EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Signature Policy Id file

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
Posted: 06/13/2013 04:52:58
by Kees de Wit (Standard support level)
Joined: 06/13/2013
Posts: 17

I am looking at the advanced signer example of XMLBlackBox and have a question regarding the "Policy File". What is the use of this file and where can I find such a file or how can I create it? Is there maybe an example available?
Posted: 06/13/2013 05:23:00
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us.

From XAdES specification v1.4.2, section 7.2.3:

The signature policy is a set of rules for the creation and validation of an electronic signature, under which the signature can be determined to be valid. A given legal/contractual context MAY recognize a particular signature policy as meeting its requirements.

The signature policy needs to be available in human readable form so that it can be assessed to meet the requirements of the legal and contractual context in which it is being applied.

To facilitate the automatic processing of an electronic signature the parts of the signature policy which specify the electronic rules for the creation and validation of the electronic signature also need to be in a computer processable

If no signature policy is identified then the signature may be assumed to have been generated/verified without any policy constraints, and hence may be given no specific legal or contractual significance through the context of a signature policy.

The present document specifies two unambiguous ways for identifying the signature policy that a signature follows:

• The electronic signature can contain an explicit and unambiguous identifier of a signature policy together with a hash value of the signature policy, so it can be verified that the policy selected by the signer is the one being used by the verifier. An explicit signature policy has a globally unique reference, which, in this way, is bound to an electronic signature by the signer as part of the signature calculation. In these cases, for a given explicit
signature policy there shall be one definitive form that has a unique binary encoded value. Finally, a signature policy identified in this way MAY be qualified by additional information.

• Alternatively, the electronic signature can avoid the inclusion of the aforementioned identifier and hash value. This will be possible when the signature policy can be unambiguously derived from the semantics of the type
of data object(s) being signed, and some other information, e.g. national laws or private contractual agreements, that mention that a given signature policy MUST be used for this type of data content. In such cases, the signature will contain a specific empty element indicating that this implied way to identify the signature policy is used instead the identifier and hash value.

The signature policy identifier is a signed property qualifying the signature.

So, for explicit way you need to specify signature policy identifier and it's policy hash. This "Policy File" option is used to calculate a digest value. In application, you may cache digest value for specific identifiers and set SigPolicyHash properties directly.
If you don't set PolicyId properties and specify XAdES-EPES form then implied way is used (SignaturePolicyImplied element will be included).



Topic viewed 498 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!