EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Distributed Cryptography:

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#24601
Posted: 04/16/2013 11:14:37
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26

Hello,

I have changed the modified sample to include the change mentioned on 1). Then I tried to sign some documents and it looks like it works well. Than you very much.

About the point 2), I have changed nothing about that in the sample, so I guess that the libraries (SBDCSigner.ocx for ActiveX part, and com.secureblackbox.dc.applet.jar and com.secureblackbox.dc.jar for Java part) of the sample, manage the initialization of the CertStorage property on the client side in the distributed cryptography sample. But I think that you are meaning that the CertStorage property of the handler should be initalized during the PreSigner.cs Page_Load in psesSmart and psesSmartAndTrialTimestamp cases (so they can work well). I am right? If I am right in this assumption, I wonder if it is possible to reuse the code of the libraries (SBDCSigner.ocx, com.secureblackbox.dc.applet.jar and com.secureblackbox.dc.jar) to get the client side windows certificate store (the root one) of the local machine, to initialize the CertStorage property in the PreSigner.cs Page_Load function. Is this possible? I guess that I am misunderstanding something, because I think that it is not possible to get the client side windows certificate (the root one) of the local machine in the server side, so CertStorage property of the handler could be initialized during the Page_Load function of the PreSigner.cs. I think that I am a bit confused in this point.
#24603
Posted: 04/16/2013 15:43:32
by Ken Ivanov (EldoS Corp.)

Quote
But I think that you are meaning that the CertStorage property of the handler should be initalized during the PreSigner.cs Page_Load in psesSmart and psesSmartAndTrialTimestamp cases (so they can work well). I am right?

Yes, you are exactly right, sorry for being unclear.

In general case, there is no requirement to provide the signing certificates to the component via the CertStorage property on the pre-signing stage. However, their availability on the pre-signing stage can help increase the effectiveness of the component with regard to signature space calculation. In other words, such signatures will occupy less space in the document than those for which the signing certificates are not available on the pre-signing stage. However, environments do differ, and those signature size reduction techniques might just be technically unenforceable in some cases where the certificates are only become known to the component on the finalization stage.

This way, if specifics of your computational and network environments prevent you from getting signer's certificates on the pre-signing stage, you can simply go on with the TSBPAdESSignatureSizeEstimationStrategy.psesBasic signature size estimation strategy. This is absolutely normal and is just one of the possible component usage scenarios.
#24604
Posted: 04/17/2013 02:56:46
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26

Thank you very much for your explanation.

I think that I have done all the modifications I can do before our company purchases your licenses. I am not 100% sure, but I think that our company will purchase the licenses before the end of May.

I need to do a few (I hope so) modifications after our company purchase your licenses, so I guess that then maybe I will have to ask some questions again in this thread.

Thank you very much for all your answers and explanations,
Ari.
#24607
Posted: 04/17/2013 04:13:29
by Ken Ivanov (EldoS Corp.)

Ari,

Great, we are glad that you've managed to get the components work for you as you expected. You are always welcome to ask any further questions that might arise here or in the Helpdesk.

We wish you to have a pleasant and productive experience with SecureBlackbox.

Take care,

Ken
#24731
Posted: 04/29/2013 08:56:31
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26

Hello again,

I have a question about the type of firm that is done in your example "C#\ PDFBlackbox\ASPNet_Distributed". What kind of signature is exactly?

I mean, I changed time ago I made a modification to your example, changing the handler from TElPDFPublicKeySecurityHandler to TElPDFAdvancedPublicKeySecurityHandler. I mean, from:

Code
Dim handler As New TElPDFPublicKeySecurityHandler()


to:

Code
Dim handler As New TElPDFAdvancedPublicKeySecurityHandler()


Also I removed the sentence:

Code
handler.SignatureType = TSBPDFPublicKeySignatureType.pstPKCS7SHA1


and I added the sentences:

Code
handler.PAdESSignatureType = TSBPAdESSignatureType.pastBasic
handler.AutoCollectRevocationInfo = False
handler.IgnoreChainValidationErrors = False
handler.SignatureSizeEstimationStrategy = TSBPAdESSignatureSizeEstimationStrategy.psesBasic


So I can do a PAdES basic signature. But in the sample without any modifications of mine, what kind of signature is being done?
#24735
Posted: 04/29/2013 11:03:18
by Ken Ivanov (EldoS Corp.)

Hello Ari,

In default configuration the sample creates a generic PDF signature (PKCS#7 subtype) as defined in the PDF format specification, chapter 12.8.3.3.
#24898
Posted: 05/09/2013 08:31:47
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26

Hello,

our company has purchased PKI, PDF and DC licenses. Now I am seeking the way to accomplish the next goals:

-Now we are using a modified version of your sample "C#\PDFBlackbox\ASPNet_Distributed". I need to replace the GUI from the sample with our own GUI.

-I need to add session data to the connection the sample does by its own.

I think that for both goals I need to add the tickets to my account and then through "My Control Center" access the source code of ActiveX and Java parts. I am right?

Best regards,
Ari.
#24899
Posted: 05/09/2013 08:35:26
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

Yes you are right. You'll be able to do this with the source code.
#24900
Posted: 05/09/2013 18:33:20
by Orlando Rodriguez (Standard support level)
Joined: 07/31/2007
Posts: 5

Hi Ari, how are you going?

I have now started on a solution identical to yours. In recent months, I developed a local application signing PDFs with PADES LTV, so I recommend that you consider the following:

1. m_Handler.PAdESSignatureType = TSBPAdESSignatureType.pastEnhanced
This is necessary for the standard LTV
Two. Review the example PAdES to verify in detail the certificate validation options to include the OCSP response
Three. I think you need the http module to get the timestamp response. my code:
HTTPClient.HTTPProxyUsername = ""
HTTPClient.HTTPProxyPassword = ""
'End If
TSPClient.HTTPClient = HTTPClient
TSPClient.HashAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA1
TSPClient.URL = Trim (ServidorEstampadodetiempo) & "? U =" & Trim (UsuarioEstampado) & "& p =" & Trim (PasswordEstampado)
m_Handler.IgnoreTimestampFailure = ignorarErroresEstampado
m_Handler.TSPClient = TSPClient.

Let me know what country you are?

In order to collaborate with us, I would like to we exchanged code. Let me know your opinion.

Regards

Orlando R
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 7741 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!