Validate :

Signasuite allows you to validate both certificates and electronically signed documents. Specifically, the options shown are:

  1. Signature
  2. Certificate
  3. PDF document
1. Signature

Signasuite allows you to validate both electronically signed documents and detached signatures. The formats accepted specifically are:

The signature is in XML:

  • XML/XAdES Detached > if the signature is separated into another file (2 files must be attached)
  • XML/XAdES Enveloping > if the signature wraps (includes) the document, which will also be in xml
  • XML/XAdES Enveloped > if the document, also in xml, wraps (includes) the signature.

If the signature is binary in PKCS#7 format, the document format is always taken as a binary, i the formats may be:

  • CMS/CAdES Detached > if the signature is separated into another file (2 files must be attached).
  • CMS/CAdES Attached > if the signature is included in the document.

Whether the signature formats are XML/XAdes Enveloped, Enveloping o or CMS/CAdES Attached, the document i signature will be in the same file, i it will only be necessary to choose the file from the “Signature” box. In the case of “detached” formats, you can choose whether to upload the corresponding document a the signature o or a text file that contains the cryptographic summary of the document in base64. If you want to upload the signed document, you will need to specify whether the signed file is a binary o or an xml.

It is important to specify well what the signature format was that was produced, especially if we are dealing with detached signatures, especially regarding the document format. The validation result may be negative, if an incorrect format is specified (for example saying that the format of the signed document is xml when it was signed as a binary. On the other hand, in some cases, if the signed document is XML but the relevant previous canonicalizations have not been applied before signing (normalizing the document by removing lline breaks, white space, etc.) it will be necessary to indicate the document type as original with binary format (so that it is treated without canonicalization) so that the hashes match.

1.1 Result when validating signatures.

As a a signature validation result , Signasuite reports:

  • Result of l'operation.
  • Received with information about validation.
  • Evidence: allows you to download a .zip file that includes information about the validation i the two XML requests i validation response to the Validator Service.

valid signature.png

In case of error, a description of l'error detected is given.

2. Certificate

Certificate validation is allowed by entering the public part of the certificate in a file with a .cer extension encoded in base64. This type of file can be exported from the certificate store of operating systems i browsers. Uploading private key certificate files with p12 i pfx extensions is not allowed.

The certificate sent is validated using the AOC Consortium Validation Service, i which takes into account the certificate profiles classified therein. The AOC Consortium classification document can be consulted a at the following addressa:

<a href="https://www.aoc.cat/serveis-aoc/validador/#1450087630072-d2a9bd43-debe" rel="noopener noreferrer" target="_blank">https://www.aoc.cat/serveis-aoc/validador/#1450087630072-d2a9bd43-debe

It is worth a saying that, in order to ensure l'acceptance of all qualified profiles, the Validator Service sends a the validation platform of l'status @firma the certificates of profiles that do not have classified. The providers i profiles accepted by this platform can be consulted at the following link:

<a href="https://administracionelectronica.gob.es/ctt/afirma/descargas" rel="noopener noreferrer" target="_blank">https://administracionelectronica.gob.es/ctt/afirma/descargas

2.1 Result when validating certificates.

As a result of a certificate validation operation, Signasuite reports:

  • Result of l'operation. May be valid, invalid, expired, revoked o error
  • Received with information about validation.
  • Evidence: allows you to download a .zip file that includes information about the validation i the two XML requests i validation response to the Validator Service.
  • As a helps a developers who consult Signasuite to compare its operation with that of third-party applications, the system presents both the request and the response in xml format that has been sent i received from the Validator Service. The requests i responses from the Validator Service conform to the OASIS Digital Signature Services (DSS) format, i its syntax can be consulted on the website: <a href="https://www.oasis-open.org/committees/dss/" rel="noopener noreferrer" target="_blank">https://www.oasis-open.org/committees/dss/

certificate is valid.PNG

In case of error, a description of l'error detected is given.

3. PDF document
In a similar way to the validation of the other signatures, PDF documents can also be sent to be validated with results very similar to those described above. In this case, you will only need to upload the signed document, which cannot be larger than 10MB.