EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Sign XADES with SigningCertificate node

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#29622
Posted: 05/28/2014 09:51:27
by Carlos Rodriguez (Basic support level)
Joined: 05/28/2014
Posts: 2

Hello,

When I sign a XML in version 1.3.2 with SigningCertificate node, the SecureBlackbox library generate the next node:

<xades:SigningCertificate>
<xades:Cert>
<xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>[--------digest value in base64--------]</ds:DigestValue>
</xades:CertDigest>
<xades:IssuerSerial>
<ds:X509IssuerName>CN=[CN], O=[O], 2.5.4.5=[serial number], L=[L] E=[email], C=ES</ds:X509IssuerName>
<ds:X509SerialNumber>[--------serial number--------]</ds:X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert>
</xades:SigningCertificate>

In Spain there are some online validators as http://sedeaplicaciones2.minetur.gob.es/FacturaE/index.jsp. My XML is invalid for this validator.

A External signer generate the SigningCertificate node:

<xades:SigningCertificate>
<xades:Cert>
<xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>[--------digest value in base64--------]</ds:DigestValue>
</xades:CertDigest>
<xades:IssuerSerial>
<ds:X509IssuerName>CN=[CN], O=[O], SERIALNUMBER=[serial number], L=[L] E=[email], C=ES</ds:X509IssuerName>
<ds:X509SerialNumber>[--------serial number--------]</ds:X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert>
</xades:SigningCertificate>

The difference is in value of X509IssuerName node:
<ds:X509IssuerName> ... 2.5.4.5= ... </ds:509IssuerName> in SecureBlackbox and <ds:X509IssuerName> ... SERIALNUMBER= ... </ds:509IssuerName> in external sign.

The question is if this value can be updated or is generated from SecureBlackbox?

In Spain a valid certificate is AC Camerfirma Certificados Camerales and has the expected values:
CN = AC Camerfirma Certificados Camerales
O = AC Camerfirma SA
SERIALNUMBER = A82743287
L = Madrid (see current address at www.camerfirma.com/address)
E = ac_camerfirma_cc@camerfirma.com
C = ES

SecureBlackbox put 2.5.4.5=A82743287 and external signer put SERIALNUMBER=A82743287.

I think that these can be the problem.

Thanks,
#29631
Posted: 05/29/2014 04:54:45
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us.

Quote
The difference is in value of X509IssuerName node:
<ds:X509IssuerName> ... 2.5.4.5= ... </ds:509IssuerName> in SecureBlackbox and <ds:X509IssuerName> ... SERIALNUMBER= ... </ds:509IssuerName> in external sign.

The question is if this value can be updated or is generated from SecureBlackbox?

Serial number is not standard descriptor in the DN (distinguished name) according to RFC 4514.
If you need to map some specific OID descriptor to it string representation, you can use a following code:
Code
SBXMLSec.Unit.RDNDescriptorMap.Add(SBConstants.Unit.SB_CERT_OID_SERIAL_NUMBER, "SERIALNUMBER");

place this code before signing, or in initialization section.
#29637
Posted: 05/29/2014 09:07:48
by Carlos Rodriguez (Basic support level)
Joined: 05/28/2014
Posts: 2

Quote
Serial number is not standard descriptor in the DN (distinguished name) according to RFC 4514.
If you need to map some specific OID descriptor to it string representation, you can use a following code:
Code

SBXMLSec.Unit.RDNDescriptorMap.Add(SBConstants.Unit.SB_CERT_OID_SERIAL_NUMBER, "SERIALNUMBER");


place this code before signing, or in initialization section.


Hi Dmytro,

Thank you very much. It works fine.

Reply

Statistics

Topic viewed 1051 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!