EldoS | Feel safer!

Software components for data protection, secure storage and transfer

XML Signature

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#269
Posted: 05/17/2006 19:23:42
by Dmytro Bogatskyy (EldoS Corp.)

Thank you. I was able to reproduce this issue and are working on it. Looks like online signature validation got confused with reference URI that demo application generate.

P.S. The NotOK.xml was reformatted with external tool, so Signature was corrupted. (Canonicalization algorithm retain all whitespace between tags.)
#270
Posted: 05/18/2006 01:57:49
by Haris Zujo (Standard support level)
Joined: 05/12/2006
Posts: 33

Quote
The NotOK.xml was reformatted with external tool, so Signature was corrupted


Yes I know. I made that but only for better comparison with OK.xml.
#292
Posted: 05/22/2006 11:12:46
by Haris Zujo (Standard support level)
Joined: 05/12/2006
Posts: 33

Hi

I made a little upgrade to your's sample aplication "SimpleSigner", because I think that it is nice thing that I can select certificate from store. If you want you can include it into next release. It is just one more usage example.
Usage: Instead of selecting a file and password you can select just x509 certificate from store.

regards
Haris


[ Download ]
#300
Posted: 05/23/2006 02:27:24
by Eugene Mayevski (EldoS Corp.)

Thank you, we will update our samples accordingly.


Sincerely yours
Eugene Mayevski
#311
Posted: 05/25/2006 06:36:29
by Haris Zujo (Standard support level)
Joined: 05/12/2006
Posts: 33

Hi

Finally I managed to sign and successfully verify the XML document using latest XMLBlackBox. (well done!)

For now I have 3 more things.

1. with XMLBlackBox it isn't possible to insert empty URI attribute in reference tag '<Reference URI="">....</Reference>'. I know that this attribute is optional but anyway.

Quote

(Extensible Markup Language) XML-Signature Syntax and Processing

...
4.3.3.2 The Reference Processing Model
...
URI=""
Identifies the node-set (minus any comment nodes) of the XML
resource containing the signature
...


2. Is it possible to select how serial number is stored (HEX, DEC) in "KeyInfo.X509Data.X509IssuerSerial.X509SerialNumber". I have problems with some verifiers that they can't verify if the serial number is in HEX.

Quote

<X509SerialNumber>0CF12566</X509SerialNumber> or <X509SerialNumber>217130342</X509SerialNumber>


3.If the private key is exportable and X509Certificate has "Enable strong private key protection. You will be prompted every time the private key is used....." check box selected then within the sign process this Dialog is displayed 3 times!!! It should be displayed only once.


That's all for now. Thanks

Regards Haris
#313
Posted: 05/25/2006 07:03:33
by Eugene Mayevski (EldoS Corp.)

Quote
Haris Zujo wrote:
3.If the private key is exportable and X509Certificate has "Enable strong private key protection. You will be prompted every time the private key is used....." check box selected then within the sign process this Dialog is displayed 3 times!!! It should be displayed only once.


JFYI: In earlier versions of CryptoAPI the dialog could be displayed up to 18 (eighteen) times during a single operation.

Of course, we will check this.


Sincerely yours
Eugene Mayevski
#314
Posted: 05/25/2006 07:21:28
by Eugene Mayevski (EldoS Corp.)

Quote
Haris Zujo wrote:
Is it possible to select how serial number is stored (HEX, DEC) in "KeyInfo.X509Data.X509IssuerSerial.X509SerialNumber". I have problems with some verifiers that they can't verify if the serial number is in HEX.


Serial number is a binary field in X.509 certificates. Unfortunately XMLDSig doesn't specify (or at least I, staring at paragraph 4.4.4, don't see it) the exact format of the serial number representation. So it's not clear, how that binary data should be formatted.


Sincerely yours
Eugene Mayevski
#315
Posted: 05/25/2006 13:02:21
by Dmytro Bogatskyy (EldoS Corp.)

Quote
1. with XMLBlackBox it isn't possible to insert empty URI attribute in reference tag '<Reference URI="">....</Reference>'. I know that this attribute is optional but anyway.

Fixed for next release.

Quote
2. Is it possible to select how serial number is stored (HEX, DEC) in "KeyInfo.X509Data.X509IssuerSerial.X509SerialNumber". I have problems with some verifiers that they can't verify if the serial number is in HEX.

Look's like the default value should be decimal, but hex value is also possible (at least some application do in this way and it specified in older vesion of XMLDSig) :( Will fix.
Thank you.
#321
Posted: 05/26/2006 02:19:36
by Haris Zujo (Standard support level)
Joined: 05/12/2006
Posts: 33

Hi

Quote
In earlier versions of CryptoAPI the dialog could be displayed up to 18 (eighteen) times during a single operation.


I don't think that this is now problem in CryptoApi, because in some earlyer posts you said to me about importance of exportable private keys:

Quote
It IS important - if the key is not exportable, then SecureBlackbox must call CryptoAPI functions to perform signing (otherwise SecureBlackbox signs the data itself).


So if the private key is not exportable (BlackBox uses CryptoApi) dialog displays only once. But if the key is exportable (Blackbox signs the data itself) the dialog displays 3 times.

Regards Haris
#322
Posted: 05/26/2006 03:57:06
by Eugene Mayevski (EldoS Corp.)

Thank you for additional information - it lets us localize the problem and fix it easier.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 21351 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!