Hi!
Will this be a hindrance to signing xml documents in XAdES format?
Hi!
Will this be a hindrance to signing xml documents in XAdES format?
Yes the signing process will fail when checking the cert version.
You can fix it in X509Obj in function ParseVersion by replacing
Result := -1219;
with
Result := 0;
but this may not be enough as the bug is with the variable 'pos' that is wrong and used to complete the certificate parsing. Other fields may be incorrectly decoded and the signing process will eventually fail.
I need to rewrite the parsing process entirely.
Hi!
You are right. Now sign procedure fails with error:
Hi, this is 'normal' as the index to parse the certificate is not pointing to the right byte sequence. Oddly enough, this never happened and I have yet to understand why this is now a problem.
I am working on a fix to change the entire parsing process and extract ASN.1 BER sequences one by one instead of jumping to whatever field that we need. This takes some engineering and testing.
Hi, here is a link to a simple test programme. Can you please run it with your token?
You just need to select the PKCS#11 DLL with the button (full file path).
https://www.cyberens.fr/wp-content/uploads/2023/11/X509DecoderProject.zip
If there is no exception, then the new X509 decoder is fine.
Hi!
Unfortunately. An error occurred when the DLL file was selected.
My mistake, the object number was static (i.e., 1 whereas in your case it is 10).
Should be OK with
https://www.cyberens.fr/wp-content/uploads/2023/11/X509DecoderV1.zip
Ok, I guess the parsing issue is now fixed. There is still a unicode issue on common names, but no harm.
I will check how the signing process is affected and issue a fix with a revised version of X509Obj.pas and possibly PKCS11Obj.
Merry Christmas and Happy New Year !
Is it any progress? Is there any chance to hapy final?
Still working on it. Should not be to far off.
Just to keep you posted, I can sign and verify a PAdES signature and it verifies with FOXIT PDF Reader and Pyhanko (a python tool for PDF).
However, the verification fails with Acrobat Reader, PDF XChange Editor and Edge, because 'the certificate is not valid'. It looks like its validity cannot be verified, most likely because the verification chain is incomplete.
I'll try to fix this issue ASAP.
Hi!
I will use it for sign XML file with XAdES signature..
Hi!
Is there any chance for signing xml?
I am working on a tool to sign/verify PDFs with updated classes. Then the XML version should be next (and easier).
Hi!
Good news. Thanks.
BTW
I have read Your blog "A note on digital signatures and PKCS11 tokens" from February 20, 2024 and downloaded X509DecoderV1_4. It only decode certificate from a token and can't extract and dump my certificate.
What is the original format of your cert?
Hi!
I have USB card reader with cryptographic card. Dumped certicate to *.pem file. The contents uploaded in post nr 19.
OK. I need to write a full PEM parser to extract all relevant information.
Same with PKCS#12 certificates.
Current parsers of TMS CP only extract partial information (e. g., the key) and don't flag global syntax errors.
That is also why I rewrote the X509 and CMS parsers.