Sign a file according to CADES Format

Question

Everything goes fine when I sign a PDF file using Rebex Securty Cryptography The funtion I'm using creats a signed file with .p7m extension instead o .p7s the problem is that when I verify the document with my smartcard software i get the message that the file is not signed with a CADES format signature and that the file doesn't have The "Signing Certificate" attribute which are necessary to use the signed file as a legal attachment.

Here's my code:

'load the content of a file whose signature we wish to check
    Dim content As Byte() = File.ReadAllBytes("C:\temp\abc.pdf")

    Dim contentInfo As New Cryptography.Pkcs.ContentInfo(content)
    'Select Certificate 
    Dim Certificate As Certificate = SelCert()

    'create a PKCS #7 SignedData object base on this,

    Dim p7m As New SignedData(contentInfo, True)

    'add signers
    Dim signer As New SignerInfo(Certificate, SubjectIdentifierType.IssuerAndSerialNumber, SignatureHashAlgorithm.SHA256)

    p7m.IncludeOption = CertificateIncludeOption.WholeChain

    p7m.SignerInfos.Add(signer)

    p7m.Sign()
    Dim SignedData As Stream = File.OpenWrite("C:\temp\abc.pdf.p7m")
    p7m.Save(SignedData)
    SignedData.Close()

Answer 1

CAdES is an acronym of "CMS Advanced Electronic Signatures" and it's defined by RFC 5126, which states that CAdES "can be considered as an extension to RFC 3852 (CMS - Cryptographic Message Syntax) and RFC 2634 (Enhanced Security Services for S/MIME), where, when appropriate, additional signed and unsigned attributes have been defined."

Unfortunately, out CMS objects (SignedData, EnvelopedData, ...) only support CMS (RFC 3852 and RFC 5652) - there is no support for extensions defined by RFC 5126 (CAdES). Even though it might be possible to implement a full CAdES implementation based on SignedData object, it would not be trivial and require a fair amount of knowledge of RFC 5126 (CAdES).

We will definitely look into the possibility of adding CAdES support ourselves, but this would take some time as well because we are not familiar with CAdES either. Once we look into this, we will let you know. However, this won't happen in a month or two. Sorry!

Comments

Hi,

Is implemented CAdES-T in newer versions?

Thanks, Marcelo

---

Unfortunately, we have not added support for CAdES yes. It's still on our list of possible future enhancements, but so far we have been busy improving other parts of our libraries. Sorry!