Articles Check a signature in XAdES, PAdES or CAdES format with TMS Cryptography Pack by Marion Candau

[emailx45]

Check a signature in XAdES, PAdES or CAdES format with TMS Cryptography Pack
Marion Candau

Спойлер: Content

[SHOWTOGROUPS=4,20]
Today version 3.2 of the Для просмотра ссылки Войди или Зарегистрируйся . The new features are listed in the image below.


Для просмотра ссылки Войди или Зарегистрируйся

CAdES, XAdES and PAdES stand for CMS, XML and PDF Advanced Electronics Signatures, respectively. These are signature formats maintained by Для просмотра ссылки Войди или Зарегистрируйся (European Telecommunications Standards Institute). These are extensions to CMS, XML and PDF signature formats to make them compliant with the European eIDAS (electronic IDentification, Authentication and trust Services) regulation, which is an EU regulation on electronic identification and trust services for electronic transactions within the European Union.

Small point on each format:

• CAdES is an extension of the signature format CMS (Cryptographic Message Syntax). It is a binary file, which is, in fact, encoded in ASN.1. You can sign any type of file with. The extension of such a signature file can be pkcs7 or p7m. CAdES supports two signature modes: detached and enveloping.
  • The detached mode produces a binary file without touching the original file and without reference to it inside, in terms of file names. To verify, you must therefore specify the name of the original file in addition to that of the signature.
  • The enveloping mode produces a binary file which includes the data of the original file inside. The signature wraps the data.
• XAdES is an extension of the XML-DSig format. It is an XML file. With detached and enveloping modes, you can sign any type of file. With enveloped mode, you can only sign XML files.
  • The detached mode produces an XML file without touching the original file and with the name of the file (without its path) in a URL field. To verify, you must therefore specify the path of the original file in addition to the signature file name.
  • The enveloping mode produces an XML file which includes the data of the original file inside. The signature wraps the data.
  • The enveloped mode adds the signature to the original XML file. We obtain an independent signed file.
• PAdES is an extension of the signature format of PDF files, which is by default in enveloped mode and which adds the signature to the original PDF file.

As TMS Cryptography Pack is a library of graphic components, just add TXAdES, TCAdES and TPAdES on your palette. So you have a file whose signature you want to verify. The idea is to just provide the original OriginalFile , the SignatureFile if it is separate, and that the function returns you whether the signature is valid or not.

If your file is a CAdES signature, the code would be as follows (we do not know in advance if the signature is detached or not, so we specify the name of the original file):

err: = CAdES.VerifySignature (SignatureFile, OriginalFile);

If your file is an XAdES signature, the code would be in this case (you need the path of the original file for detached mode):

XAdES.PathToOriginalFile: = ExtractFilePath (OriginalFile);
err: = XAdES.VerifySignature (SignatureFile);

If your file is a PAdES signature, then the code is:

err: = PAdES.VerifySignature (SignatureFile);

Now, how do you know if the file is a CAdES, XAdES or PAdES signature?

We will use the function GetFileMIMEType present in each of the classes TXAdES, TCAdES and TPAdES. It uses Indy's GetFileMIMEType function.

filetype: = XAdES.GetFileMimeType (SignatureFile);

What types are possible in our case?

XAdES is text / xml and PAdES is application / pdf. For CAdES, it's more complicated, it's a binary file, it could have any extension. In fact, it often has the extension pkcs7 or p7m, which gives the following type: application / octet-stream or application / pkcs7-mime.

Our function is therefore:

function VerifySignatureFile (SignatureFile, OriginalFile: string ): string ;
var 
 filetype: string ;
 err: Integer ;
begin
 filetype: = XAdES.GetFileMimeType (SignatureFile);

 if filetype = 'application / pdf'  then 
 begin
  err: = PAdES.VerifySignature (SignatureFile);
  if err = 0 then 
   Result : = 'Valid signature' 
  else 
   Result : = PAdES.VerifyError (err) + '\ n' + PAdES.ErrorDetails;
 end 
 else  if (filetype = 'application / octet-stream' ) or (filetype = 'application / pkcs7-mime' ) then 
 begin
  err: = CAdES.VerifySignature (SignatureFile, OriginalFile);
  if err = 0 then 
   Result : = 'Valid signature' 
  else 
   Result : = CAdES.VerifyError (err) + '\ n' + CAdES.ErrorDetails;
 end 
 else  if filetype = 'text / xml'  then 
 begin
  XAdES.PathToOriginalFile: = ExtractFilePath (OriginalFile);
  err: = XAdES.VerifySignature (SignatureFile);
  if err = 0 then 
   Result : = 'Valid signature' 
  else 
   Result : = XAdES.VerifyError (err) + '\ n' + XAdES.ErrorDetails;
 end 
 else 
  raise Exception.Create ( 'Signature format not recognized' );
end ;

You can also sign documents with TXAdES, TCAdES and TPAdES. If your signature is not recognized by TMS CP (especially for the XML-enveloped format, for which it is more difficult to deal with all cases), do not hesitate to contact me at marion [at] tmssoftware.com.

[/SHOWTOGROUPS]