EldoS | Feel safer!

Software components for data protection, secure storage and transfer

[PHP] How to digitally sign a PDF/Docx file with usb token

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#34520
Posted: 09/21/2015 23:11:25
by Tien Le (Basic support level)
Joined: 08/20/2015
Posts: 13

Hello,

I finished trying digital signature with PHP web apps for PDF & Office with p12 certificate files. However when checking reference for doing the same for digital signature stored in a usb token, I cannot find enough sample so post this question to see if someone can help.

I did check the .NET and .JAVA example and can see there are desktop example for PKCS_11, however not sure what is necessary steps for the web apps. Basically, I think we will need to communicate with the usb token via javascript and then send the signature to server side? It is appreciated if there is a guide on this.

Thanks,
#34524
Posted: 09/22/2015 05:26:14
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us.

Quote
I did check the .NET and .JAVA example and can see there are desktop example for PKCS_11, however not sure what is necessary steps for the web apps. Basically, I think we will need to communicate with the usb token via javascript and then send the signature to server side? It is appreciated if there is a guide on this.

The PKCS#11 samples for desktop it is not what are you looking for. Those samples are designed to perform local signing with certificate via PKCS#11 interface.
To perform singing on client side you would need to use distributed signing components. Please see our SecureBlackbox DC ('distributed crypto') module (URL: https://www.eldos.com/sbb/desc-dc.php ).
There is a number of samples illustrating the use of DC components included to SecureBlackbox distributions. Unfortunately there is no PHP sample for the server part yet. But you can check, for example, .Net sample: Samples\C#\PDFBlackbox\DC\ASPNet_Distributed , it is the most suitable sample. As for client side you can choose between Java applet, Flex, ActiveX and Silverlight components for doing signing within a thin client. ActiveX and Java applet supports signing via PKCS#11 interface.
#34545
Posted: 09/25/2015 11:17:53
by Tien Le (Basic support level)
Joined: 08/20/2015
Posts: 13

Thank you Dmytro for your quick answer. Sorry for late feedback due to some personal stuffs.

I will definitively check reference in .NET example and will test with our token provider device. Will try to port the .NET version to PHP code and use Java Applet for this.

Regards,
#34554
Posted: 09/28/2015 08:28:46
by Tien Le (Basic support level)
Joined: 08/20/2015
Posts: 13

Hello,

Just try installing the new version from the web with phpize and the following error displayed:
"
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/sbb.so' - /usr/lib64/php/modules/sbb.so: undefined symbol: zend_error_noreturn in Unknown on line 0
"
--> Can you please check?

Environment: CentOS 6, 64 bits version. PHP 5.6 installed from remi repository.

# php -v
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/sbb.so' - /usr/lib64/php/modules/sbb.so: undefined symbol: zend_error_noreturn in Unknown on line 0
PHP 5.6.13 (cli) (built: Sep 3 2015 14:19:17)
Copyright © 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright © 1998-2015 Zend Technologies
with the ionCube PHP Loader (enabled) + Intrusion Protection from ioncube24.com (unconfigured) v5.0.14, Copyright © 2002-2015, by ionCube Ltd.
with Zend OPcache v7.0.6-dev, Copyright © 1999-2015, by Zend Technologies


I will try with the compile version tomorrow and hope the error does not appear.
#34560
Posted: 09/28/2015 10:05:48
by Dmytro Bogatskyy (EldoS Corp.)

Hello,

Quote
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/sbb.so' - /usr/lib64/php/modules/sbb.so: undefined symbol: zend_error_noreturn in Unknown on line 0

It seems the problem is in the compiler that used to build php for Remi repository and in your local compiler. They doesn't match. And, so the function "zend_error_noreturn" compiled in different way.
This function defined as follows (from php-src/Zend/zend.h):
Code
#if defined(__GNUC__) && __GNUC__ >= 3 && !defined(__INTEL_COMPILER) && !defined(DARWIN) && !defined(__hpux) && !defined(_AIX) && !defined(__osf__)
void zend_error_noreturn(int type, const char *format, ...) __attribute__ ((noreturn));
#else
#  define zend_error_noreturn zend_error
#endif


To overcome this issue, please replace in code file "ExtensionSources\sbb\code\sbphpcore.c" two occurrences of "zend_error_noreturn" with "zend_error".
#34564
Posted: 09/28/2015 23:42:24
by Tien Le (Basic support level)
Joined: 08/20/2015
Posts: 13

Hello Dmytro,

It works. Thanks for the help.

Regards,
#34581
Posted: 10/01/2015 06:44:18
by Tien Le (Basic support level)
Joined: 08/20/2015
Posts: 13

Hello,

I can test the Java Applet to to see if it can load signature from Windows Cert Storage with my usb token and it is ok. However while putting more effort on rewriting code from .NET example (Samples\C#\PDFBlackbox\DC\ASPNet_Distributed) to PHP, I faced several problems that prevented me from testing the functionalities:

1. There are lack of documents for some class functions / constants that I cannot implement in PHP. For example:
- 1.1. Cannot find out the way to init many things in PHP such as
Code
SBPDF.Unit.Initialize();
            SBPAdES.Unit.Initialize();
            SBPDFSecurity.Unit.Initialize();

            SBHTTPCRL.Unit.RegisterHTTPCRLRetrieverFactory();
            SBLDAPCRL.Unit.RegisterLDAPCRLRetrieverFactory();
            SBHTTPOCSPClient.Unit.RegisterHTTPOCSPClientFactory();
            SBHTTPCertRetriever.Unit.RegisterHTTPCertificateRetrieverFactory();
            SBLDAPCertRetriever.Unit.RegisterLDAPCertificateRetrieverFactory();

- 1.2. How to use many constants in PHP such as SBConstants.__Global.SB_ALGORITHM_DGST_SHA1 ? Could you please suggest a general "rules" for constants usage in different programming language (e.g. PHP)?

2. There are several functions that are documented as not available for PHP so it is frustrated to overcome it. For example I tried to convert HashAlgorithm (https://www.eldos.com/documentation/sbb/documentation/ref_cl_pdfpublickeysecurityhandler_prp_hashalgoritm.html) but it said it does not available in PHP. So cannot be sure if I have in PHP
Code
$handler->HashAlgorithm = DCWrapper::HashAlgorithm_SB_ALGORITHM_DGST_SHA1;
is equivalent to the .NET sample
Code
((TElPDFAdvancedPublicKeySecurityHandler)handler).HashAlgorithm = SBConstants.__Global.SB_ALGORITHM_DGST_SHA1;
, but I always got the error
Code
Error: SecureBlackbox library exception: EElCMSError(Message: 'Unsupported algorithm: 32767', ErrorCode: 0x00002420, SupplErrorCode: 0x00007fff)


3. I read the document and understand that SBB suggests to use Stream such as MemoryStream to many class interface. However can you please give suggestion to an alternative in PHP? I ask this since I need to get the data from TElDCAsyncState object in your C# code
Code
state.SaveToStream(output, SBDCXMLEnc.__Global.DCXMLEncoding());
. Tried with TElMemoryStream but still cannot get the data after that :-)

4. In the applet, is there any parameters to change the displaying fields? For example, I do not want to display the option to select the file from computer in signing form. Do we have the source code of the applet / Flesh / ActiveX to modify as per our need after purchasing the SBB license with DC ?

In general, it is appreciated if there is a kind of document that describes necessary steps / flows for each usage of the library. For example, a pseudo-code / workflow to implement DC signing.

Thanks.
#34582
Posted: 10/01/2015 08:23:27
by Dmytro Bogatskyy (EldoS Corp.)

Hello,

Quote
Cannot find out the way to init many things in PHP such as
SBPDF.Unit.Initialize();
...

There is no need to initialize those units, as they are initialized automatically along with library initialization for C++ and PHP editions.
Quote
- 1.2. How to use many constants in PHP such as SBConstants.__Global.SB_ALGORITHM_DGST_SHA1 ? Could you please suggest a general "rules" for constants usage in different programming language (e.g. PHP)?

All constants in PHP edition has the same names and belongs to the same namespaces. The only difference with .Net edition that there is no need to use __Global/Unit static class.
For example:
Code
SBConstants\SB_ALGORITHM_DGST_SHA1

Quote
2. There are several functions that are documented as not available for PHP so it is frustrated to overcome it. For example I tried to convert HashAlgorithm (https://www.eldos.com/documentation/sb...ritm.html) but it said it does not available in PHP. So cannot be sure if I have in PHP

Unfortunately the documentation lags behind in some cases.
This property (HashAlgorithm) is available for PHP edition. As a reference, you can check if the property is implemented for Pascal edition then it also available in C++ and PHP editions.
Sample code:
Code
$handler->HashAlgorithm = SBConstants\SB_ALGORITHM_DGST_SHA1;


Quote
I read the document and understand that SBB suggests to use Stream such as MemoryStream to many class interface. However can you please give suggestion to an alternative in PHP? I ask this since I need to get the data from TElDCAsyncState object in your C# code

The PHP edition uses TElMemoryStream and TElFileStream classes that are wrappers to TMemoryStream and TFileStream VCL classes, its help could be found here:
http://www.freepascal.org/docs-html/r...tream.html
http://www.freepascal.org/docs-html/r...tream.html
Quote
Code
state.SaveToStream(output, SBDCXMLEnc.__Global.DCXMLEncoding());
. Tried with TElMemoryStream but still cannot get the data after that :-)

You can save the output stream into the file using SaveToFile(Filename) method.
Or you can read into the buffer/string in the following way:
Reading to array buffer:
Code
$output->Position = 0;
$Buf = array_fill(0, $output->Size, 0);
$output->Read($Buf, sizeof($Buf));
var_dump($Buf);

Reading to string:
Code
$output->Position = 0;
$Str = str_repeat(' ', $output->Size);
$output->Read($Str, strlen($Str));
var_dump($Str);

Quote
4. In the applet, is there any parameters to change the displaying fields? For example, I do not want to display the option to select the file from computer in signing form. Do we have the source code of the applet / Flesh / ActiveX to modify as per our need after purchasing the SBB license with DC ?

Yes, when you purchase a license, you get source code of provided modules and you can create your own set of modules with specific functionality and user interface that you need.
#34583
Posted: 10/01/2015 10:23:53
by Tien Le (Basic support level)
Joined: 08/20/2015
Posts: 13

Thank you very much for the quick response, Dmytro Bogatskyy. I will try all your suggestions again when I am at the office tomorrow morning.
#34586
Posted: 10/02/2015 04:07:01
by Tien Le (Basic support level)
Joined: 08/20/2015
Posts: 13

Hello,

I can see have a kind of "working" code for displaying, however there are several other things that needs help :-)

1. In the applet, when I kept the "DataURL" param it seems to POST data to the result page, however with empty data. If I removed this and use "GoURL", it send data as GET successfully but the "data" field is too long so the web server fired "414 Request-URI Too Large". I of course increase the buffer for the request and can got the data passed successfully. This is just to be sure that the DataURL and GoURL is treated properly :-)

2. If I use the option of CreatePAdES as in the example in C#
Code
$handler = new TElPDFAdvancedPublicKeySecurityHandler(null);
        $handler->set_PAdESSignatureType(TSBPAdESSignatureType::pastEnhanced);
        $handler->HashAlgorithm = SBConstants\SB_ALGORITHM_DGST_SHA1;
        $handler->set_CustomName("Adobe.PPKMS");

, it always fires
Code
Error: SecureBlackbox library exception: EElCMSError(Message: 'Unsupported algorithm: 32767', ErrorCode: 0x00002420, SupplErrorCode: 0x00007fff)
. Is there anything wrong here?

I finally can sign the docs with GoURL as described above, thanks for the help :-)

EDITED: I did edit this comment to remove some errors since I can sign the pdf with GoURL option.
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 7848 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!