EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Implementing CAdES signing of data using SecureBlackbox (page 1)

First | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | Last | All
There are several ways to create a CAdES signature with SecureBlackbox. One of the simplest of them is to use the TElCAdESSignatureProcessor class. Whilst creating an advanced signature is generally a non-trivial and fairly sophisticated task, TElCAdESSignatureProcessor aims to do most of the job internally and transparently to the user.

TElCAdESSignatureProcessor is capable of creating CAdES signatures of all the subtypes defined in the standard (CAdES-BES, -EPES, -T, -C, -X, -XL and -A). It can also upgrade CAdES signatures of a ‘lower’ subtype (e.g. CAdES-T) to an ‘upper’ one (e.g. CAdES-XL or CAdES-A).

Below you will find a collection of code snippets that illustrate the use of TElCAdESSignatureProcessor class.

Creating a CAdES-BES signature

CAdES-BES ([CADES, p. 4.3.1]) is a simplest subtype of CAdES signatures which only contains the digital signature itself and a collection of mandatory signed attributes (message digest, content type and signing certificate). A CAdES-BES signature can be created with the following code:

[Delphi]

// Creating an instance of signature processor.
CAdESProcessor := TElCAdESSignatureProcessor.Create();
try
  // Creating an instance of the signed message class.
  CMS := TElSignedCMSMessage.Create(nil);
  try
    // Creating NEW signed message.
    CMS.CreateNew(SourceStream, 0, SourceStream.Size);

    // Adding a signature.
    Sig := CMS.Signatures[CMS.AddSignature()];

    // Binding the signature to the CAdES processor.
    CAdESProcessor.Signature := Sig;

    // Creating the signature.
    CAdESProcessor.CreateBES(Cert);
 
    // Saving the CMS.
    CMSStream := TFileStream.Create(‘signature-BES.bin’, fmCreate);
    try
      CMS.Save(CMSStream);
    finally
      FreeAndNil(CMSStream);
    end;
  finally
    FreeAndNil(CMS);
  end;
finally
  FreeAndNil(CAdESProcessor);
end;

[C#]

// Creating an instance of signature processor.
TElCAdESSignatureProcessor processor = new TElCAdESSignatureProcessor();
try
{
  // Creating an instance of the signed message class.
  TElSignedCMSMessage cms = new TElSignedCMSMessage();
  try
  {
    // Creating NEW signed message.
    cms.CreateNew(sourceStream, 0, sourceStream.Length);

    // Adding a signature.
    TElCMSSignature sig = cms.get_Signatures(cms.AddSignature());

    // Binding the signature to the CAdES processor.
    processor.Signature = sig;

    // Creating the signature.
    processor.CreateBES(cert);
 
    // Saving the CMS.
    FileStream cmsStream = new FileStream(“signature-BES.bin”, FileMode.Create);
    try
    {
      cms.Save(cmsStream);
    }
    finally
    {
      cmsStream.Close();
    }
  } 
  finally
  {
    cms.Dispose();
  }
}
finally
{
  processor.Dispose();
}

In the above code the SourceStream object should contain the data to be signed and be positioned to its beginning, and the Cert object should reference a valid signing certificate with the associated private key. These requirements apply to all sample code snippets below.

First | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | Last | All

Return to the list

|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!