Search code examples
xmlxml-dsig

Xades multiple signatures

Hi everyone and thanks in advance for the help.

My goal is to let two or more different persons to deal with a document incrementally:

  • The first will create the xml, compile only a subsection of the document (according to his role) and then sign only what he compiled.

  • The second will take the document from the first guy and compile his subsections, without modifying anything that the first guy wrote. Then he will add his signature, signing both his subsections and the one of the first guy.

  • and so on...

How can I do it? According to the standard, XAdES specific xml elements (such as the ID of the certificate used to sign) are all inside the <object> element (in signed properties sub-element), which in my opinion implies that only one person can sign the object (i.e. the document) at a time without having to overwrite the signature data.

Am I wrong? Someone can help me undestanding if there's a way i did not considered?

Thanks,

A.

Solution

  • My 2 cents...

    This looks a case to use counter signatures.

    • To make sure that one only signs parts of the document, you have to work with the xpath transformers in the reference.

    • The second person will counter sign the previous signature and probably you also need to add the references (xpath?) the new sections that he edited.

    You have some research to do...

    Link to an example of a counter signature from xades4j: https://github.com/luisgoncalves/xades4j/blob/master/src/test/xml/document.signed.bes.cs.xml

    EDIT:

    See the xades spec: ETSI TS 101 903 V1.4.2 (2010-12) http://www.etsi.org/deliver/etsi_ts%5C101900_101999%5C101903%5C01.04.02_60%5Cts_101903v010402p.pdf See Chapter 7.2.4 and Annex C.

    Answer 1) I would say yes, as the spec says: "Applications MAY add other ds:Reference elements referencing the ds:SignatureValue elements of previously existent CounterSignature elements. This allows for building arbitrarily long chains of explicit countersignatures."

    Answer 2) Well, I suppose it is your decision... about countersignatures, they say: "The only purpose of this definition is to serve as an easy identification of a signature as actually being a countersignature." So, if you decide that it is easier (add the reasons that make sense to you here...) to do that as a signatures and not as countersignatures, you can.