2

I'm currently working on some legal requirements for my country (electronic invoicing) but I'm stuck on the signing part, here the background:

  1. The government provides every user with a .p12 certificate file
  2. Once an XML is generated, it has to be signed with XAdES-EPES based on the previous mentioned .p12 certificate.

I don't really understand much about certificates and security artifacts, I found a java library called: Xades4J however most of the examples mention a KeyStore and TSA (Which btw don't really understand what a TSA is), the scenario that I have seems very simple to use, but I believe most of the examples mentioned are far to complex.

Can anybody give me a hand about the concepts and/or provide with an example of how you can sign using XAdES-EPES having already a p12 file?

I saw some C# examples that I'll test too, thing is I'm mostly coding in Java.

Thanks in advance

Melvin Hidalgo Aguilar
  • 59
  • 1
  • 10
  • A keystore is some kind of storage for one or more key(s) and related data; PKCS12, often abbreviated (like file extension) P12 or p12 and also called PFX, is an industry-standard keystore format that usually contains an encrypted private key with certificate or chain -- or if you prefer, a cert/chain with private key. Java crypto has supported PKCS12 as _a_ keystore format for a long time and just-released Java 9 makes it the default. TSA in this context is [Time Stamping Authority](https://en.wikipedia.org/wiki/Trusted_timestamping#Trusted_%28digital%29_timestamping). – dave_thompson_085 Dec 26 '17 at 03:31
  • Does your application will have a legal context in Spain? I ask that because then you have the propers tools to work this out. – UHDante Dec 28 '17 at 16:35
  • Did you find out the answer you were looking for? – UHDante Jul 05 '18 at 06:53

2 Answers2

2

Recently, in the xades4j Github issues, there was a conversation around a scenario very similar to your requirements. Checkout this issue:

https://github.com/luisgoncalves/xades4j/issues/134

It includes example code using a p12 file for certificate/key. Hope this helps.

lgoncalves
  • 2,040
  • 1
  • 14
  • 12
1

Let's start from the beginning.

KeyStore : In a simple concept it is where you store your certificates, before the signing process you have to select a certificate normally extracted from a KeyStore -> Here you get a complete perspective about what is a keyStore.

TSA : Time Stamp Autoriry, this is an external entity, it have to be an official one if you need the government to accept your signatures. This will give you a timestamp mark and will add extra information to your previous signature securing that your certificate was valid and the signature was correct at that period of time. Here is a close context to extend your information about signatures

Take in mind that XAdES-EPES is deprecated, you should use instead XAdES-A (if you need periodical timestamping) or AdES-LTA.

In case and only in case that your application have a legal context in Spain you could use this tools to do what your needed: Sing and validate signatures

Hope this helps.

UHDante
  • 577
  • 9
  • 21