EldoS | Feel safer!

Software components for data protection, secure storage and transfer

XAdES-C

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#4982
Posted: 02/13/2008 14:49:41
by Eugene Mayevski (EldoS Corp.)

Please let me turn your attention to the fact, that according to our support policy Basic support (available to unregistered users) includes only answering the basic questions related to the component use. Also the evaluation license does not allow development of the actual software without purchasing a license. Please consider purchasing a license to get Standard support.


Sincerely yours
Eugene Mayevski
#4983
Posted: 02/13/2008 15:29:10
by Nuno Guedes (Basic support level)
Joined: 08/13/2007
Posts: 87

Hi,

yes i know your support policy.
As a student in the last year this is my final work for get the degree.
My work is to implement xades signatures (signer and verifier) for a e-bank portal.
This work will be evaluated and if approved can be adopted and developed by an enterprise.

I will be very appreciated if you help me solving this problem but I understand if you can´t.

Thanks in advance
#4984
Posted: 02/14/2008 02:00:17
by Eugene Mayevski (EldoS Corp.)

We provide 50% discount to students.

But as a student, you are suppposed to do your work yourself, I assume ;). So even with a license, you still have to study yourself and not make somebody do your degree work for you. All in all, what will you do when your requirements change and you need to modify your code?


Sincerely yours
Eugene Mayevski
#4988
Posted: 02/14/2008 04:03:07
by Nuno Guedes (Basic support level)
Joined: 08/13/2007
Posts: 87

yes, i am doing the work myself. I dont want you to make it for me.

I find a problem and i am trying to solve it by myself. I just wanted to know if its a bug or a restriction of the library or a error on my code. As you can see some problems i found earlier promove upgrade in your library.

When requirements change i modify my code.

thanks
#5016
Posted: 02/15/2008 05:55:05
by Dmytro Bogatskyy (EldoS Corp.)

Quote
What is the problem? It´s my mistake passing some value?

Anyway, I'll need the sample of your code and certificates to reproduce this issue.
Please, post them to Helpdesk.
#9934
Posted: 05/06/2009 21:39:02
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Hi,

Could you please give me an explanation the validation signature for XADES docs. I don't understand why SBB need a cert with privatekeyexist to do valiation. Is it possible to validate XADES with the given cert without privatekey (cert content only).

(XMLBlackBox\SimpleSigner example)
Line 1152:if ((Cert != null) && Cert.PrivateKeyExists).

another question:
I have a detached xml signature (xml document that has only <signature tag only), using this signature, I always get the successful validation message for signature and preferences. I don't understand this, I think it is not enough information to do validation, this case, original xml document must be load to calculate hash to compare with the signed hash (decrypted by the public key) in the validation process. Is is true, please explain it for me.

And another question:
Suppose that I will choose several ca certificates in the trusted list of windows certificate store and capture the thumbprints of the selected certificates in database.

Now, a certificate chain will be given and loaded into the TELFileCertStorage, I need to check:
1. if there is a ca cert in the chain?
Yes: + check if this ca cert is in the selected trusted list saved in
database. Can I use thumbprint to compare (or to search) for checking.
+ How to extracted a ca cert from the chain (now loaded in the
FileCertStorage)
2. if there is only a certificate
+ How to check if the certificate is issued by a issuer whose ca certificate
is currently in the select trusted list saved in database

Thanks in advance!
Thanh
#9936
Posted: 05/07/2009 04:03:22
by Dmytro Bogatskyy (EldoS Corp.)

Quote
Could you please give me an explanation the validation signature for XADES docs. I don't understand why SBB need a cert with privatekeyexist to do valiation. Is it possible to validate XADES with the given cert without privatekey (cert content only).

(XMLBlackBox\SimpleSigner example)
Line 1152:if ((Cert != null) && Cert.PrivateKeyExists).

You are right this check is not needed for verification. I'll remove it.

Quote
another question:
I have a detached xml signature (xml document that has only <signature tag only), using this signature, I always get the successful validation message for signature and preferences. I don't understand this, I think it is not enough information to do validation, this case, original xml document must be load to calculate hash to compare with the signed hash (decrypted by the public key) in the validation process. Is is true, please explain it for me.

Of course not. The signature is valid it is ok. One of the references should be valid too, as it points to XAdES information that stored inside signature. But the remaining references should be invalid, of course if you don't fill URIData/URINode properties with correct data.

Quote
+ How to extracted a ca cert from the chain (now loaded in the
FileCertStorage)

Use ElCustomCertStorage.GetIssuerCertificate to find issuer certificate.
Please, see: http://www.eldos.com/documentation/sb...icate.html
http://www.eldos.com/documentation/sb...n_use.html
http://www.eldos.com/forum/read.php?F...&PAGEN_1=4
#9939
Posted: 05/07/2009 09:07:29
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Hi

Thanks for your support!

Another question: How to extract the certificate that was used to sign a pdf document. As you know we can do this with PKCS7 and XML signature.


Thanks
Thanh
#9940
Posted: 05/07/2009 09:16:52
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Got it by old thread

"The certificates used to sign a document are contained in TElPDFPublicKeySecurityHandler.Certificates certificate storage. I.e., you should (a) check if the TElPDFSignature.Handler object is an instance of TElPDFPublicKeySecurityHandler, and (b) access the certificates using the following type cast:
TElPDFPublicKeySecurityHandler(Signature.Handler).Certificates. "
#9941
Posted: 05/07/2009 11:22:35
by Thanh Nguyen Trung (Priority Standard support level)
Joined: 09/12/2008
Posts: 73

Hi

I have a question:
I have a signed document with xades signature. I need to validate the signature of the document with a give certificate. Is it true that I have to set a X509KeyData like the following:

Verifier = new TElXMLVerifier();
X509KeyData = new TElXMLKeyInfoX509Data(false);
X509KeyData.Certificate = Cert;
Verifier.KeyData = X509KeyData;

and then call
Verifier.ValidateSignature()

My question:
If the document has multiple signatures signed by multiple certificate, how is the validation going on? Is it realistic to validate signatures in a document using multiple given certificates, not embedded certificate in the signatures.

Thanks
Thanh
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 16814 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!