EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Use SHA256 for partial hashes in docx signature

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#31474
Posted: 11/21/2014 06:37:48
by Martin Icha (Premium support level)
Joined: 10/31/2014
Posts: 9

Hello, while creating the RSA-SHA256 signature, I can clearly see, that the partial hashes of files which are in the .docx container (e.g. /word/_rels/document.xml.rels is transformed by http://www.w3.org/TR/2001/REC-xml-c14n-20010315 algorithm and than a SHA1 hash is calculated) are all SHA1. Is there any way to force the Secure Blackbox to calculate these partial hashes as SHA256? The signature method algorithm is: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"and the signature is ok.
#31475
Posted: 11/21/2014 06:54:36
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us.

Yes, it is possible. You can set a separate digest method for signature references and for signed parts, for example:
Code
    // add this code before signing
    OpenXMLSigHandler.DigestMethod := xdmSHA256;
    for k := 0 to OpenXMLSigHandler.SignedPartCount - 1 do
      OpenXMLSigHandler.SignedParts[k].DigestMethod := xdmSHA256;
#31476
Posted: 11/21/2014 07:45:51
by Martin Icha (Premium support level)
Joined: 10/31/2014
Posts: 9

Thank you for your fast reply. It works pretty well. But there is last thing I need: set the hash algorithm also for the SignedProperties element and all objects in it.
#31481
Posted: 11/21/2014 11:31:47
by Dmytro Bogatskyy (EldoS Corp.)

Quote
But there is last thing I need: set the hash algorithm also for the SignedProperties element and all objects in it.

Good point, logically we should use DigestMethod property for all references in the signature including reference to SignedProperties element. I've updated this for the next build.
Currently, you can handle OnBeforeSign event and change the reference to SignedProperties element using TElXMLSigner.Signature.SignedInfo.SigPropRef property.

Reply

Statistics

Topic viewed 466 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!