This is the fourth and final part to the AdES collection. It explains the usage of ASiC containers, which are files able to hold documents and digital signatures based on CAdES and XAdES.
The simple version of the container, named ASiC-S, can hold one document. This is a ZIP file which contains the following:
- An optional mimetype file, which contains the mime type of the container,
- The document to be signed. It can be any file, including another ASiC.
- A META-INF folder, which contains:
- Either a signatures.p7b, a detached CAdES signature on the document file, or,
- A signatures.xml which contains a detached XAdES signature of the document.
Because the signature is always detached, if the document to be signed is itself an XML file, there is no need to canonicalize it.
The extended version of the container, named ASiC-E, can hold any number of documents. This is a ZIP file which contains the following:
- An optional mimetype file, which contains the mime type of the container, application/vnd.etsi.asic-e+zip.
- The documents to be signed. It can also put them in directories.
- An ASiCManifest.xml file inside the META-INF folder:
This file contains references to all the files inside the container (in the above example, to file1.txt and to hello2.xml inside the folder named test.
- signatures.xml, signatures1.xml, signatures2.xml, etc. or signatures.p7s, signatures1.p7s which reference all or parts of the manifest file and sign them. There can be also other manifest files (ASiCManifest1.xml, etc.) which reference a different set of files.
HRESULT ASiC(ALEVEL alev,ATYPE typ,
LEVEL lev, std::vector<std::tuple<const BYTE*,DWORD,const char*>>& data,
std::vector<CERT>& Certificates, SIGNPARAMETERS& Params,
alev is the container mode, either
typ is the signing mode, either
- The rest of the parameters are passed to the CAdES and XAdES functions, check the relative articles for a full description.
fndata receives the container zip data.
ASiC is interesting, but many existing applications support MIME. Using my MIME library you can now put multiple files inside a MIME container which is now signed with CAdES and, with one of my own experimental functions, with XAdES. So let us call it MAdES.
To bring it further, I 've created enveloped signatures in HTML. HTML cannot be canonicalized easily, so I 've injected the signature between the <html> and the next tag. The file is parsed as binary, and the result is a XAdES-XL signature. Whether browsers will like my implementation in the future - who knows?
- 22nd September, 2018: First release