XAdES Manifest Signature
In XAdES, a Manifest signature is the case in which the document is not directly signed, but a manifest is signed that refers to it (uniquely identifying it by means of a fingerprint and a reference). What we do is sign the fingerprint of the document instead of the document as stated in the regulations:
https://www.w3.org/TR/2000/WD-xmldsig-core-20000510/#sec-o-Manifest.
The advantages of an XAdES Manifest signature are clear, instead of sending documents that can weigh several hundred Mb, the reference and fingerprint of the documents are sent, drastically reducing the size that you browse the net. Example of a 3-document signature request using the XAdES Manifest signature type, instead of passing the document object, a list of references is provided:
The parameters that are received (in 'application/json' format) have the following form:
{
"userCode": "{{user_code}}",
"signatureConfigurations": [
{
"references": [
{
"uri": "src/test/examples/manifest/a_documento.pdf",
"digestValue": "GQBXsIg1NFp6IYYeAFuH6l7sjLv3FbvnpvvTX6f8ZEEr1TwgOuXFuEl9IVn1hseZJG+S1 a6LDhIJcKS1sCfJ/w=="
},
{
"uri": "src/test/examples/manifest/b_documento.pdf",
"digestValue": "GSLCsIg1NFp6IYYeAFuH6l7sjLv3FbvnpvvTX6f8ZEEr1TwgOuXFuEl9IVn1hseZJG+S1 a6LDhIJcKS1sJcF/g=="
},
{
"uri": "src/test/examples/manifest/c_documento.pdf",
"digestValue": "XMBXsIg1NFp6IYYeAFuH6l7sjLv3FbvnpvvTX6f8ZEEr1TwgOuXFuEl9IVn1hseZJG+S1 a6LDhIJcKS2mDfJ/m=="
}
],
"digestAlgorithm": "SHA512",
"signatureType": "XADES_B",
"signatureAlgorithm": "RSA_SHA256",
"packaging": "ENVELOPING",
"xadesConfiguration": {
"manifestSignature": true
}
}
]
}
Where:
| Parameter | Type | Description |
|---|---|---|
| userCode | string | User who must perform the signature, if the client system does not inform this value, Viafirma Fortress will request the user to use in the authentication and authorization process of the signature request |
| signatureConfigurations/references | array | Reference Collection |
| signatureConfigurations/references/uri | string | Name of the document to be signed |
| signatureConfigurations/references/digestValue | string | Document to be signed, coded in Base64 |
| signatureConfigurations/digestAlgorithm | string | Algorithm that will be used to encrypt the signature. Available values: - 'SHA1' - 'SHA224' - 'SHA256' - 'SHA384' - 'SHA512' |
| signatureConfigurations/signatureType | string | Type of signature. Available values: - 'CADES_B' - 'CADES_T' - 'CADES_LT' - 'CADES_LTA' - 'PADES_B' - 'PADES_T' - 'PADES_LT' - 'PADES_LTA' - 'XADES_B' - 'XADES_T' - 'XADES_LT' - 'XADES_LTA' - 'PKCS1' |
| signatureConfigurations/signatureAlgorithm | string | Algorithm that will be used to encrypt the signature. Available values: - 'RSA_SHA1' - 'RSA_SHA224' - 'RSA_SHA256' - 'RSA_SHA384' - 'RSA_SHA512' |
| signatureConfigurations/packaging | string | Signature wrap. Available values: - 'ENVELOPED' - 'ENVELOPING' - 'DETACHED' |
| signatureConfigurations/xadesConfiguration/manifestSignature | boolean | If true is indicated, instead of passing the document object, a list of references is provided. |
When signing, we will be able to see within our XAdES a MANIFEST structure with the reference to the document (instead of the document itself):
<ds:Manifest Id="manifest">
<ds:Reference URI="src/test/examples/manifest/a_documento.pdf">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
<ds:DigestValue>GQBXsIg1NFp6IYYeAFuH6l7sjLv3FbvnpvvTX6f8ZEEr1TwgOuXFuEl9IVn1hseZJG+S1a 6LDhIJcKS1sCfJ/w==</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="src/test/examples/manifest/a_documento.pdf">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
<ds:DigestValue>GSLCsIg1NFp6IYYeAFuH6l7sjLv3FbvnpvvTX6f8ZEEr1TwgOuXFuEl9IVn1hseZJG+S1 a6LDhIJcKS1sJcF/g==</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="src/test/examples/manifest/a_documento.pdf">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
<ds:DigestValue>XMBXsIg1NFp6IYYeAFuH6l7sjLv3FbvnpvvTX6f8ZEEr1TwgOuXFuEl9IVn1hseZJG+S1 a6LDhIJcKS2mDfJ/m==</ds:DigestValue>
</ds:Reference>
</ds:Manifest>
results matching ""
No results matching ""