EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Sign XML file and create .p7m signed file

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#37010
Posted: 06/16/2016 04:00:16
by Paolo  (Standard support level)
Joined: 12/15/2015
Posts: 30

Good morning everyone,

I have to work (as title say) with an xml file (actually a CDA clinical document) and create a signed file with p7m extension of this.

I have found this
https://www.eldos.com/documentation/sbb/documentation/ref_howto_pki_pkcs7_sign.html

on your documentation. Is that the right way to achieve that?

Sincerly
Paolo
#37018
Posted: 06/17/2016 04:11:25
by Ken Ivanov (EldoS Corp.)

Hi Paolo,

Thank you for getting in touch with us.

There exist several ways to sign XML documents, depending on the underlying standards which need to be employed. The extension you referenced (p7m) implies that the files are expected to be signed with PKCS#7/CMS method, yet at the same time XML specification provides for its own, independent, signature standard (XML-SIG). In order to achieve interoperability with third-party verifiers it is important to establish the exact format the receiving party expects the documents to be signed in.

At first glance the approach explained down the above link will work for you (as it basically will allow you to create p7m signatures), but we will be able to give you a more accurate answer if you share with us a link to the verifier requirements or a sample signed document.

Ken
#37040
Posted: 06/21/2016 09:06:02
by Paolo  (Standard support level)
Joined: 12/15/2015
Posts: 30

Hi Ken,

after reading and searching in your forum and documentation I set up a function that (I think) can generate e pkcs#7 Signature.

However, I have some problem with the result of the signature. How can I access to that? You know, I have to write a .p7m file on disk.

I know your policy about coding snippets and support, but I just have to know if that using of memory stream and fileStream can achieve that .p7m file write on disk.
Code
Dim tmpMemCertStorage As TElMemoryCertStorage = New TElMemoryCertStorage
         tmpMemCertStorage.Add(certificato, True)

      Using memBuffer As MemoryStream = New MemoryStream()
         Dim fs As FileStream = New FileStream(infile, FileMode.Open)
         Dim CMSMessage As TElSignedCMSMessage = New TElSignedCMSMessage
            CMSMessage.CreateNew(fileToBytes(fs), 0, CInt(fs.Length))
         Dim CMSSignature As TElCMSSignature = New TElCMSSignature(CMSMessage.AddSignature())
            CMSSignature.UsePSS = False
            CMSSignature.SigningOptions = TSBCMSSigningCertificateType.sctESSSigningCertificate
            CMSSignature.SigningOptions = SBCMS.__Global.csoInsertSigningTime
            CMSSignature.SigningOptions = SBCMS.__Global.csoIncludeCertToMessage
            CMSSignature.SigningOptions = SBCMS.__Global.csoInsertMessageDigests
            CMSSignature.SigningTime = SBUtils.__Global.UTCNow
            CMSSignature.DigestAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA256
            CMSSignature.FingerprintAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA256
            CMSSignature.Sign(certificato, tmpMemCertStorage)
            CMSMessage.ContentVersion = 1

            Using msSave As MemoryStream = New MemoryStream()
               CMSMessage.Save(msSave)
               Using fileStr As FileStream = New FileStream(outfile, FileMode.Create, FileAccess.Write)
                  Dim bytes As Byte() = New Byte(msSave.Length - 1) {}
                  msSave.Read(bytes, 0, CInt(msSave.Length))
                  fileStr.Write(bytes, 0, bytes.Length)
                  msSave.Close()
               End Using
            End Using
            fs.close()
      End Using


Thanks in advance.

Bye
Paolo
#37074
Posted: 06/23/2016 03:41:55
by Ken Ivanov (EldoS Corp.)

Hi Paolo,

Your code is correct about saving the signed p7m contents to disk. Alternative, you can pass your FileStream object straight to the TElSignedCMSMessage.Save() call.

Ken

Reply

Statistics

Topic viewed 790 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!