EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CAdES - C / A Problems

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#26144
Posted: 08/16/2013 06:30:46
by Volkan Karakaya (Basic support level)
Joined: 08/02/2013
Posts: 9

Hi,

Trying to do CAdES-C ( but my intention to have CAdES-A) sign a string data. Digital sign data open 3rd party validation application and validating sign, then i get the error:
calculated hash value of the time stamp and calculated hash value of the signature not same.

Code
TElCustomCertStorage store = new TElFileCertStorage();

                TElPKCS11CertStorage certStorage = new TElPKCS11CertStorage();
                TElX509Certificate cert = GetCertificate(out certStorage);


                TElX509Certificate rootCert = new TElX509Certificate();
                rootCert.LoadFromFileAuto(@"D:\KOK2.crt", "");

                TElX509Certificate subRootCert = new TElX509Certificate();
                subRootCert.LoadFromFileAuto(@"D:\2.crt", "");

                store.Add(rootCert, false);
                store.Add(subRootCert, false);
                var rChain = store.BuildChain(cert);

                using (SBCMS.TElSignedCMSMessage msg = new TElSignedCMSMessage())
                {
                    byte[] Data = SBUtils.Unit.BytesOfString("volkankarakaya");
                    msg.CreateNew(Data, 0, Data.Length);
                    
                    using (TElCMSSignature signature = msg.GetSignature(msg.AddSignature()))
                    {
                        validator.CheckCRL = true;
                        validator.CheckOCSP = true;
                        validator.CheckValidityPeriodForTrusted = true;
                        validator.ForceCompleteChainValidationForTrusted = true;
                        validator.IgnoreCAKeyUsage = true;
                        validator.IgnoreSystemTrust = false;
                        validator.ImplicitlyTrustSelfSignedCertificates = false;
                        validator.MandatoryCRLCheck = false;
                        validator.MandatoryOCSPCheck = false;
                        validator.MandatoryRevocationCheck = true;
                        validator.OfflineMode = false;
                        validator.UseSystemStorages = false;
                        validator.ValidateInvalidCertificates = false;

                        validator.AddTrustedCertificates(store);

                        validator.Validate(cert, ref validity, ref reason);

                        TElHTTPTSPClient TSPCli = new TElHTTPTSPClient();
                  TElHTTPSClient HTTPCli = new TElHTTPSClient();

                  TSPCli.HTTPClient = HTTPCli;
                  TSPCli.CertStorage = store;
                  TSPCli.URL = "http://zd2.e-guven.com/TSS/HttpTspServer";

                        signature.UsePSS = false;
                        signature.Sign(cert, store);
                        signature.AddTimestamp(TSPCli);
                      
                     ArrayList ocspResponses = new ArrayList();

                        TElHTTPOCSPClient ocspClient = new TElHTTPOCSPClient();
                        TElHTTPSClient ocspHttpClient = new TElHTTPSClient();

                        ocspClient.CertStorage = store;
                        ocspClient.HTTPClient = ocspHttpClient;
                        ocspClient.IncludeCertificates = true;
                        ocspClient.IncludeSignature = false;
                        ocspClient.IssuerCertStorage = store;
                        ocspClient.URL = "http://ocsp2.e-guven.com/ocsp.xuda";

                        short serverResult = 0;
                        byte[] reply = null;

                        int res = ocspClient.PerformRequest(ref serverResult, ref reply);
                        ocspResponses.Add(ocspClient.Response);            

                        TElMemoryCRLStorage crl = new TElMemoryCRLStorage();

                        signature.AddCompleteValidationData(store, crl, ocspResponses, false);

                        signature.AddValidationTimestamp(tsp, TSBCMSTimestampType.cvtESC);
                        //signature.AddValidationTimestamp(tsp, TSBCMSTimestampType.cvtArchive);
                        var result2 = signature.Validate();
                        using (FileStream s = File.OpenWrite("d:\\eldos-a.imz"))
                            msg.Save(s);
               }
            }


What is wrong with my code ?

Thank you in advance.
#26145
Posted: 08/16/2013 06:53:30
by Eugene Mayevski (EldoS Corp.)

Did you try to use the sample application to sign the data? Did it work? I.e. is the 3rdparty application able to validate the signature created with the sample?


Sincerely yours
Eugene Mayevski
#26146
Posted: 08/16/2013 07:03:58
by Volkan Karakaya (Basic support level)
Joined: 08/02/2013
Posts: 9

Yes it works, when I signed with this 3rd application is not a problem. CAdES X, CAdES A.

There is a problem in the code is trying to do the CAdES-C?
#26147
Posted: 08/16/2013 07:19:26
by Eugene Mayevski (EldoS Corp.)

Frankly speaking, I am confused with your answer. Do I understand right that the signature created with *your* code in CAdES X or CAdES A forms is accepted by the third-party application? OR it's the sample's signature only that is accepted by the third-party application?


Sincerely yours
Eugene Mayevski
#26148
Posted: 08/16/2013 07:30:55
by Volkan Karakaya (Basic support level)
Joined: 08/02/2013
Posts: 9

I'm so sorry my mistakes.

I'm trying to create a signature format cades-c with the code above and I want to do the validation I get an error; calculated hash value of the time stamp and calculated hash value of the signature not same.

Could you point me in the right direction what's wrong?
#26151
Posted: 08/16/2013 07:36:25
by Eugene Mayevski (EldoS Corp.)

First you need to try the sample application and see if it works for you i.e. if its signatures are accepted by the validator (thirdparty application).

If the validator doesn't accept the signature created with the sample application, this can be a bug of that thirdparty application rather than of our code.


Sincerely yours
Eugene Mayevski
#26153
Posted: 08/16/2013 07:53:32
by Volkan Karakaya (Basic support level)
Joined: 08/02/2013
Posts: 9

Thanks for your quick reply,

Do you have an Cades-C or Cades-A example code explaining step by step?
#26154
Posted: 08/16/2013 07:59:24
by Eugene Mayevski (EldoS Corp.)

We have a detailed how-to with step-by-step instructions. And a sample that has everything working and which you need to test to find out where the problem originates from.


Sincerely yours
Eugene Mayevski
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 1194 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!