EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Distributed Cryptography:

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
Posted: 04/16/2013 11:14:37
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26


I have changed the modified sample to include the change mentioned on 1). Then I tried to sign some documents and it looks like it works well. Than you very much.

About the point 2), I have changed nothing about that in the sample, so I guess that the libraries (SBDCSigner.ocx for ActiveX part, and com.secureblackbox.dc.applet.jar and com.secureblackbox.dc.jar for Java part) of the sample, manage the initialization of the CertStorage property on the client side in the distributed cryptography sample. But I think that you are meaning that the CertStorage property of the handler should be initalized during the PreSigner.cs Page_Load in psesSmart and psesSmartAndTrialTimestamp cases (so they can work well). I am right? If I am right in this assumption, I wonder if it is possible to reuse the code of the libraries (SBDCSigner.ocx, com.secureblackbox.dc.applet.jar and com.secureblackbox.dc.jar) to get the client side windows certificate store (the root one) of the local machine, to initialize the CertStorage property in the PreSigner.cs Page_Load function. Is this possible? I guess that I am misunderstanding something, because I think that it is not possible to get the client side windows certificate (the root one) of the local machine in the server side, so CertStorage property of the handler could be initialized during the Page_Load function of the PreSigner.cs. I think that I am a bit confused in this point.
Posted: 04/16/2013 15:43:32
by Ken Ivanov (Team)

But I think that you are meaning that the CertStorage property of the handler should be initalized during the PreSigner.cs Page_Load in psesSmart and psesSmartAndTrialTimestamp cases (so they can work well). I am right?

Yes, you are exactly right, sorry for being unclear.

In general case, there is no requirement to provide the signing certificates to the component via the CertStorage property on the pre-signing stage. However, their availability on the pre-signing stage can help increase the effectiveness of the component with regard to signature space calculation. In other words, such signatures will occupy less space in the document than those for which the signing certificates are not available on the pre-signing stage. However, environments do differ, and those signature size reduction techniques might just be technically unenforceable in some cases where the certificates are only become known to the component on the finalization stage.

This way, if specifics of your computational and network environments prevent you from getting signer's certificates on the pre-signing stage, you can simply go on with the TSBPAdESSignatureSizeEstimationStrategy.psesBasic signature size estimation strategy. This is absolutely normal and is just one of the possible component usage scenarios.
Posted: 04/17/2013 02:56:46
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26

Thank you very much for your explanation.

I think that I have done all the modifications I can do before our company purchases your licenses. I am not 100% sure, but I think that our company will purchase the licenses before the end of May.

I need to do a few (I hope so) modifications after our company purchase your licenses, so I guess that then maybe I will have to ask some questions again in this thread.

Thank you very much for all your answers and explanations,
Posted: 04/17/2013 04:13:29
by Ken Ivanov (Team)


Great, we are glad that you've managed to get the components work for you as you expected. You are always welcome to ask any further questions that might arise here or in the Helpdesk.

We wish you to have a pleasant and productive experience with SecureBlackbox.

Take care,

Posted: 04/29/2013 08:56:31
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26

Hello again,

I have a question about the type of firm that is done in your example "C#\ PDFBlackbox\ASPNet_Distributed". What kind of signature is exactly?

I mean, I changed time ago I made a modification to your example, changing the handler from TElPDFPublicKeySecurityHandler to TElPDFAdvancedPublicKeySecurityHandler. I mean, from:

Dim handler As New TElPDFPublicKeySecurityHandler()


Dim handler As New TElPDFAdvancedPublicKeySecurityHandler()

Also I removed the sentence:

handler.SignatureType = TSBPDFPublicKeySignatureType.pstPKCS7SHA1

and I added the sentences:

handler.PAdESSignatureType = TSBPAdESSignatureType.pastBasic
handler.AutoCollectRevocationInfo = False
handler.IgnoreChainValidationErrors = False
handler.SignatureSizeEstimationStrategy = TSBPAdESSignatureSizeEstimationStrategy.psesBasic

So I can do a PAdES basic signature. But in the sample without any modifications of mine, what kind of signature is being done?
Posted: 04/29/2013 11:03:18
by Ken Ivanov (Team)

Hello Ari,

In default configuration the sample creates a generic PDF signature (PKCS#7 subtype) as defined in the PDF format specification, chapter
Posted: 05/09/2013 08:31:47
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26


our company has purchased PKI, PDF and DC licenses. Now I am seeking the way to accomplish the next goals:

-Now we are using a modified version of your sample "C#\PDFBlackbox\ASPNet_Distributed". I need to replace the GUI from the sample with our own GUI.

-I need to add session data to the connection the sample does by its own.

I think that for both goals I need to add the tickets to my account and then through "My Control Center" access the source code of ActiveX and Java parts. I am right?

Best regards,
Posted: 05/09/2013 08:35:26
by Vsevolod Ievgiienko (Team)


Yes you are right. You'll be able to do this with the source code.
Posted: 05/09/2013 18:33:20
by Orlando Rodriguez (Standard support level)
Joined: 07/31/2007
Posts: 5

Hi Ari, how are you going?

I have now started on a solution identical to yours. In recent months, I developed a local application signing PDFs with PADES LTV, so I recommend that you consider the following:

1. m_Handler.PAdESSignatureType = TSBPAdESSignatureType.pastEnhanced
This is necessary for the standard LTV
Two. Review the example PAdES to verify in detail the certificate validation options to include the OCSP response
Three. I think you need the http module to get the timestamp response. my code:
HTTPClient.HTTPProxyUsername = ""
HTTPClient.HTTPProxyPassword = ""
'End If
TSPClient.HTTPClient = HTTPClient
TSPClient.HashAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA1
TSPClient.URL = Trim (ServidorEstampadodetiempo) & "? U =" & Trim (UsuarioEstampado) & "& p =" & Trim (PasswordEstampado)
m_Handler.IgnoreTimestampFailure = ignorarErroresEstampado
m_Handler.TSPClient = TSPClient.

Let me know what country you are?

In order to collaborate with us, I would like to we exchanged code. Let me know your opinion.


Orlando R
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.



Topic viewed 8272 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!