EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Sign XML with certificate chain

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#36791
Posted: 05/24/2016 11:33:59
by Martin ANDRES (Standard support level)
Joined: 09/25/2014
Posts: 18

Hi,
I need to sign an XML with the certificate and its chain for a long term XML-Sig. We use a token and we select the Certificate from the token. We are signing the XML with the token's certificate and it is working ok but we shoud also sign it with the certificate chain. How can we build the certificate chain from the token's certificate?. Is there any example where you sign a XML with the certificate chain?. We're using the Delphi version of the component.

I appreciate any help on this matter.

Thanks and regards,
Martin
#36793
Posted: 05/24/2016 13:14:43
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us,

Quote
We are signing the XML with the token's certificate and it is working ok but we shoud also sign it with the certificate chain. How can we build the certificate chain from the token's certificate?

You can pick the relevant certificates by walking up the chain from the signing certificate, and using the certificate storage's GetIssuerCertificate() method to identify the CA certificate for a particular certificate in the chain. Then you need to create TElMemoryCertStorage object and set it to TElXMLKeyInfoX509Data.CertStorage property, and add there the signer and all found CA certificates.
Quote
Is there any example where you sign a XML with the certificate chain?.

Usually, for long term signing the XAdES (XML Advanced Electronic Signatures) is used. XAdES is built upon XML-DSig by adding additional information qualifying the signature and the signed data.
For details please refer to XMLBlackbox\AdvancedSigner sample and the article: https://www.eldos.com/security/article...p?page=all

Reply

Statistics

Topic viewed 970 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!