EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Add Reference to KeyInfo with Distributed Cryptography

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
#29773
Posted: 06/13/2014 03:37:41
by Gabriele Cannata (Standard support level)
Joined: 04/30/2014
Posts: 10

Hi all, in order to make my documents validated by the system that receives them, I need to add a reference to the KeyInfo. I was able to achieve that using the desktop solution, by following the article 6094 in the knowledgebase, but I am not able to achieve the same result with Distributed Cryptography.
The closest I could get is:

Code
   Signer.UpdateReferencesDigest();

   var Ref = new TElXMLReference();
   Ref.DigestMethod = SBXMLSec.Unit.xdmSHA256;
   Ref.URI = "#KeyInfo";
   Ref.ID = "Reference-KeyInfo";
   Signer.References.Add(Ref);

   Signer.GenerateSignatureAsync();

   Signer.Signature.KeyInfo.ID = "KeyInfo";


This way the KeyInfo gets an ID, the reference gets generated, but unfortunately the KeyInfo element is empty:

Code
   <ds:KeyInfo Id="KeyInfo" />


So I guess assigning an ID to the KeyInfo messes with the final stage of the signing, how to work around this?

Thank you.
#29774
Posted: 06/13/2014 04:25:20
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us.

As a KeyInfo element is signed, you would need to obtain a public certificate (not a private certificate as on standard signing) from a client and set it on a pre-sign stage (set IncludeKey and KeyData properties).
If, for example, you don't need to sign KeyInfo element, then on pre-sign stage you can set IncludeKey property to true and then before completing async sign extract a public certificate from a response and set it to KeyData property, like here: https://www.eldos.com/forum/read.php?F...ssage25331
#29775
Posted: 06/13/2014 05:53:14
by Gabriele Cannata (Standard support level)
Joined: 04/30/2014
Posts: 10

Hi Dymtro, thanks for the quick answer. We already set the IncludeKey om the pre-sign and we extract the public certificate from the response (I guess it was already done for us in your sample application) but the reference to that is not generated.
Then I guess that in order to have something like that:

Code
      <ds:Reference Id="Reference-KeyInfo" URI="#KeyInfo">
         <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
         <ds:DigestValue>mYS9e5WY/jOTiSYkmCH0JCr7Z2yv9jovuvhnMKRWsxQ=</ds:DigestValue>
      </ds:Reference>


we need to sign the KeyInfo?

Thank You.
#29778
Posted: 06/13/2014 07:43:35
by Gabriele Cannata (Standard support level)
Joined: 04/30/2014
Posts: 10

Nevermind, I guess I sort of answered myself there.
Now I need a fancy way to enable users to select and upload their public certificates, anyone has some nice example?
I guess we could "fake" a signature and get the certificate from the result, but I would like something nicer, for example, can the ActiveX be used solely for the Certificate Selection user interface?

Thank you.
#29789
Posted: 06/13/2014 13:08:24
by Dmytro Bogatskyy (EldoS Corp.)

Hello,

[quote]Now I need a fancy way to enable users to select and upload their public certificates, anyone has some nice example?
I guess we could "fake" a signature and get the certificate from the result, but I would like something nicer, for example, can the ActiveX be used solely for the Certificate Selection user interface? [QUOTE]
There is no such sample at the moment.
We do have plans to extend web client (e.g. ActiveX component) to support similar scenario, but no ETA at the moment.
#29796
Posted: 06/16/2014 01:51:02
by Gabriele Cannata (Standard support level)
Joined: 04/30/2014
Posts: 10

I resorted to using the old but still working CAPICOM library, just for the purposes of selecting a certificate from the Windows' store.
Now the signature seems to be working as expected.

Thank you for your support.
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 684 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!