EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PAdES creation and verification WITH valide.redsara.es

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#33836
Posted: 06/30/2015 07:06:07
by Antonio García (Basic support level)
Joined: 06/30/2015
Posts: 1

Hello,

I am having a trouble when I sign a document with the sample which implements the PADES signing. My problem is when I validate the signature with this site valide.redsara.es, it says that the signature is invalid while the adobe validator says that is a valid signature.

SecureBlackbox - version 9.1.209
Here is the sample code:
Code
var
        Idx : integer;
        Sig : TElPDFSignature;
        FCert : TElX509Certificate
        FWinStorage : TElWinCertStorage;
        FHandler : TElPDFAdvancedPublicKeySecurityHandler;
begin
        FCert := TElX509Certificate.Create(nil);
        FHandler := TElPDFAdvancedPublicKeySecurityHandler.Create(nil);
        FWinStorage := TElWinCertStorage.Create(nil);
        FWinStorage.SystemStores.BeginUpdate;
        try
            FWinStorage.SystemStores.Add('MY');
        finally
            FWinStorage.SystemStores.EndUpdate;
        end;
        Idx := FCurrDoc.AddSignature();
        Sig := FCurrDoc.Signatures[Idx];
        Sig.Handler := FHandler;
        Sig.Invisible := False;
        FCertStorage.Clear;
        FWinStorage.Certificates[indexOfTheCert].Clone(FCert , true)
        FCertStorage.Add(FCert , true);
        FHandler.CertStorage := FCertStorage;
        FHandler.PAdESSignatureType := pastBasic;
        FHandler.TSPClient := nil;
        FHandler.AutoCollectRevocationInfo := False;
        FHandler.IgnoreChainValidationErrors := False;
        Sig.SigningTime := UTCNow();
        if MessageDlg('Everything has been prepared for signing. Sign and write changes to the document?', mtConfirmation, [mbYes, mbNo], 0) = mrYes then
        begin
          CloseCurrentDocument(true);
          MessageDlg('Signing succeeded', mtInformation, [mbOk], 0);
        end
        else
        begin
          CloseCurrentDocument(false);
          MessageDlg('Signing cancelled', mtInformation, [mbOk], 0);
        end;
        FreeAndNil(FCert);
        FreeAndNil(FWinStorage);


I attach the documents that I have used in this sample, a document to sign, a signed document with the sample, a document signed with Adobe, the site which I have used to verify the signatures and the used certificates.

https://www.dropbox.com/s/l53jvtvh9wo1anj/SecureBlack%20Box.PADES.rar?dl=0

Thanks in advance.
#33840
Posted: 06/30/2015 13:43:46
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us.

I’ve noticed there is no license ticket linked to your user account on EldoS site. Technical Support is provided to customers with the linked license tickets. You will find your license ticket together with all the details about how to use it in the registration e-mail that we’ve sent to you upon the purchase.

If you are evaluating the product and don't have a license yet, please let us know and then you can have support according to Basic support level. Basic support level includes answering basic technical questions that appear during product evaluation period.

Quote

I attach the documents that I have used in this sample, a document to sign, a signed document with the sample, a document signed with Adobe, the site which I have used to verify the signatures and the used certificates.

The main differences between your signed document and pdf document signed by Adobe, that in your case only one certificate (signer certificate) is embedded into signature, but Adobe embed three certificates (CA, intermediate and signer) and CRL. It is caused, as you have disabled AutoCollectRevocationInfo property that prevent a component to collect revocation information and certificates. You need either enable this property, also you may need to pass certificates to the component (see: "Revocation information" section in the PAdES sample) or you can use CustomRevocationInfo property to pass certificates and revocation information directly to the signature, please refer to this article: https://www.eldos.com/security/articles/7883.php

Reply

Statistics

Topic viewed 714 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!