EldoS | Feel safer!

Software components for data protection, secure storage and transfer

CounterSignature, Add one ...

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#4081
Posted: 10/19/2007 10:43:34
by Nuno Guedes (Basic support level)
Joined: 08/13/2007
Posts: 87

Hi,

i need to add a CounterSignature to an existing signature as the ETSI TS 101 903 v.1.3.2. represents (see attachment).

I tryed to add a normal signature over previous "signature value" but the signature generated invalidate the first one by it´s location. The countersignature created must be located over unsigned properties of the previous signature, and the reference must include the ns http:...countersignedsignature.

I look up in your library and i found the CounterSignature class:

Quote
The CounterSignature element represents an embedded signature. In the case when an electronic signature can only be valid when it bears more than one signature (i.e., when a contract is signed between two parties), and the order of these signatures is important, the embedded signatures are applied.



I created one instance and tryed to made something with it:
Code
TElXMLCounterSignature c = new TElXMLCounterSignature(SBXMLAdES.Unit.XAdES_v1_3_2);                XAdESSigner.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.CounterSignatures.Add©;

It have one property "signature"....

How can i use this class to generate the target signature?

thanks for the support


#4090
Posted: 10/19/2007 18:02:10
by Dmytro Bogatskyy (EldoS Corp.)

Quote
It have one property "signature"....
How can i use this class to generate the target signature?

The "Signature" property has type TElXMLDOMElement.
Current method for adding CounterSignature is a little bit complicated, you will need to add them after the signing process finished and append CounterSignature element to UnsignedSignatureProperties.XMLElement.

For the next version, I added AddCounterSignature method for XAdESProcessor, so the code for adding counter signature will look as follows:
Code
            TElXMLSigner CSigner = new TElXMLSigner();
            CSigner.References = new TElXMLReferenceList();
            // add other references ...
            // CSigner.UpdateReferencesDigest();
            // add references pointing to elements inside the main signature
            Ref = new TElXMLReference();
            Ref.RefType = SBXMLDefs.Unit.xmlRefTypeCountersignedSignature;
            Ref.URI = "#SignatureValue-0";
            CSigner.References.Add(Ref);
            CSigner.KeyData = X509KeyData;
            CSigner.CanonicalizationMethod = SBXMLDefs.Unit.xcmCanon;
            CSigner.SignatureMethodType = SBXMLSec.Unit.xmtSig;
            CSigner.SignatureMethod = SBXMLSec.Unit.xsmRSA_SHA1;
            // CSigner.IncludeKey = false;
            xadesSigner.AddCounterSignature(CSigner);
#4091
Posted: 10/19/2007 20:13:15
by Nuno Guedes (Basic support level)
Joined: 08/13/2007
Posts: 87

humm that will be great, the next version has release date?
#4092
Posted: 10/20/2007 03:30:59
by Dmytro Bogatskyy (EldoS Corp.)

Answered in ticket.
#4134
Posted: 10/24/2007 05:56:28
by Nuno Guedes (Basic support level)
Joined: 08/13/2007
Posts: 87

thanks it works just fine.

Receiving a XML file what is the best way to verify the first countersignature of one signature?

i do this way
Code
Node = FXMLDocument.DocumentElement.FindNode("Signature").FindNode("Object").FindNode("QualifyingProperties").FindNode("UnsignedProperties").FindNode("UnsignedSignatureProperties").FindNode("CounterSignature").FindNode("Signature");

            Verifier = new TElXMLVerifier();
            XAdESVerifier = new TElXAdESVerifier();
            Verifier.XAdESProcessor = XAdESVerifier;

            try
            {
                Verifier.Load((TElXMLDOMElement)Node);

but this is complex and have the problem of xadesprefix

the other way i am thinking it´s to create 2 verifiers.
the first load the signature and the second load the firstVerifier.Signature.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.CounterSignatures[0]

is this the best way or exists one better?
#4141
Posted: 10/24/2007 13:11:36
by Dmytro Bogatskyy (EldoS Corp.)

Quote
the other way i am thinking it´s to create 2 verifiers.

Yes, this is a best way for a moment.
Because, you could need to set a custom options for verifying.
So, to secod verifier you should pass:
firstVerifier.Signature.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.CounterSignatures[0],Signature

or if you need to check only counterSignature, then you can use the XPath query (ElXMLElement.SelectNodes method) to select those nodes.
#4180
Posted: 10/30/2007 12:16:58
by Nuno Guedes (Basic support level)
Joined: 08/13/2007
Posts: 87

as i said i used two verifier for both signature and countersignature and it works fine.

on signatures presentation page i want to show the follow information:
Signature
Issuer
Subject
SignatureTime
SignatureTimestamp
CounterSignature
Issuer
Subject
SignatureTime
SignatureTimestamp

I can get all the forms except Issuer and Subject.

The issuer i can get by:
Code
            TElXMLCertIDList FCertIDs = XAdESVerifier.QualifyingProperties.SignedProperties.SignedSignatureProperties.SigningCertificate;

            string st = GetOIDValue(FCertIDs[0].IssuerSerial.IssuerRDN, SBUtils.Unit.SB_CERT_OID_COMMON_NAME);
....


But the Subject infomation isnt present in signingcertificate. I need to access KeyInfo element. It exists any method for extract these properties from verifier or i have to parse the correct element to extract subject?

thanks
#4182
Posted: 10/30/2007 12:39:58
by Dmytro Bogatskyy (EldoS Corp.)

Quote
But the Subject infomation isnt present in signingcertificate. I need to access KeyInfo element. It exists any method for extract these properties from verifier or i have to parse the correct element to extract subject?

Please, use the following code:
Code
int k = -1;
for (int i = 0; i < Verifier,Signature.KeyInfo.Count; i++)
  if (Verifier,Signature.KeyInfo[i] is TElXMLKeyInfoX509Data)
  {
    k = i;
    break;
  }
if (k >= 0)
{
  TElXMLKeyInfoX509Data X509Data = (TElXMLKeyInfoX509Data)Verifier.Signature.KeyInfo[k];
  //
  then check X509Data.Certificate/CertStorage property if certificate data (X509Certificate element) is present in KeyInfo element.
  or X509Data.SubjectRDNs/SubjectRDNCount if the certificate data is omitted.
}
#4381
Posted: 11/22/2007 08:57:32
by Nuno Guedes (Basic support level)
Joined: 08/13/2007
Posts: 87

hi,

one more doubt.

I have method for signing a file, and if the checkbox CounterSignature is checked i call the CounterSignature() method. This last method have to work if he is called inside signing method or outside it. So CounterSignature() dont receive any argument and search for last signature on the file.
In attachment i send the code.

My problem is that if i add a counter signature to a xades signature without timestamp the UnsignedSignatureProperties element appears twice:

Code
- <UnsignedProperties>
  <UnsignedSignatureProperties />
- <UnsignedSignatureProperties>
- <CounterSignature>


If i add a counter signature to a xades-t the counter signature its created correctly.

my mistake?


[ Download ]
#4383
Posted: 11/22/2007 12:56:52
by Dmytro Bogatskyy (EldoS Corp.)

Quote
My problem is that if i add a counter signature to a xades signature without timestamp the UnsignedSignatureProperties element appears twice

I was able to reproduce this. Fixed for the next build.
Thank you.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 6254 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!