0

All files are stored in the cloud system. The average size of file 200MB.Very large size of the files.Also Usb token on the client side. I don't want to transfer entire file from the server to client. I just want to sign the hash of the file on the client side. How can I do this with the xades4j library?

  • Either write plenty of code or take a look at Distributed Cryptography add-on for SecureBlackbox, which does exactly this. I provided it's description in this answer: http://stackoverflow.com/questions/10656100/signing-pdfs-on-a-server-document-using-a-signature-from-the-user/10656679#10656679 . Note - this is our product. The answer is about PDF, but the same applies to XMLDSig/XAdES as well. – Eugene Mayevski 'Callback Mar 22 '14 at 20:44
  • Or take a look at centralized PKI signing. I describe it in this [SO answer](http://stackoverflow.com/a/22372367/64904). Centralized signing is available from [CoSign](http://www.arx.com) and other vendors. Disclosure, I work for CoSign. – Larry K Mar 23 '14 at 05:11

1 Answers1

0

I'm not sure I fully understood, but here are some ideas:

  • Make the file accessible via HTTP. Xade4j (actually, the underlying Apache Santuario) already supports HTTP data object references. This requires that the file is downloaded to the client, which can be bad/undesirable. The file will be digested (hashed) as part of the normal signature production.

  • Use an anonymous data object reference, created with the hash of the file as illustrated here: https://code.google.com/p/xades4j/wiki/DefiningSignedResources. This value is the input for the data object reference, which means it will actually be digested again, but that shouldn't be a problem.

  • Use an EnvelopedXmlObject enclosing the hash. Explained in the same page as above.

lgoncalves
  • 2,040
  • 1
  • 14
  • 12
  • Luis, thank you for the your answer. I've updated the question. I'm waiting for your help again. –  Mar 26 '14 at 08:20
  • Given your update, I'd say that the 2nd option I sugested is the best approach. – lgoncalves Apr 04 '14 at 08:40
  • How do I use AnonymousDataObjectReference object? I am using SignerBes class. –  Apr 09 '14 at 06:55