EldoS | Feel safer!

Software components for data protection, secure storage and transfer

What is the level of XAdES-A support in XMLBlackBox?

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#3592
Posted: 08/17/2007 17:40:48
by Aleksander Oven (Basic support level)
Joined: 08/17/2007
Posts: 2

Hi,

Is it possible to create a full XAdES-A signature with XMLBlackBox?
#3593
Posted: 08/18/2007 00:38:42
by Eugene Mayevski (EldoS Corp.)

Please see the FAQ


Sincerely yours
Eugene Mayevski
#3594
Posted: 08/18/2007 03:55:21
by Aleksander Oven (Basic support level)
Joined: 08/17/2007
Posts: 2

Yes, I've seen this:

Quote
Other forms of XAdES (till XAdES-A) are possible but implementing them requires certain work.


But I don't understand what it means. Is XAdES-A possible (but requires some work on my side) or is it you who needs to do some more work to implement it?
#3595
Posted: 08/18/2007 04:35:05
by Dmytro Bogatskyy (EldoS Corp.)

The TElXAdESSigner class has a QualifyingProperties property that fully implements QualifyingProperties element from XAdES specification.
sbb/documentation/ref_cl_xmlqualifyingproperties.html
Some properties like ID could be set only using QualifyingProperties property, and doesn't have corresponding method/property in TElXAdESSigner.
Then, if you need to set AttributeCertificateRefs (XAdES-C form), you will need to set it directly using
ElXAdESSigner.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.AttributeCertificateRefs property.
However, timestamping could be done using ElXAdESProcessor methods. For example: ElXAdESSigner.AddSigAndRefsTimestamp (XAdES-X).
#10422
Posted: 06/18/2009 03:27:59
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Hi,

Quote
1. Could you please show me a peace of code to add AttributeCertificateRefs into a signature?


2. About the CertifiedRole of SignerRole
TElXMLEncapsulatedPKIData pkiData = new TElXMLEncapsulatedPKIData(SBXMLAdES.Unit.XAdES_v1_3_2);
Quote
pkiData.Data = "???"//I do not know which data buffer will be used here!

xadesSigner.QualifyingProperties.SignedProperties.SignedSignatureProperties.SignerRole.CertifiedRoles.Add(pkiData);

3.Regarding to the signature validation:
Suppose that I have a xades-a signature, I would like to know which steps in the G.2 section of ETSI TS 101 903 V1.3.2 (2006-03) have been done by ValidateSignature() of ELXMLVerifier.

I see that the XADESVerifier has a function CheckTimestamp().And I would like to check a ArchiveTimestamp (G.2.2.16.2.4 Checking ArchiveTimeStamp). Is it enough to check the timestamp with a a call to Checktimestamp(verifier.XAdESProcessor.get_ArchiveTimestamps(k)).
(The signing certificate in the Timestamp response will be checked manually).




Thanks & Best regards,
Thanh
#10427
Posted: 06/18/2009 15:31:54
by Dmytro Bogatskyy (EldoS Corp.)

Quote
1. Could you please show me a peace of code to add AttributeCertificateRefs into a signature?

AttributeCertificateRefs element is similar to CompleteCertificateRefs and filled in the same way. The only difference that the AttributeCertificateRefs element will carry the references to the full set of Attribute Authorities certificates that have been used to validate the attribute certificate.
Quote
2. About the CertifiedRole of SignerRole
TElXMLEncapsulatedPKIData pkiData = new TElXMLEncapsulatedPKIData(SBXMLAdES.Unit.XAdES_v1_3_2); Quote
pkiData.Data = "???"//I do not know which data buffer will be used here!

The CertifiedRoles element contains one or more wrapped DER-encoded attribute certificates for the signer.
You can set it as follows:
pkiData.Data = ElX509Certificate.CertificateBinary
Quote
3.Regarding to the signature validation:
Suppose that I have a xades-a signature, I would like to know which steps in the G.2 section of ETSI TS 101 903 V1.3.2 (2006-03) have been done by ValidateSignature() of ELXMLVerifier.

The ValidateSignature method checks only the signature (integrity of the SignedInfo element).
Quote
I see that the XADESVerifier has a function CheckTimestamp().And I would like to check a ArchiveTimestamp (G.2.2.16.2.4 Checking ArchiveTimeStamp). Is it enough to check the timestamp with a a call to Checktimestamp(verifier.XAdESProcessor.get_ArchiveTimestamps(k)).
(The signing certificate in the Timestamp response will be checked manually).

To check ArchiveTimestamp using CheckTimestamp you'll need to fill ElXMLVerifier.Refrences[i].URINode/URIData properties (in most cases you don't need to set anything, for example if you checking timestamp after succeeded ValidateReference call). All other elements retrieved from the signature element. The CheckTimestamp method doesn't check existence of elements (for example that CertificateValues and RevocationValues should exists for implicit mechanism).
#10429
Posted: 06/18/2009 20:48:04
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Hi,

I think so, that the CertificateBinary will be used but I was not sure, Thanks for your help!

Thanks & Best regards!
Thanh
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 3207 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!