EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CAdES signature - verification and id-aa-signingCertificate

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#32290
Posted: 02/20/2015 03:08:43
by Stefano Massone (Standard support level)
Joined: 02/06/2015
Posts: 10

Hello!

We're implementing CAdES signature, thanks to your support and examples we managed to move forward.

Unfortunately the produced cryptographic envelope is still not compliant with Italian law, moreover if I try to validate it with official tools they say that:

Signature not compliant, id-aa-signingCertificate attribute is missing.

I find some RFC's but my knowledge is not enough to understand what is missing..

Thanks for any help you can give on this!
Stefano
#32291
Posted: 02/20/2015 03:14:37
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Please enable csoIncludeCertToAttributes using TElCMSSignature.SigningOptions property.
#32293
Posted: 02/20/2015 04:11:09
by Stefano Massone (Standard support level)
Joined: 02/06/2015
Posts: 10

Thank you!

Thanks to your suggestion i've switched also to class TElSignedCMSMessage, following example here:

https://www.eldos.com/security/articles/7882.php?page=all

and here:

https://www.eldos.com/forum/read.php?FID=7&TID=2276

problem solved, thanks again!
Definitely keep recommending!
#32406
Posted: 03/02/2015 07:34:05
by Daniele Paoni (Standard support level)
Joined: 02/24/2015
Posts: 2

Hello Stefano, I'm working on signing documents for the italian government too.
How do you select the right certificate from the list of certificates contained in the smartcard / token ?
#32407
Posted: 03/02/2015 07:37:53
by Vsevolod Ievgiienko (EldoS Corp.)

Quote
How do you select the right certificate from the list of certificates contained in the smartcard / token ?

You can use TElPKCS11CertStorage class to work with tokens.
#32409
Posted: 03/02/2015 08:07:39
by Stefano Massone (Standard support level)
Joined: 02/06/2015
Posts: 10

Ciao Daniele,

loop through the certificate storage, and select the one with "KeyUsage" "NonRepudiation", this is the right certificate to be used in our case:

Code
TElX509Certificate tmpCert = null;

                for (int i = 0; i < certStorage.Count; i++)
                {
                    tmpCert = certStorage.get_Certificates(i);

                    if (tmpCert.Extensions.KeyUsage.NonRepudiation)
                    {
                        // - this is the right certificate
                        break;
                    }
                }


hope this helps

Stefano
#32410
Posted: 03/02/2015 08:26:57
by Daniele Paoni (Standard support level)
Joined: 02/24/2015
Posts: 2

Great!
It works perfectly.

Grazie
Daniele
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 845 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!