EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Is it possible to create visible Asynch Office Signatures

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#25068
Posted: 05/27/2013 09:48:00
by Eugene Mayevski (EldoS Corp.)

It will probably be much faster if we implement your task for you as a custom service. For us to do this you need to compose a detailed formal specification of what you need to be done. Then we can estimate time and cost.


Sincerely yours
Eugene Mayevski
#25333
Posted: 06/18/2013 04:38:00
by wahaj khan (Basic support level)
Joined: 01/10/2013
Posts: 8

Hi,

Thanks for your response. We are now going to explore the API and if stuck will ping.

I need to know one thing related to signature verification of office document (OOXML). If the signature produced is long term i.e. XAdES-X-L (containing timestamp and revocation information i.e, OCSP or CRL) then can Eldos verify the digital signature (references, PKCS#1 verification) using the embedded timestamp time and revocation information for the signer certificate it self?

If yes then will it also verify the timestamp signer certificate revocation at signing time or current time (do confirm which time is used for this) using the embedded revocation?

If yes can you guide me the API function so that I further explore.

Regards,
Wahaj
#25334
Posted: 06/18/2013 05:32:07
by Dmytro Bogatskyy (EldoS Corp.)

Quote
I need to know one thing related to signature verification of office document (OOXML). If the signature produced is long term i.e. XAdES-X-L (containing timestamp and revocation information i.e, OCSP or CRL) then can Eldos verify the digital signature (references, PKCS#1 verification) using the embedded timestamp time and revocation information for the signer certificate it self?

If yes then will it also verify the timestamp signer certificate revocation at signing time or current time (do confirm which time is used for this) using the embedded revocation?

Yes, it is possible.
XAdES validation is performed in the separate step using TElXAdESVerifier class. See: https://www.eldos.com/documentation/sb...ifier.html
Using it you can set ValidationMoment property to specify the time when the signature is validated. Timestamp imprint and timestamp signing certificate are also validated.
You can obtain an instance of TElXAdESVerifier class using signature handler XAdESProcessor property.
For the sample using TElXAdESVerifier class please see Samples\XMLBlackbox\[Language]\AdvancedSigner sample.
#25359
Posted: 06/19/2013 11:36:45
by wahaj khan (Basic support level)
Joined: 01/10/2013
Posts: 8

Thanks.

While performing signature verification, what is the mechanism of establishing trust. Normally trust should be built ONLY to a Root CA. Will verification ensures this? Any standards followed e.g. RFC 5280 for establishing trust or validation trust? Note that we have our own internally stored trusted Root Certs so we would need to ensure that the root certs which are trusted by ELDOS as part of signature verification, timestamp verification and revocation verification are ALSO trusted by us. If ELDOS can provide us these root CA to which any cryptographic object chains then we can check them locally.

Regards,
Wahaj
#25361
Posted: 06/19/2013 11:51:06
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

Usually signing certificate is validated using TElX509CertificateValidator (https://www.eldos.com/documentation/sb...ator.html). Our samples demonstrate how this is done. This article also describes the validation process in details: https://www.eldos.com/security/articles/7545.php

SecureBlackbox doesn't maintain its own list of trusted CA certificates. TElX509CertificateValidator allows to use your own lists and/or the one stored in Windows stores.
#25459
Posted: 06/26/2013 09:58:25
by wahaj khan (Basic support level)
Joined: 01/10/2013
Posts: 8

Thanks for prompt response.

I have tried to add trusted identities in TElCustomCertStorage using TElX509Certificate.LoadFromBufferAuto method by putting certificate DER base64 encoded bytes. Certificates added but no certificate has resolved Subject or Issuer name etc.

See below my code

Code
System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding();

foreach (string cert in certBase64)
            {
                TElX509Certificate certificate = new TElX509Certificate();
                certificate.UseUTF8 = true;
                byte[] certBytes = encoding.GetBytes(cert);
                certificate.LoadFromBufferAuto(certBytes,0, certBytes.Length, string.Empty);
                certStore.Add(certificate, false);
            }


Let me know where I am doing wrong or missing something else.

Regards,
Wahaj
#25461
Posted: 06/26/2013 13:02:55
by Ken Ivanov (EldoS Corp.)

Wahaj,

Remember to check return values of your LoadFromBufferAuto() calls. It seems that the certificates are just not loaded, and the return values might be of great help with finding out a reason.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 3025 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!