EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Reference to a manifest object

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#37656
Posted: 09/08/2016 05:59:14
by Olivier Sannier (Basic support level)
Joined: 09/08/2016
Posts: 6

Hello,

I'm currently evaluating XMLBlackBox and the Advanced Signer demo has been of great help in getting to generate the kind of detached signature file that is required by one of my supplier.
However, I'm stuck at the step where I want to create a reference to a manifest that itself contains a reference to an external file.

Here is the code that I'm using:

Code
            TElXMLSigner Signer = new TElXMLSigner();
            FileStream SourceFileStream = new FileStream(SourceFileName, FileMode.Open, FileAccess.Read);
            try
            {
                // Base options
                Signer.SignatureType = SBXMLSec.Unit.xstDetached;
                Signer.CanonicalizationMethod = SBXMLDefs.Unit.xcmExclCanon;
                Signer.SignatureMethodType = SBXMLSec.Unit.xmtSig;
                Signer.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA256;

                // Manifest object
                TElXMLObject ManifestObject = new TElXMLObject();
                Signer.Signature.Objects.Add(ManifestObject);
                ManifestObject.ID = "manifestObject";

                // create manifest and add it to the object
                TElXMLManifest Manifest = new TElXMLManifest();
                Manifest.ID = "signedManifest";
                ManifestObject.DataList.Add(Manifest);

                // Reference to the source file, inside the manifest
                TElXMLReference ManifestRef = new TElXMLReference();
                ManifestRef.DigestMethod = SBXMLSec.Unit.xdmSHA256;
                ManifestRef.TransformChain.AddCanonicalizationTransform(SBXMLDefs.Unit.xcmExclCanon);
                ManifestRef.URI = Path.GetFileName(SourceFileName);
                ManifestRef.ID = ManifestRef.URI + "-Id";
                ManifestRef.URIStream = SourceFileStream;
                ManifestRef.UpdateDigestValue();
                Manifest.Add(ManifestRef);

                // Reference to the manifest inside the signature
                TElXMLReference Ref = new TElXMLReference();
                Ref.DigestMethod = SBXMLSec.Unit.xdmSHA256;
                Ref.TransformChain.AddCanonicalizationTransform(SBXMLDefs.Unit.xcmExclCanon);
                Ref.URI = '#' + Manifest.ID;
                Ref.URINode = Manifest.XMLElement;
                Ref.RefType = SBXMLDefs.Unit.xmlReferenceManifest;
                Ref.UpdateDigestValue();
                Signer.References.Add(Ref);

                // Key
                TElX509Certificate SigningCertificate = GetSigningCertificate(Signer, CertificateFileName, CertificatePassword);
                Signer.IncludeKey = true;
                Signer.KeyData = GetKeyData(Signer, SigningCertificate);

                // generate Signature structure
                Signer.GenerateSignature();

                TElXMLDOMDocument _XMLDocument = new TElXMLDOMDocument();
                TElXMLDOMNode SignatureNode = _XMLDocument;
                Signer.Save(ref SignatureNode);
                _XMLDocument.SaveToFile(OutputFileName);
            }
            finally
            {
                if (Signer.KeyData != null)
                    Signer.KeyData.Dispose();
                Signer.Dispose();
                if (XAdESSigner != null)
                    XAdESSigner.Dispose();
                SourceFileStream.Dispose();
            }


With the current code, I get an exception on the call to Ref.UpdateDigestValue() because it has no context (this comes from the fact that Manifest.XMLElement is null).

If I don't add Ref into Signer.References, then the signature is generated but my manifest object is nowhere to be seen in the file, the only ds:object element is for the qualifying properties.

I must be missing something obvious, but right now I can't figure out what this is. Any help would be most welcome.
#37660
Posted: 09/08/2016 08:30:36
by Dmytro Bogatskyy (EldoS Corp.)

Thank you for contacting us.

I’ve noticed there is no Support Access Ticket linked to your user account on EldoS site. Technical Support is provided to customers with the linked Support Access Ticket. You will find your Support Access Ticket together with all the details about how to use it in the registration e-mail that we’ve sent to you upon the purchase.

If you are evaluating the product and don't have a license yet, please let us know and then you can have support according to Basic support level. Basic support level includes answering basic technical questions that appear during product evaluation period. We also offer Premium support for a purchase from https://www.eldos.com/support/calc.php . You can use Premium Support to get higher level of assistance during your evaluation of our products.

Quote
With the current code, I get an exception on the call to Ref.UpdateDigestValue() because it has no context (this comes from the fact that Manifest.XMLElement is null).
...

Please refer to the following How-Tos for adding and verifying manifest:
https://www.eldos.com/documentation/sb...ifest.html
and
https://www.eldos.com/documentation/sb...trefs.html
#37662
Posted: 09/08/2016 09:05:53
by Olivier Sannier (Basic support level)
Joined: 09/08/2016
Posts: 6

As I said at the beginning of my post, I'm currently evaluating the product.

I think I found a solution as I now have the expected elements in the file and the signature seems to be valid nonetheless.

Basically, I moved all the code that adds the object and its various references after the call to GenerateSignature.

Initially, I thought that after GenerateSignature is called, nothing should be changed to avoid invalidating the signature itself.

Apparently this is not the case, but I did not find any reference to that.

Can you confirm that any change that I made after a call to GenerateSignature are taken into account and get reflected into the hash for the signature itself ?
#37670
Posted: 09/08/2016 17:16:40
by Dmytro Bogatskyy (EldoS Corp.)

Hi,

Quote

Can you confirm that any change that I made after a call to GenerateSignature are taken into account and get reflected into the hash for the signature itself ?

Yes. GenerateSignature() method generates signature structure that could be accessed using TElXMLSigner.Signature property. So, you can freely modify its options.
The signing (SignatureValue calculation) and references calculation (for references that points to internal elements) are done in TElXMLSigner.Save*() method.

Reply

Statistics

Topic viewed 323 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!