EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How to calculate the hash when using RemoteSigningMode

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#35329
Posted: 12/31/2015 09:21:31
by Marc van Gulik (Standard support level)
Joined: 12/31/2015
Posts: 3

Hi,

I am currently evaluating SecureSharpBox.PDF and have a question regarding remote signing.

To implement my business case I need to be able to do remote signing. I am currently using the TElPDFAdvancedPublicKeySecurityHandler with RemoteSigningMode=true and signing by using the type TSBPAdESSignatureType.pastEnhanced.

My current remote handler implementation signs SHA1 (c#, windows desktop):

Code
private void Handler_OnRemoteSign(object sender, byte[] hash, ref byte[] signedHash)
{
  Certificate certificate = this.Certificate;

  RSACryptoServiceProvider cryptoServiceProvider = (RSACryptoServiceProvider)Certificate.PrivateKey;

signedHash = cryptoServiceProvider.SignData(hash, CryptoConfig.MapNameToOID("SHA1"));

}


The code runs fine and I finally have a signed document. However the signature of the document is not correct, adobe pdf reader reports on its signature :'the document has been altered ...'

If I disable remote signing, the document is signed correctly so I suspect the OnRemoteSignHandler to be incorrect.

The question I have is 'How to calculate the hash when using RemoteSigningMode'? A sample will be helpfull.

Thanks in advance.
#35331
Posted: 12/31/2015 10:31:43
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us,

Quote

The question I have is 'How to calculate the hash when using RemoteSigningMode'? A sample will be helpfull.

Here it is the sample code that calculate SignedHash value using our crypto provider class:
Code
using SBPublicKeyCrypto;

        TElX509Certificate _SigningCertificate = null;

        void PAdESHandler_OnRemoteSign(object Sender, byte[] Hash, ref byte[] SignedHash)
        {
            using (TElRSAPublicKeyCrypto Crypto = new TElRSAPublicKeyCrypto(SBConstants.Unit.SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION, null, null))
            {
                Crypto.KeyMaterial = _SigningCertificate.KeyMaterial;
                Crypto.InputIsHash = true;
                Crypto.HashAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA1;
                int SignedLength = 0;
                Crypto.SignDetached(Hash, 0, Hash.Length, ref SignedHash, 0, ref SignedLength);
                SignedHash = new byte[SignedLength];
                Crypto.SignDetached(Hash, 0, Hash.Length, ref SignedHash, 0, ref SignedLength);
                SBUtils.Unit.SetLength(ref SignedHash, SignedLength);
            }
        }

usage:
Code
_SigningCertificate = ...;
m_Handler.RemoteSigningMode = true;
m_Handler.RemoteSigningCertIndex = 0;
m_Handler.OnRemoteSign +=new TSBPDFRemoteSignEvent(PAdESHandler_OnRemoteSign);


Quote
The code runs fine and I finally have a signed document. However the signature of the document is not correct, adobe pdf reader reports on its signature :'the document has been altered ...'

Did you add the signing certificate (public part) to the TElPDFAdvancedPublicKeySecurityHandler.CertStorage property?
If yes, and the signing certificate is not the first certificate in the memory storage, then set the handler's RemoteSigningCertIndex property to the index of the signing certificate, so that the handler knew which exactly certificate is the signing one. If there's only one certificate in the storage, you can skip this step.
#35339
Posted: 12/31/2015 11:56:33
by Marc van Gulik (Standard support level)
Joined: 12/31/2015
Posts: 3

Hi Dmytro,

Thanks for your fast reply.

There is just one signing certificate in the store and its tied to the handler via the CertStorageProperty so it should be okay. I have also verified via normal signing by commenting out the RemoteSigningMode=true assignment.

I will try the OnRemoteSign sample code (thanks for the code) and let you know the outcome.
#35355
Posted: 01/03/2016 03:36:30
by Marc van Gulik (Standard support level)
Joined: 12/31/2015
Posts: 3

Hi Dmytro,

The OnRemoteSign sample code works as expected, the document is now signed correctly, again thanks for the code.

Reply

Statistics

Topic viewed 974 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!