is ideally supposed to be implemented?


Posted: 08/01/2011 04:14:31
by Vsevolod Ievgiienko (Team)

Thank you for interest in our products.

Here is a short tutorial of how to use DC without an ActiveX/plugin installation:

A number of classes have been extended with extra distributed signing-related methods. For example, considering PDFBlackbox, you should do the following:

I. Preparation (client side)

1) Open the document and add a signature just as you do when signing the document in a usual (non-distributed) way.
2) Instead of calling Close(), call InitiateAsyncOperation() method. It will return a TElDCAsyncState object, which contains the information needed to perform signing.
3) Serialize state information to a stream with the use of its SaveToStream() method. Pass a TElDCXMLEncoding object to the Encoding parameter (it is the only encoding supported at the moment).
4) Send the serialized state to the signing party (server).

II. Signing (server side)

1) Create a TElDCStandardServer and TElDCX509SignOperationHandler objects. Set up the latter (by assigning a non-empty certificate storage to its CertStorage property) and pass it to the TElDCStandardServer.AddOperationHandler() method.
2) Pass the data received from client to the TElDCStandardServer.Process() method. This method will return you the signing result.
3) Send the obtained signing result back to client.

III. Finalization (client side)

1) Load the signing result obtained from server into a new TElDCAsyncResult instance.
2) Pass the TElDCAsyncResult object, along with the opened PDF document stream and a set up security handler object to the TElPDFDocument.CompleteAsyncOperation() method.

In a similar way distributed signing works with other SecureBlackbox components.
Posted: 08/01/2011 04:19:16
by Eugene Mayevski (Team)

Note - the client and server in Vsevolod's description are twisted, i.e. the web server is the client (of distributed signing operation), while client-side module is a server (as it serves signing requests by signing the hash)

Sincerely yours
Eugene Mayevski



Topic viewed 828 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!