EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CAdES signature - verification and id-aa-signingCertificate

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#32290
Posted: 02/20/2015 03:08:43
by Stefano Massone (Standard support level)
Joined: 02/06/2015
Posts: 10

Hello!

We're implementing CAdES signature, thanks to your support and examples we managed to move forward.

Unfortunately the produced cryptographic envelope is still not compliant with Italian law, moreover if I try to validate it with official tools they say that:

Signature not compliant, id-aa-signingCertificate attribute is missing.

I find some RFC's but my knowledge is not enough to understand what is missing..

Thanks for any help you can give on this!
Stefano
#32291
Posted: 02/20/2015 03:14:37
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Please enable csoIncludeCertToAttributes using TElCMSSignature.SigningOptions property.
#32293
Posted: 02/20/2015 04:11:09
by Stefano Massone (Standard support level)
Joined: 02/06/2015
Posts: 10

Thank you!

Thanks to your suggestion i've switched also to class TElSignedCMSMessage, following example here:

https://www.eldos.com/security/articles/7882.php?page=all

and here:

https://www.eldos.com/forum/read.php?FID=7&TID=2276

problem solved, thanks again!
Definitely keep recommending!
#32406
Posted: 03/02/2015 07:34:05
by Daniele Paoni (Standard support level)
Joined: 02/24/2015
Posts: 2

Hello Stefano, I'm working on signing documents for the italian government too.
How do you select the right certificate from the list of certificates contained in the smartcard / token ?
#32407
Posted: 03/02/2015 07:37:53
by Vsevolod Ievgiienko (EldoS Corp.)

Quote
How do you select the right certificate from the list of certificates contained in the smartcard / token ?

You can use TElPKCS11CertStorage class to work with tokens.
#32409
Posted: 03/02/2015 08:07:39
by Stefano Massone (Standard support level)
Joined: 02/06/2015
Posts: 10

Ciao Daniele,

loop through the certificate storage, and select the one with "KeyUsage" "NonRepudiation", this is the right certificate to be used in our case:

Code
TElX509Certificate tmpCert = null;

                for (int i = 0; i < certStorage.Count; i++)
                {
                    tmpCert = certStorage.get_Certificates(i);

                    if (tmpCert.Extensions.KeyUsage.NonRepudiation)
                    {
                        // - this is the right certificate
                        break;
                    }
                }


hope this helps

Stefano
#32410
Posted: 03/02/2015 08:26:57
by Daniele Paoni (Standard support level)
Joined: 02/24/2015
Posts: 2

Great!
It works perfectly.

Grazie
Daniele
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 947 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!