EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CADES-EPES signature validation error

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#22624
Posted: 11/23/2012 10:48:34
by Ernesto Alconada (Basic support level)
Joined: 11/01/2012
Posts: 25

I'm generating a CADES-EPES sign with this code:
Code

  Cert := TElX509Certificate.Create(nil);
  Storage:=TElWinCertStorage.Create(nil);
  with Storage do
  try
    SystemStores.Add('MY');
    Cert:=Certificates[IndiceCertificado];
    // opening source file
    SourceStream := TFileStream.Create(Fichero, fmOpenRead or fmShareDenyWrite);
    try
      // creating a CMS and a signature object
      CMS := TElSignedCMSMessage.Create(nil);
      try
        CMS.CreateNew(SourceStream, 0, SourceStream.Size);
        CMS.Detached:=true;
        with CMS.Signatures[CMS.AddSignature()] do
        begin
          try
            with TElCAdESSignatureProcessor.Create do
              try
                Signature:=CMS.Signatures[0];
                ForceSigningCertificateV2:=true;

                CreateEPES(Cert,Storage,
                           SB_OID_PKCS7_DATA,
                           StrToOID('2.16.724.1.3.1.1.2.1.8'),
                           SB_ALGORITHM_DGST_SHA1,
                           Base64EncodeString('7SxX3erFuH31TvAw9LZ70N7p1vA='),
                           'http://administracionelectronica.gob.es/es/ctt/politicafirma/politica_firma_AGE_v1_8.pdf',
                           '',
                           [],
                           '');
              finally
                Free;
              end;
            // saving the CMS
            CMSStream := TFileStream.Create(Firma, fmCreate);
            try
              CMS.Save(CMSStream);
            finally
              FreeAndNil(CMSStream);
            end;
            //Se abre el fichero temporal

          except
            on E : Exception do
              MessageDlg('Firmado fallido (' + E.Message + '). Por favor lea el log para detalles', mtError, [mbOk], 0);
          end;
        end;
      finally
        FreeAndNil(CMS);
      end;
    finally
      FreeAndNil(SourceStream);
    end;
  finally
    FreeAndNil(Storage);
  end;


when I try to validate the sign with your CADES demo, i'm obtaining that the sign is not valid. Do you know what's the reason? Thanks
#22625
Posted: 11/23/2012 10:55:29
by Ken Ivanov (EldoS Corp.)

Ernesto,

What exactly validation problem are you getting - in particular, is the signature reported as Invalid or Incomplete, are there any issues reported in the CompatibilityErrors set of the component?
#22627
Posted: 11/23/2012 12:13:05
by Ernesto Alconada (Basic support level)
Joined: 11/01/2012
Posts: 25

I watch the compatibilityerrors value is [cerrNoSignatureTimestamp,cerrNoCertificateReferences,cerrNoRevocationReferences,cerrNoRevocationValues,cerrNoArchivalTimestamp] after Validate() instruction, that returns asvInvalid
#22635
Posted: 11/26/2012 01:52:55
by Ken Ivanov (EldoS Corp.)

Ernesto,

The asvInvalid value is only returned if the integrity of the signature is undoubtedly violated. The CAdES sample only works with non-detached signatures, while your code creates a detached one. Did you amend the sample to load the relevant content before validating the signature?

If you did or you are still getting the asvInvalid result after amending the sample, please post the signature and the content to Helpdesk so that we could have a look at it.

Reply

Statistics

Topic viewed 921 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!