ESYAE-imza Kütüphaneleri

Bu sayfa salt okunur. Kaynağı görebilirsiniz ama değiştiremezsiniz. Bunun yanlış olduğunu düşünüyorsanız yöneticiye danışın.

<h1>Signature Profiles</h1> <div class="level1"> <p> For the detailed information about signature profiles see <code><a href="http://www.tk.gov.tr/bilgi_teknolojileri/elektronik_imza/dosyalar/Elektronik_Imza_Kullanim_Profilleri_Rehberi.pdf" class="urlextern" title="http://www.tk.gov.tr/bilgi_teknolojileri/elektronik_imza/dosyalar/Elektronik_Imza_Kullanim_Profilleri_Rehberi.pdf" rel="nofollow">http://www.tk.gov.tr/bilgi_teknolojileri/elektronik_imza/dosyalar/Elektronik_Imza_Kullanim_Profilleri_Rehberi.pdf</a></code> which is also located in <code>config/profiller</code>. </p> <p> The sample codes are in the package <code>tr.gov.tubitak.uekae.esya.api.xades.example.profiles</code>. </p> </div> <h2>P1- Instantenous - Signature Profile</h2> <div class="level2"> <p> It used in the applications where the security requirement is low and onl an instantenous validation is needed. The signature time is accepted as the time when the signed document is received by the verifier. This profile shoul be preferred when no future verification of the signature is required. The sample code is in <code>P1</code>. </p> <p> <em><</em>sxh java> <em> create context with working directory Context context = createContext(); </em> add resolver to resolve policies context.addExternalResolver(POLICY_RESOLVER); </p> <p> <em> create signature according to context, </em> with default type (XADES_BES) XMLSignature signature = new XMLSignature(context); </p> <p> <em> add document as reference, but do not embed it </em> into the signature (embed=false) signature.addDocument("./sample.txt", "text/plain", false); </p> <p> signature.getSignedInfo().setSignatureMethod(SignatureMethod.RSA_SHA256); </p> <p> <em> false-true gets non-qualified certificates while true-false gets qualified ones X509Certificate cert = JSmartCardManager.getInstance().getSignatureCertificate(true, false); </em> add certificate to show who signed the document signature.addKeyInfo(new ECertificate(cert.getEncoded())); </p> <p> <em> set time now signature.setSigningTime(Calendar.getInstance()); </em> now sign it by using smart card signature.sign(JSmartCardManager.getInstance().getSigner(PIN, cert)); </p> <p> signature.write(new FileOutputStream(BASE_DIR + SIGNATURE_FILENAME)); <em><</em>/sxh> </p> <p> This profile does not refer to any defined signature policy. </p> </div> <h2>P2 -Short-term- Signature Profile</h2> <div class="level2"> <p> It should be used when signatures have a short life and no OCSP access is available. When OCSP is available, P4 profile should be used. The code is in <code>P2</code>. </p> <p> <em><</em>sxh java> <em> create context with working directory Context context = createContext(); </em> add resolver to resolve policies context.addExternalResolver(POLICY_RESOLVER); </p> <p> <em> create signature according to context, </em> with default type (XADES_BES) XMLSignature signature = new XMLSignature(context); </p> <p> <em> add document as reference, but do not embed it </em> into the signature (embed=false) signature.addDocument("./sample.txt", "text/plain", false); </p> <p> signature.getSignedInfo().setSignatureMethod(SignatureMethod.RSA_SHA256); </p> <p> <em> false-true gets non-qualified certificates while true-false gets qualified ones X509Certificate cert = JSmartCardManager.getInstance().getSignatureCertificate(true, false); </em> add certificate to show who signed the document signature.addKeyInfo(new ECertificate(cert.getEncoded())); </p> <p> <em> set time now signature.setSigningTime(Calendar.getInstance()); </em> set policy info defined and required by profile signature.setPolicyIdentifier(OID_POLICY_P2, </p> <pre class="code"> "Kısa Dönemli ve SİL Kontrollü Güvenli Elektronik İmza Politikası", "http://www.tk.gov.tr/bilgi_teknolojileri/elektronik_imza/dosyalar/Elektronik_Imza_Kullanim_Profilleri_Rehberi.pdf" </pre><p> </p> <p> ); </p> <p> <em> now sign it by using smart card signature.sign(JSmartCardManager.getInstance().getSigner(PIN, cert)); </em> upgrade to T signature.upgrade(SignatureType.ES_T); </p> <p> signature.write(new FileOutputStream(BASE_DIR + SIGNATURE_FILENAME)); <em><</em>/sxh> </p> </div> <h2>P3 -Long-term - Signature Profile</h2> <div class="level2"> <p> It is used if OCSP is not available. Otherwise using P3 has no advantage over using P4 and sould not be preferred due to large CRL sizes and the grace period requirement. The code is in <code>P3</code>. </p> <p> <em><</em>sxh java> <em> create context with working directory Context context = createContext(); </em> add resolver to resolve policies context.addExternalResolver(POLICY_RESOLVER); </p> <p> <em> create signature according to context, </em> with default type (XADES_BES) XMLSignature signature = new XMLSignature(context); </p> <p> <em> add document as reference, but do not embed it </em> into the signature (embed=false) signature.addDocument("./sample.txt", "text/plain", false); </p> <p> signature.getSignedInfo().setSignatureMethod(SignatureMethod.RSA_SHA256); </p> <p> <em> false-true gets non-qualified certificates while true-false gets qualified ones X509Certificate cert = JSmartCardManager.getInstance().getSignatureCertificate(true, false); </em> add certificate to show who signed the document signature.addKeyInfo(new ECertificate(cert.getEncoded())); </p> <p> <em> set time now signature.setSigningTime(Calendar.getInstance()); </em> set policy info defined and required by profile signature.setPolicyIdentifier(OID_POLICY_P3, </p> <pre class="code"> "Uzun Dönemli ve SİL Kontrollü Güvenli Elektronik İmza Politikası", "http://www.tk.gov.tr/bilgi_teknolojileri/elektronik_imza/dosyalar/Elektronik_Imza_Kullanim_Profilleri_Rehberi.pdf" </pre><p> </p> <p> ); </p> <p> <em> now sign it by using smart card signature.sign(JSmartCardManager.getInstance().getSigner(PIN, cert)); </em> upgrade to T signature.upgrade(SignatureType.ES_T); </p> <p> signature.write(new FileOutputStream(BASE_DIR + "p3_temp.xml")); <em><</em>/sxh> </p> <p> İkinci kod yeni bir SİL yayınlandıktan sonra çalıştırılmalıdır. </p> <p> <em><</em>sxh java> <em> create context with working directory Context context = createContext(); </em> set policy such that it only works with CRL CertValidationPolicies policies = new CertValidationPolicies(); policies.register(null, PolicyReader.readValidationPolicy(POLICY_FILE_CRL)); </p> <p> context.getConfig().getValidationConfig().setCertValidationPolicies(policies); </p> <p> <em> add resolver to resolve policies context.addExternalResolver(POLICY_RESOLVER); </em> read temporary signature XMLSignature signature = XMLSignature.parse(new FileDocument(new File(BASE_DIR + "p3_temp.xml")),context); </p> <p> <em> upgrade to XL signature.upgrade(SignatureType.ES_XL); signature.write(new FileOutputStream(BASE_DIR + SIGNATURE_FILENAME)); </em><<em>/sxh> ===== P4 - Long-Term - Signature Profile ===== It is the most secure and smooth signature profile having the longest life. The validation data is included in the signature. The code is in <code>P4</code>. </em><<em>sxh java> </em> create context with working directory Context context = createContext(); </p> <p> <em> add resolver to resolve policies context.addExternalResolver(POLICY_RESOLVER); </em> create signature according to context, <em> with default type (XADES_BES) XMLSignature signature = new XMLSignature(context); </em> add document as reference, but do not embed it <em> into the signature (embed=false) signature.addDocument("./sample.txt", "text/plain", false); signature.getSignedInfo().setSignatureMethod(SignatureMethod.RSA_SHA256); </em> false-true gets non-qualified certificates while true-false gets qualified ones X509Certificate cert = JSmartCardManager.getInstance().getSignatureCertificate(true, false); </p> <p> <em> add certificate to show who signed the document signature.addKeyInfo(new ECertificate(cert.getEncoded())); </em> set time now signature.setSigningTime(Calendar.getInstance()); </p> <p> <em> set policy info defined and required by profile signature.setPolicyIdentifier(OID_POLICY_P4, "Uzun Dönemli ve ÇİSDuP Kontrollü Güvenli Elektronik İmza Politikası", "http:</em><a href="http://www.tk.gov.tr/bilgi_teknolojileri/elektronik_imza/dosyalar/Elektronik_Imza_Kullanim_Profilleri_Rehberi.pdf"" class="urlextern" title="http://www.tk.gov.tr/bilgi_teknolojileri/elektronik_imza/dosyalar/Elektronik_Imza_Kullanim_Profilleri_Rehberi.pdf"" rel="nofollow">www.tk.gov.tr/bilgi_teknolojileri/elektronik_imza/dosyalar/Elektronik_Imza_Kullanim_Profilleri_Rehberi.pdf"</a> ); </p> <p> <em> now sign it by using smart card signature.sign(JSmartCardManager.getInstance().getSigner(PIN, cert)); </em> upgrade to XL signature.upgrade(SignatureType.ES_XL); </p> <p> signature.write(new FileOutputStream(BASE_DIR + SIGNATURE_FILENAME)); <em><</em>/sxh> </p> </div> <h2>Archival Signature</h2> <div class="level2"> <p> Before the certificate of the last timestamp in the signature expires or the algorithm used in the signatures are weakened, an archival signature must be added to the signed document In order to get archival signature the method </p> <p> <em><</em>sxh java> signature.upgradeToXAdES_A(); <em><</em>/sxh> </p> <p> over X-Long (P4) signature, and in order to update an existing archival signature the method metodu; halihazırda arşiv tipindeki imzaya her arşiv zaman damgası eklenmek istendiğinde ise </p> <p> <em><</em>sxh java> signature.addArchiveTimeStamp(); <em><</em>/sxh> </p> <p> is used. </p> </div>