EldoS | Feel safer!

Software components for data protection, secure storage and transfer

DC Module (Multiple Files at once)

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
Posted: 02/26/2014 14:40:08
by Pablo Cervera (Standard support level)
Joined: 02/26/2014
Posts: 17

Hi, I'm very interested on aquire a license of SecureBlack but I have some questions:

I need to develop a web application that can sign multiple PDF files at server side with a client side certficate.

I've been testing the secureBlackBox DC Module (Java, ActiveX, Flex) and the samples you provide can sign one file at a time. I mean, first a sample.pdf is loaded in memory and then, the module is loaded with that one PDF to be signed with any certificate the user select...
I need to pass to the module (Java or Activex) multiple PDF files but that the user only has to select his certificate only one time.
In other words. I need to sign 40 PDF files and to select the certificate, only one time.

Can i achieve this with SecureBlackBox. I think modifying the module sources and also the web application but I need to be sure.
If so, how i must do to pass modules multiple PDF files?

Thank you very much and sorry for my bad english.

Best Regards!
Posted: 02/26/2014 16:08:38
by Ken Ivanov (EldoS Corp.)

Hello Pablo,

Thank you for your interest in our products.

Basically, the DC subsystem works in the following way:

1. The web server pre-signs the document, calculates its hash and sends that hash to the web client (e.g. applet) within a so-called 'state' blob.

2. The web client extracts the hash from the state, asks the user for the signing certificate and uses it to sign the hash; then the client sends the signature within the 'response state' back to the server.

3. The web server completes the signing procedure by inserting the signature to the pre-signed document.

This scheme can be easily propagated to the multiple documents case. Literally, you would need to pre-sign all the documents one-by-one on the server side, pack all the created state blobs into a single large compound state object and send that object to the web client. The web client will ask the user for the certificate, extract all the individual states from the large state object and sign them one-by-one with the certificate object provided by the user. Once completed, the client will pack the obtained response states into a compound response state, and send it back to the server, which will finalize all the initiated signing operations.

From technical point of view, you will need to implement batching ('packing' and 'unpacking') on both client and server sides yourselves.
Posted: 02/27/2014 00:48:19
by Pablo Cervera (Standard support level)
Joined: 02/26/2014
Posts: 17

Hi Ken, thank you very much for the reply.

I'm going to buy SecureBlackBox today (i'm waiting for the approval).

Regarding at the packing I'm not sure how to implement that.
When you say "pack all the created state blobs into a single large compound state object" you mean i need to do this:

state = doc1.InitiateAsyncOperation();
state = doc2.InitiateAsyncOperation();
state = doc3.InitiateAsyncOperation();
state = doc4.InitiateAsyncOperation();

And then:

state.SaveToStream(output, SBDCXMLEnc.__Global.DCXMLEncoding());

Or I need a different structure ? Maybe with an array of states that i would decompound on the client module?

Can you help me with simple sample using 2 documents to sign?

Than you very much again!
Posted: 02/27/2014 03:15:06
by Ken Ivanov (EldoS Corp.)


You would need some simple hierarchic structure here to be able to compose and decompose that global state object in deterministic way. For example, you can use your own XML envelope to carry the states:
<?xml version="1.0" ?>
  <state>...content of state1...</state>
  <state>...content of state2...</state>

Please note that each state saved with DCXMLEncoding is a standalone XML document, so you will need to encode each state before inserting it to a node of that outer document (e.g. with base64) to preserve the correctness of the outer XML document.
Posted: 02/27/2014 03:20:48
by Pablo Cervera (Standard support level)
Joined: 02/26/2014
Posts: 17

Thank you very much Ken.

I've just bought the license. Still waiting for the license key...I was reading it takes no more than 24h.

Thank you again!
Posted: 02/27/2014 03:26:30
by Ken Ivanov (EldoS Corp.)


Thank you for choosing our products. Wish you to have an enjoyable and productive experience with SecureBlackbox (and we will do our best to make it so).

Each order is processed manually, so there might be a short delay between the purchase and the issuance of the license key. You will receive your license key within an hour. Sorry for making you wait.
Posted: 02/27/2014 03:30:41
by Pablo Cervera (Standard support level)
Joined: 02/26/2014
Posts: 17

Thank you very much Ken!

Don't worry about the delay!
Posted: 02/27/2014 07:06:11
by Pablo Cervera (Standard support level)
Joined: 02/26/2014
Posts: 17

Hello again Ken..

I've received the license key and all was fine.

But i'm still trying to follow your advice...

Can you give a simple sample on both server and client side to sign at least 2 pdf files?
Only need the important things, not all the process.
1. Load two PDF files
2. Get its states
3. Send this states to client
4. recevie this states
5. sign them
6. send back to server
7. complete signature

I understand almost everything when is for one file but i'm frustrating with states, nodes.. etc :p
Posted: 02/27/2014 09:55:48
by Ken Ivanov (EldoS Corp.)


In the simplest case it looks in the following way.

On the web server side:

1. You pre-sign all the documents from the list as it is done in the DCWeb sample (which is included to the distribution). For each pre-signing operation you get a memory stream filled in by the corresponding state.SaveToStream(output, SBDCXMLEnc.__Global.DCXMLEncoding()) call.

2. You combine all the states into a compound state object, for example in the following way ('states' in the code below is supposed to contain an array of SaveToStream() outputs):
            XmlDocument doc = new XmlDocument();

            XmlElement rootElem = doc.CreateElement("states");

            for (int i = 0; i < states.Length; i++)
                XmlElement stateElem = doc.CreateElement("state");

                stateElem.InnerXml = Convert.ToBase64String(states[i].ToArray());


            MemoryStream compStateStm = new MemoryStream();

3. You send the contents of compStateStm to the applet, just as it is done in the sample.

On the applet side:

4. You ask the user for the signing certificate just as it is done in the applet.

5. You decompose the compound state into a set of individual state streams. The .NET code looks in the following way, the Java code would be fairly similar:
            XmlDocument doc = new XmlDocument();


            if (doc.DocumentElement.Name == "states")
                for (int i = 0; i < doc.DocumentElement.ChildNodes.Count; i++)
                    if (doc.DocumentElement.ChildNodes[i].Name == "state")
                        string b64 = doc.DocumentElement.ChildNodes[i].InnerXml;
                        byte[] state = Convert.FromBase64String(b64);
                        states.Add(new MemoryStream(state));

Specifically, this should be done inside the processData() method of the applet. Instead of passing this.data to the constructor of ByteArrayInputStream, you decompose the compound state and end up with an array of ByteArrayInputStream (inStreams), that correspond to all the extracted states.

6. You pass each state, one-by-one, to the server.process() method:
ElDCStandardServer server = new ElDCStandardServer();
try {
   ElDCX509SignOperationHandler handler = new ElDCX509SignOperationHandler();
   handler.setSigningCertificate(signingCert, signingKey);
        for (int i = 0; i < inStreams.length; i++) {
           server.process(inStreams[i], outStreams[i]);
} catch (Exception e) {

7. You form a compound XML response state from the outStreams array, just as you did that with on the server side, and send the resulting state back to the server. Literally, the following call

this.signature = outStream.toByteArray();

should be replaced with something like

this.signature = FormCompoundState(outStreams);

On the server side:

8. You decompose the received compound response state into a set of individual states and finalize all the signing operations one-by-one.

Hope this answers your question.
Posted: 02/27/2014 11:04:40
by Pablo Cervera (Standard support level)
Joined: 02/26/2014
Posts: 17

Thank You very very much Ken.

I'm using your code and i think will work perfectly.
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.



Topic viewed 3102 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!