EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Cannot Sign PADES

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#21869
Posted: 10/08/2012 09:46:31
by Francesco Geri (Basic support level)
Joined: 10/08/2012
Posts: 7

Hi, I'm evaluating your libraries to sign a PDF with PADES signature.
I've tried with you sample project (PAdES_VS_2008), using a certificate on my desktop loaded using:

Dim r As Integer = m_Cert.LoadFromFileAuto(tbCertPath.Text, tbCertPass.Text)

The signature process thrown following exception:

SBPAdES.EElPDFAdvancedPublicKeySecurityHandlerError: No signing certificate at SBPAdES.TElPDFAdvancedPublicKeySecurityHandler.SignHash(Byte[] Hash, Int32 StartIndex, Int32 Count) at SBPDF.TElPDFDocument.InsertActualSignatureInformation(Boolean IncrementalUpdate) at SBPDF.TElPDFDocument.Close(Boolean Save) at PAdES.Form1.CloseCurrentDocument(Boolean saveChanges) in C:\Users\Public\Documents\EldoS\SecureBlackbox.NET\Samples\VB.NET\PDFBlackbox\PAdES\Form1.vb:line 69


I don't know why I reach this error, can you help me?
#21870
Posted: 10/08/2012 09:51:32
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

It seems that the certificate doesn't contain a private key. Could you try to use the sample certificate that is included into SecureBlackbox and is located in \EldoS\SecureBlackbox.NET\Extra\Certificates\cert.pfx
#21871
Posted: 10/08/2012 10:33:58
by Vsevolod Ievgiienko (EldoS Corp.)

Just to clarify: indeed the certificate you've just posted via Helpdesk doesn't contain a private key.
#21885
Posted: 10/09/2012 00:41:32
by Vsevolod Ievgiienko (EldoS Corp.)

It depends. If you already have a certificate without a private key, then nowhere. Usually this key is stored *beside* a certificate.

You can refer to this article for general information about how does certificates work: http://www.eldos.com/security/articles/1953.php
#21899
Posted: 10/10/2012 01:58:35
by Francesco Geri (Basic support level)
Joined: 10/08/2012
Posts: 7

Quote
Vsevolod Ievgiienko wrote:
Just to clarify: indeed the certificate you've just posted via Helpdesk doesn't contain a private key.


I need to obtain a valid PAdES digital signature, but your test certificate is not a valid certificate.
Really I want to use the certificate from my smartcard, but I had some problem to read the certificate from the smartcard.
I try again.

Thank you
#21900
Posted: 10/10/2012 03:41:34
by Francesco Geri (Basic support level)
Joined: 10/08/2012
Posts: 7

I've tried now to read the certificate from my smartcard and the signature process can be completed.
But the resultant pdf file is not a valid PAdES.
The signature is not valid, and not verified.
And there is a watermark with my signature...is it possible to not add it?

How can I attach my resultant pdf file?


This is my code:

Code
' Create the storage (in memory)
CertStorage = New TElMemoryCertStorage
CertStorage.Clear()
CertStorage.Add(Storage.Certificates(certIndex), True)

Using pdfDoc As New SBPDF.TElPDFDocument()
   Using fStream As IO.Stream = IO.File.Open(pdfFilePath, FileMode.Open, FileAccess.ReadWrite)
      ' Open the PDF file
      pdfDoc.Open(fStream)
      ' Adds the signature and get the index
      Dim signatureIndex As Integer = pdfDoc.AddSignature()
      ' With the index obtain the new signature
      Dim newSignature As SBPDF.TElPDFSignature = pdfDoc.Signatures(signatureIndex)
      newSignature.Invisible = False
      newSignature.AuthorName = certSubjectName 'I need to set this field?
      newSignature.Reason = "TEST with ELDOS DLLs"
      ' Imposta l'handler
      Dim handler As New SBPAdES.TElPDFAdvancedPublicKeySecurityHandler
      handler.PAdESSignatureType = SBPAdES.TSBPAdESSignatureType.pastBasic
      handler.HashAlgorithm = SB_ALGORITHM_DGST_SHA256
      handler.AutoCollectRevocationInfo = True
      handler.IgnoreChainValidationErrors = True
      newSignature.Handler = handler
      ' Imposta lo storage nell'hanlder
      handler.CertStorage = CertStorage
      ' Chiude il file firmandolo
      pdfDoc.Close(True)
   End Using
End Using
#21901
Posted: 10/10/2012 03:50:04
by Vsevolod Ievgiienko (EldoS Corp.)

First of all, try to create a signature using our sample that is located in \EldoS\SecureBlackbox.NET\Samples\C#\PDFBlackbox\PAdES. "Visible signature" checkbox allows to turn the *wathermark* on and off.

Quote
But the resultant pdf file is not a valid PAdES.
The signature is not valid, and not verified.

How do you check this? What exact errors do you get?

Quote
How can I attach my resultant pdf file?

You should use Helpdesk if you need to attach any files to your messages.
#21904
Posted: 10/10/2012 04:27:16
by Francesco Geri (Basic support level)
Joined: 10/08/2012
Posts: 7

Thank you, I've setted to invisible the wathermark.

About the validity of the Digital Signature I've only opened the pdf with Adobe reader.
I've not errors but Adobe say that the signature is not verified, and does not show me any information about the signature.
Really, I don't know how to check a PAdES signature.
#21905
Posted: 10/10/2012 04:31:01
by Vsevolod Ievgiienko (EldoS Corp.)

Most likely Abobe Reader is not aware of the certificate or certificates chain that you've used for signing. It tries to validate certificates chain but can't find some intermediate certificate or a root certificate is not included into the trusted list.

Could you send us a sample document via Helpdesk?
#21907
Posted: 10/10/2012 04:45:13
by Francesco Geri (Basic support level)
Joined: 10/08/2012
Posts: 7

Thank you Vsevolod,
I've posted my pdf file on the helpdesk.

I've do nothing about the certificate chain...
I've tried to set the AutoCollectRevocationInfo to True but with this I receive an error (Chain validation failed).
then I've setted IgnoreChainValidationErrors to True to obtain the signature.
I have to explictly specify the chain?
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 2220 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!