EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CAdES signature - verification and id-aa-signingCertificate

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#32290
Posted: 02/20/2015 03:08:43
by Stefano Massone (Standard support level)
Joined: 02/06/2015
Posts: 10

Hello!

We're implementing CAdES signature, thanks to your support and examples we managed to move forward.

Unfortunately the produced cryptographic envelope is still not compliant with Italian law, moreover if I try to validate it with official tools they say that:

Signature not compliant, id-aa-signingCertificate attribute is missing.

I find some RFC's but my knowledge is not enough to understand what is missing..

Thanks for any help you can give on this!
Stefano
#32291
Posted: 02/20/2015 03:14:37
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

Please enable csoIncludeCertToAttributes using TElCMSSignature.SigningOptions property.
#32293
Posted: 02/20/2015 04:11:09
by Stefano Massone (Standard support level)
Joined: 02/06/2015
Posts: 10

Thank you!

Thanks to your suggestion i've switched also to class TElSignedCMSMessage, following example here:

https://www.eldos.com/security/articles/7882.php?page=all

and here:

https://www.eldos.com/forum/read.php?FID=7&TID=2276

problem solved, thanks again!
Definitely keep recommending!
#32406
Posted: 03/02/2015 07:34:05
by Daniele Paoni (Standard support level)
Joined: 02/24/2015
Posts: 2

Hello Stefano, I'm working on signing documents for the italian government too.
How do you select the right certificate from the list of certificates contained in the smartcard / token ?
#32407
Posted: 03/02/2015 07:37:53
by Vsevolod Ievgiienko (Team)

Quote
How do you select the right certificate from the list of certificates contained in the smartcard / token ?

You can use TElPKCS11CertStorage class to work with tokens.
#32409
Posted: 03/02/2015 08:07:39
by Stefano Massone (Standard support level)
Joined: 02/06/2015
Posts: 10

Ciao Daniele,

loop through the certificate storage, and select the one with "KeyUsage" "NonRepudiation", this is the right certificate to be used in our case:

Code
TElX509Certificate tmpCert = null;

                for (int i = 0; i < certStorage.Count; i++)
                {
                    tmpCert = certStorage.get_Certificates(i);

                    if (tmpCert.Extensions.KeyUsage.NonRepudiation)
                    {
                        // - this is the right certificate
                        break;
                    }
                }


hope this helps

Stefano
#32410
Posted: 03/02/2015 08:26:57
by Daniele Paoni (Standard support level)
Joined: 02/24/2015
Posts: 2

Great!
It works perfectly.

Grazie
Daniele
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 1021 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!