EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CADES-EPES signature validation error

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#22624
Posted: 11/23/2012 10:48:34
by Ernesto Alconada (Basic support level)
Joined: 11/01/2012
Posts: 26

I'm generating a CADES-EPES sign with this code:
Code

  Cert := TElX509Certificate.Create(nil);
  Storage:=TElWinCertStorage.Create(nil);
  with Storage do
  try
    SystemStores.Add('MY');
    Cert:=Certificates[IndiceCertificado];
    // opening source file
    SourceStream := TFileStream.Create(Fichero, fmOpenRead or fmShareDenyWrite);
    try
      // creating a CMS and a signature object
      CMS := TElSignedCMSMessage.Create(nil);
      try
        CMS.CreateNew(SourceStream, 0, SourceStream.Size);
        CMS.Detached:=true;
        with CMS.Signatures[CMS.AddSignature()] do
        begin
          try
            with TElCAdESSignatureProcessor.Create do
              try
                Signature:=CMS.Signatures[0];
                ForceSigningCertificateV2:=true;

                CreateEPES(Cert,Storage,
                           SB_OID_PKCS7_DATA,
                           StrToOID('2.16.724.1.3.1.1.2.1.8'),
                           SB_ALGORITHM_DGST_SHA1,
                           Base64EncodeString('7SxX3erFuH31TvAw9LZ70N7p1vA='),
                           'http://administracionelectronica.gob.es/es/ctt/politicafirma/politica_firma_AGE_v1_8.pdf',
                           '',
                           [],
                           '');
              finally
                Free;
              end;
            // saving the CMS
            CMSStream := TFileStream.Create(Firma, fmCreate);
            try
              CMS.Save(CMSStream);
            finally
              FreeAndNil(CMSStream);
            end;
            //Se abre el fichero temporal

          except
            on E : Exception do
              MessageDlg('Firmado fallido (' + E.Message + '). Por favor lea el log para detalles', mtError, [mbOk], 0);
          end;
        end;
      finally
        FreeAndNil(CMS);
      end;
    finally
      FreeAndNil(SourceStream);
    end;
  finally
    FreeAndNil(Storage);
  end;


when I try to validate the sign with your CADES demo, i'm obtaining that the sign is not valid. Do you know what's the reason? Thanks
#22625
Posted: 11/23/2012 10:55:29
by Ken Ivanov (Team)

Ernesto,

What exactly validation problem are you getting - in particular, is the signature reported as Invalid or Incomplete, are there any issues reported in the CompatibilityErrors set of the component?
#22627
Posted: 11/23/2012 12:13:05
by Ernesto Alconada (Basic support level)
Joined: 11/01/2012
Posts: 26

I watch the compatibilityerrors value is [cerrNoSignatureTimestamp,cerrNoCertificateReferences,cerrNoRevocationReferences,cerrNoRevocationValues,cerrNoArchivalTimestamp] after Validate() instruction, that returns asvInvalid
#22635
Posted: 11/26/2012 01:52:55
by Ken Ivanov (Team)

Ernesto,

The asvInvalid value is only returned if the integrity of the signature is undoubtedly violated. The CAdES sample only works with non-detached signatures, while your code creates a detached one. Did you amend the sample to load the relevant content before validating the signature?

If you did or you are still getting the asvInvalid result after amending the sample, please post the signature and the content to Helpdesk so that we could have a look at it.

Reply

Statistics

Topic viewed 1029 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!