Copy link
Validate :
Signasuite allows you to validate both certificates and electronically signed documents. Specifically, the options shown are:
- Signature
- Certificate
- PDF document
Signasuite allows you to validate both electronically signed documents and detached signatures. The formats accepted specifically are:
The signature is in XML:
- XML/XAdES Detached > if the signature is separated into another file (2 files must be attached)
- XML/XAdES Enveloping > if the signature wraps (includes) the document, which will also be in xml
- XML/XAdES Enveloped > if the document, also in xml, wraps (includes) the signature.
If the signature is binary in PKCS#7 format, the document format is always taken as binary, and the formats may be:
- CMS/CAdES Detached > if the signature is separated into another file (2 files must be attached).
- CMS/CAdES Attached > if the signature is included in the document.
Whether the signature formats are XML/XAdes Enveloped, Enveloping or CMS/CAdES Attached, the document and signature will be in the same file, and you will only need to choose the file from the “Signature” box. In the case of “detached” formats, you can choose whether to upload the document corresponding to the signature or a text file containing the cryptographic summary of the document in base64. If you want to upload the signed document, you will need to specify whether the signed file is a binary or an xml.
It is important to specify well what the signature format was that was produced, especially if we are dealing with detached signatures, especially regarding the format of the document. The validation result may be negative, if an incorrect format is specified (for example saying that the format of the signed document is xml when it was signed as binary. On the other hand, in some cases, if the signed document is XML but the relevant previous canonicalizations have not been applied before signing (normalizing the document by removing line breaks, white space, etc.) it will be necessary to indicate the type of document as original with binary format (so that it is treated without canonicalization) so that the hashes match.
1.1 Result when validating signatures.
As a signature validation result , Signasuite reports:
- Result of the operation.
- Received with information about validation.
- Evidence: allows you to download a .zip file that includes information about the validation and the two validation request and response XMLs to the Validador Service.
In case of an error, a description of the error detected is given.
Certificate validation is allowed by entering the public part of the certificate in a file with a .cer extension encoded in base64. This type of file can be exported from the certificate store of operating systems and browsers. Uploading private key certificate files with p12 and pfx extensions is not allowed.
The certificate sent is validated using the Validador Service of the AOC Consortium, which takes into account the certificate profiles classified therein. The AOC Consortium classification document can be consulted at the following address:
https://www.aoc.cat/serveis-aoc/validador/#1450087630072-d2a9bd43-debe
It is worth noting that, in order to ensure the acceptance of all qualified profiles, the Validador Service sends the certificates of profiles that are not classified to the @firma state validation platform. The providers and profiles accepted by this platform can be consulted at the following link:
https://administracionelectronica.gob.es/ctt/afirma/descargas
2.1 Result when validating certificates.
As a result of a certificate validation operation, Signasuite reports:
- Result of the operation. It can be valid, invalid, expired, revoked, or error.
- Received with information about validation.
- Evidence: allows you to download a .zip file that includes information about the validation and the two validation request and response XMLs to the Validador Service.
- To help developers who consult Signasuite to compare its operation with that of third-party applications, the system presents both the request and the response in xml format that has been sent and received from the Validador Service. The requests and responses of the Validador Service conform to the OASIS Digital Signature Services (DSS) format, and its syntax can be consulted on the website: https://www.oasis-open.org/committees/dss/
In case of an error, a description of the error detected is given.