search

lovele0107 / signatures-conformance-checker

7 stars 0 forks source link

PAdES Conformance Checker is not working #16

Closed EdmundoDiaz closed 3 years ago

EdmundoDiaz commented 3 years ago

The error message says : "The AdES Conformance Checker has found some error before being able to build a suitable framework for starting checking conformance. See below in case it has been able to provide additional information on the error.

An error was detected but could not be added to this report"

I've uploaded a PDF PAdES signed document for your reference.

Many thanks

TEST.pdf

jccruellas commented 3 years ago

Good afternoon Edmundo. Thank you very much indeed for using the PAdESCC. I have been reviewing the tool, and I have fixed a problem in the treatment of references. Now my local copy of PAdESCC seems to work fine and properly generates the report. I will update the PAdESCC deployed at ETSI server during next week. Meanwhile, please find attached a summary of the errors detected by the tool in your signature when I have asked it to check your signature against ETSI EN 319 142-1.

  1. The field Subfilter in your Signature dictionary is 'adbe.pkcs7.detached'. According to the specs it should be 'ETSI.CAdES.detached'

  2. The signature that you place within Contents field in your signature dictionary is missing a mandatory CAdES attribute, namely either essSigningCertificate or essSigningCertificateV2. This is an attribute that includes the digest of the signing certificate. You have added the following signed attributes:

    {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) contentType(3)} {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7) id-data(1)} {iso(1) member-body(2) us(840) adobe(113583) acrobat(1) security(1) revocationInfoArchival(8)}

  3. The third signed attribute, as far as I am aware, is not an attribute specified for PAdES signatures in ETSI EN 319 142-1. I see that you placed here some, and that is why the PAdESCC does not know it....I will try to improve the message so that it reports the OID of the attribute...I see that you placed there a Basic OCSP response....well, as I said, this attribute is not an attribute specified within the EN that defines PAdES signatures.

As I said, I will try to improve the message for the third error reported and once done it, I will upload the new version to the ETSI Server; hopefully during this week.

Regards Juan Carlos Cruellas.

PAdESCC_ReportedErrorsOn_Ascertia Mutual NDA - TEST pdf
EdmundoDiaz commented 3 years ago

Thank you so much for your feedback, Juan Carlos. I'll try to solve all the highlighted issues.

Best regards

On Sun, 13 Jun 2021 at 16:09, jccruellas @.***> wrote:

Good afternoon Edmundo. Thank you very much indeed for using the PAdESCC. I have been reviewing the tool, and I have fixed a problem in the treatment of references. Now my local copy of PAdESCC seems to work fine and properly generates the report. I will update the PAdESCC deployed at ETSI server during next week. Meanwhile, please find attached a summary of the errors detected by the tool in your signature when I have asked it to check your signature against ETSI EN 319 142-1.

1.

The field Subfilter in your Signature dictionary is 'adbe.pkcs7.detached'. According to the specs it should be 'ETSI.CAdES.detached' 2.

The signature that you place within Contents field in your signature dictionary is missing a mandatory CAdES attribute, namely either essSigningCertificate or essSigningCertificateV2. This is an attribute that includes the digest of the signing certificate. You have added the following signed attributes:

{iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) contentType(3)} {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7) id-data(1)} {iso(1) member-body(2) us(840) adobe(113583) acrobat(1) security(1) revocationInfoArchival(8)} 3.

The third signed attribute, as far as I am aware, is not an attribute specified for PAdES signatures in ETSI EN 319 142-1. I see that you placed here some, and that is why the PAdESCC does not know it....I will try to improve the message so that it reports the OID of the attribute...I see that you placed there a Basic OCSP response....well, as I said, this attribute is not an attribute specified within the EN that defines PAdES signatures.

As I said, I will try to improve the message for the third error reported and once done it, I will upload the new version to the ETSI Server; hopefully during this week.

Regards Juan Carlos Cruellas.

[image: PAdESCC_ReportedErrorsOn_Ascertia Mutual NDA - TEST pdf] https://user-images.githubusercontent.com/50237279/121812896-02c50c80-cc6a-11eb-9220-8417d9e69e21.png

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/lovele0107/signatures-conformance-checker/issues/16#issuecomment-860226130, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUMZ6XNV6GJND2UWL6IOFQ3TSTCZHANCNFSM46KAEGDA .

jccruellas commented 3 years ago

Good morning Edmundo. I have updated the PAdESCC version at the ETSI portal. Could you please check it with exactly the same signature as you shared with me? I have already done it and it seems to work fine. If you get the errors that I mentioned in my last comment, this will mean that the issue that you reported has been fixed and we can close this issue. If you have any other, we should open a new one. Looking forward your feedback Juan Carlos

EdmundoDiaz commented 3 years ago

Good morning Juan Carlos,

It does work as I get the same errors you previously mentioned.

Thank you very much for your help.

Best regards.

On Tue, 15 Jun 2021 at 08:57, jccruellas @.***> wrote:

Good morning Edmundo. I have updated the PAdESCC version at the ETSI portal. Could you please check it with exactly the same signature as you shared with me? I have already done it and it seems to work fine. If you get the errors that I mentioned in my last comment, this will mean that the issue that you reported has been fixed and we can close this issue. If you have any other, we should open a new one. Looking forward your feedback Juan Carlos

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/lovele0107/signatures-conformance-checker/issues/16#issuecomment-861275228, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUMZ6XMOXC3RW3VB6VZTFULTS4BU3ANCNFSM46KAEGDA .

jccruellas commented 3 years ago

Thanks a lot Edmundo. I will proceed to close this issue. Should you have any other comment just use this tool Best regards Juan Carlos.