Validate :
Signasuite allows you to validate both certificates and electronically signed documents. Specifically, the options shown are:
- Signature
- Certificate
- PDF document
Signasuite allows you to validate both electronically signed documents and detached signatures from your document (detached). The specifically accepted format are:
The signature is in XML:
- XML/XAdES Detached > if the signature is detached in another file (need to attach 2 files)
- XML/XAdES Enveloping > if the signature wraps (includes) the document, which will also be in xml
- XML/XAdES Enveloped > if the document, also in xml, wraps (includes) the signature.
If the signature is binary in PKCS#7 format, the document format is always taken as binary, and the formats may be:
- CMS/CAdES Detached > if the signature is detached in another file (2 files must be attached).
- CMS/CAdES Attached > if the signature is included in the document.
Whether the signature formats are XML/XAdes Enveloped, Enveloping or CMS/CAdES Attached, document and signature will be in the same file, and it will only be necessary to choose the file from the "Signature" box. In the case of "detached" formats, you can choose whether to upload the document corresponding to the signature or a text file containing the cryptographic summary of the document in base64. If you want to upload the signed document, you must specify whether the signed file is a binary or an xml.
It is important to specify well what was the signature format that was produced, especially if we are dealing with detached signatures, especially regarding the document format. The validation result can be negative, if an incorrect format is specified (for example saying that the format of the signed document is xml when it was signed as binary. On the other hand, in some cases, if the signed document is XML but the relevant previous canonicalizations have not been applied before signing (normalize the document by removing line breaks, white space, etc.) it will be necessary to indicate the type of document as original with binary format (so that it treats it without canonicalization) in order to that the hashes match.
1.1 Result when validating signatures.
As a signature validation result , Signasuite reports:
- Result of the operation.
- Received with validation information.
- Evidence: allows you to download a .zip file that includes the information about the validation and the two validation request and response XMLs to the Validador Service.
In the event of an error, a description of the detected error is given
Validation of certificates is allowed by entering the public part of the certificate in a base64-encoded .cer file. This type of file can be exported from the certificate store of operating systems and browsers. Uploading private key certificate files with p12 and pfx extensions is not allowed.
The certificate sent is validated using the Validador Service of the AOC Consortium, which takes into account the certificate profiles classified there. The classification document of the AOC Consortium can be consulted at the following address:
https://www.aoc.cat/serveis-aoc/validador/#1450087630072-d2a9bd43-debe
It is worth noting that, in order to ensure the acceptance of all qualified profiles, the Validador Service sends to the @firma status validation platform the certificates of profiles that are not classified. The lenders and profiles accepted by this platform can be consulted at the following link:
https://administracionelectronica.gob.es/ctt/afirma/descargas
2.1 Result when validating certificates.
As a result of a certificate validation operation, Signasuite reports:
- Result of the operation. It can be valid, invalid, expired, revoked, or error
- Received with validation information.
- Evidence: allows you to download a .zip file that includes the information about the validation and the two validation request and response XMLs to the Validador Service.
- To help developers who consult Signasuite to compare their performance with that of third-party applications, the system presents both the request and the response in xml format that was sent and received from the Validador Service. The requests and responses of the Validador Service conform to the OASIS Digital Signature Services (DSS) format, and its syntax can be consulted on the web: https://www.oasis-open.org/committees/dss/
In the event of an error, a description of the detected error is given