SecureBlackbox 16: What versions of XAdES are supported?

Note: This article applies only to SecureBlackbox Legacy. For future development please consider using the latest version.

XAdES versions 1.1.1, 1.2.2, 1.3.2, and 1.4.1 (1.4.2) are supported. For XAdES (XAdES-BES, XAdES-EPES) and XAdES-T forms, there is a simple interface available via the TElXAdESSigner and TElXMLVerifier classes. The TElXAdESSigner and TElXMLVerifier classes have a QualifyingProperties property that fully implements the QualifyingProperties element from the XAdES specification. All other XAdES forms are controlled through this QualifyingProperties property.

Creating a countersignature and all timestamping could be done using the ElXAdESProcessor methods. For example:

ElXAdESSigner.AddSigAndRefsTimestamp (XAdES-X), ElXAdESVerifier.AddArchiveTimestamp (XAdES-A)

But, some properties such as Id don't have a corresponding method/property in TElXAdESSigner and can be set only via the QualifyingProperties property.

Next, if you need to set AttributeCertificateRefs (for a XAdES-C form), you will need to set it directly using the ElXAdESSigner.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.AttributeCertificateRefs property.

Below is an example of how to fill RevocationValues and CompleteRevocationRefs with an OCSP response (C# notation):

ElXAdESSigner.XAdESForm = SBXMLAdES.Unit. XAdES_X_L;
ElXAdESSigner.Generate(); // generate QualifyingProperties structure

...

TElOCSPResponse OCSPResponse; // for example we have the OCSP response already
int Size = 0;
byte[] OCSPResponseBuf;
OCSPResponse.Save(ref OCSPResponseBuf, 0, ref Size);
  OCSPResponseBuf = new Byte
if (OCSPResponse.Save(ref OCSPResponseBuf, 0, ref Size))

{
   SBUtils.Unit.SetLength(OCSPResponseBuf, Size);
   TElXMLEncapsulatedPKIData PKIData = new TElXMLEncapsulatedPKIData(XAdESSigner.XAdESVersion); 
   PKIData.Encoding = SBXMLAdES.Unit.xemDER; 
   PKIData.Data = BufPKI;
   ElXAdESSigner.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.RevocationValues.OCSPValues.Add(PKIData);

  TElXMLOCSPRef OCSPRef = new TElXMLOCSPRef(XAdESSigner.XAdESVersion); 
  if (FResponderID.Name.Count > 0) 
  {
    OCSPRef.OCSPIdentifier.ResponderID = SBXMLSec.Unit.FormatRDN(OCSPResponse.ResponderID.Name);
    OCSPIdentifier.ResponderIDType = SBXMLAdES.Unit.xrtByName;
  } 

  else 
    if (FResponderID.FSHA1KeyHash.Length() > 0)
    { 
      OCSPRef.DigestAlgAndValue.DigestMethod = xmlDigestMethodSHA1;
      OCSPRef.DigestAlgAndValue.DigestValue = OCSPResponse.ResponderID.SHA1KeyHash; 
      OCSPIdentifier.ResponderIDType = SBXMLAdES.Unit.xrtByKey 
    } 
  OCSPRef.OCSPIdentifier.ProducedAtUTC = OCSPResponse.ProducedAt;
  ElXAdESSigner.QualifyingProperties.UnsignedProperties.UnsignedSignatureProperties.CompleteRevocationRefs.OCSPRefs.Add(OCSPRef); 
}

We appreciate your feedback.  If you have any questions, comments, or suggestions about this article please contact our support team at kb@nsoftware.com.