SecureBlackbox 16: What versions of XAdES are supported?

Note: This article applies only to SecureBlackbox Legacy. For future development please consider using the latest version.

XAdES versions 1.1.1, 1.2.2, 1.3.2, and 1.4.1 (1.4.2) are supported. For XAdES (XAdES-BES, XAdES-EPES) and XAdES-T forms, there is a simple interface available via the TElXAdESSigner and TElXMLVerifier classes. The TElXAdESSigner and TElXMLVerifier classes have a QualifyingProperties property that fully implements the QualifyingProperties element from the XAdES specification. All other XAdES forms are controlled through this QualifyingProperties property.

Creating a countersignature and all timestamping could be done using the ElXAdESProcessor methods. For example:

ElXAdESSigner.AddSigAndRefsTimestamp (XAdES-X), ElXAdESVerifier.AddArchiveTimestamp (XAdES-A)

But, some properties such as Id don't have a corresponding method/property in TElXAdESSigner and can be set only via the QualifyingProperties property.

Next, if you need to set AttributeCertificateRefs (for a XAdES-C form), you will need to set it directly using the ElXAdESSigner.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.AttributeCertificateRefs property.

Below is an example of how to fill RevocationValues and CompleteRevocationRefs with an OCSP response (C# notation):

ElXAdESSigner.XAdESForm = SBXMLAdES.Unit. XAdES_X_L; ElXAdESSigner.Generate(); // generate QualifyingProperties structure ... TElOCSPResponse OCSPResponse; // for example we have the OCSP response already int Size = 0; byte[] OCSPResponseBuf; OCSPResponse.Save(ref OCSPResponseBuf, 0, ref Size); OCSPResponseBuf = new Byte if (OCSPResponse.Save(ref OCSPResponseBuf, 0, ref Size)) {  SBUtils.Unit.SetLength(OCSPResponseBuf, Size);  TElXMLEncapsulatedPKIData PKIData = new TElXMLEncapsulatedPKIData(XAdESSigner.XAdESVersion);  PKIData.Encoding = SBXMLAdES.Unit.xemDER;  PKIData.Data = BufPKI;  ElXAdESSigner.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.RevocationValues.OCSPValues.Add(PKIData); TElXMLOCSPRef OCSPRef = new TElXMLOCSPRef(XAdESSigner.XAdESVersion); if (FResponderID.Name.Count > 0) { OCSPRef.OCSPIdentifier.ResponderID = SBXMLSec.Unit.FormatRDN(OCSPResponse.ResponderID.Name); OCSPIdentifier.ResponderIDType = SBXMLAdES.Unit.xrtByName; } else if (FResponderID.FSHA1KeyHash.Length() > 0) { OCSPRef.DigestAlgAndValue.DigestMethod = xmlDigestMethodSHA1; OCSPRef.DigestAlgAndValue.DigestValue = OCSPResponse.ResponderID.SHA1KeyHash; OCSPIdentifier.ResponderIDType = SBXMLAdES.Unit.xrtByKey } OCSPRef.OCSPIdentifier.ProducedAtUTC = OCSPResponse.ProducedAt; ElXAdESSigner.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.OCSPRefs.Add(OCSPRef); }

We appreciate your feedback.  If you have any questions, comments, or suggestions about this article please contact our support team at kb@nsoftware.com.