EldoS | Feel safer!

Software components for data protection, secure storage and transfer


Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
Posted: 06/28/2012 02:21:19
by eblackmo  (Standard support level)
Joined: 05/09/2012
Posts: 24

So we are receiving signed XML data from an upstream system. We read the data off the queue as a MemoryStream (.NET) The stream contains the signed object and the detached signature.

What I'm currently doing is reading that stream object and passing it straight to an API that uses the TElXMLVerifier and TElXAdESVerifier to validate the signature. I can parse that stream and extract the object data that was signed and the signature as well based on XML element tags and process.

Using manual reference checking

      TElXMLC14NTransform cannon = new TElXMLC14NTransform();
      cannon.CanonicalizationMethod = SBXMLDefs.Unit.xcmCanon;
      reference.DigestMethod = SBXMLSec.Unit.xdmSHA256;
      reference.URIData = buffer;

The buffer contains the signed XML in UTF-8 encoding. WE want to make the API more generic so instead of setting URIData I want to grab the stream object off the queue and dump it into the TElXMLVerifier.Load(Document) I know if I do this now it can find and validate the signature but I need to be able to just call TElXMLVerifier.VAlidateReferences() and have the signed data automatically validated.

So currently I have a test signer class that sets the URI property of the reference. The reference then assigns data for transformation/digest to URIData as UTF-8 byte array.

So I think I can use URINode because the documentation seems to suggest that the URI will be used to locate the signed data. What I'm asking is this if the URINode property is set and I load the entire stream will I be able to validate the reference of my signed XML without building the reference e.g. does the verifier use XPath to locate the data that was digested?

Also what actually gets assigned to URINode I know it is an Eldos DOMnode but what format is the URI in?
Posted: 06/28/2012 03:20:11
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Please refer to our sample that is located in \EldoS\SecureBlackbox.NET\Samples\C#\XMLBlackbox\AdvancedSigner. It shows how to validate detached signatures and use URINode property.



Topic viewed 921 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!