.NET and the CAdES standard


Hi all,

You may want to sign data and verify those signatures by following the CAdES standard in your .NET application.

The issue is that, by default, we have no specific MS API or MS .NET security library to create or verify CAdES signatures.

As you may know already, .NET security libraries are a wrapper around the Microsoft native CryptoAPI. Unfortunately, low level CryptoAPI doesn’t understand CAdEs signatures.

So you may try to use e.g. SignedCms.CheckSignature to verify a CAdES signature (which is the usual way to check a CMS digital signature by using the approach detailed at Understanding of SignedCms.CheckSignature(True)) and it may return “true”. But .NET won’t be verifying the CAdES piece so it won’t satisfy your requirements.
 
You may need to follow the CAdES standard (RFC5126 – CMS Advanced Electronic Signatures (CAdES)) and implement your own library for the creation and verification of this kind of signatures, or you may leverage the possibility of buying a third-party library that supports that standard. This is one example I found from one of our partners:

TrueSigner – advanced electonic signature application

Application fully implements ETSI i IETF standards for advanced electronic signatures: ETSI TS 101 733 – CAdES and IETF RFC 5126 – CMS Advanced Electronic Signatures (CAdES). To support modularity TrueSigner exposes full COM interface, so solution can be easily integrated to customer or partner solution.

I hope this helps.

Regards,

 

Alex (Alejandro Campos Magencio)

Comments (1)

  1. Jose Bonilla says:

    Thanks, you can also try this c# ported version of an European Commission initiative:

    github.com/…/dssnet