Discuss this help topic in SecureBlackbox Forum

Load CMS message

Creating a CAdES signature of the required level Creation of CAdES signatures compliant to a particular level (e.g. BES, T, XL) is a common task. While creating a proper signature might be not that straightforward (taking into account the plethora of co-existent profiles and the complexity of the task itself), in SecureBlackbox we tried to make it as simple as possible. The first step is common to all levels/profiles: you need to create a CMS message (represented by TElSignedCMSMessage class) and add an empty signature to it: TElSignedCMSMessage msg = new TElSignedCMSMessage(); msg.CreateNew(buf, 0, buf.Length); int sigIdx = msg.AddSignature(); // while sigIdx will always be 0 for new CMSes, a good practice is to use it anyway TElCMSSignature sig = msg.get_Signatures(sigIdx); Now, create an instance of TElCAdESSignatureProcessor class. TElCAdESSignatureProcessor is an add-on to general CMS classes which knows about CAdES profiles and is capable of adding signatures compliant to them. TElCAdESSignatureProcessor is created for a particular signature, not for a CMS, so you should pass your signature object to its constructor: TElCAdESSignatureProcessor processor = new TElCAdESSignatureProcessor(sig); Now, call any of Create* methods of the processor object to create a compliant signature: processor.CreateBES(cert); Some levels may require you to create additional components, such as the below example of T type signature creation: TElHTTPTSPClient tspClient = new TElHTTPTSPClient(); tspClient.HTTPClient = new TElHTTPSClient(); tspClient.URL = "http://mytsa.com/tsa"; processor.CreateT(cert, tspClient); Essentially, each CreateXXX() method does exactly two things: (1) configures attributes of the signature as required by the relevant profile, (2) signs the signature with the provided certificate and chain. Note: You can add your custom signed and/or unsigned attributes to the signature object if you need to do so (be careful not to violate the profile requirements though). This should be done before any CreateXXX() method is called.

Discuss this help topic in SecureBlackbox Forum