Александър Гьонов
Здрасти, аз съм Сашо
Контакти
 
[ БГ EN ]
light_mode dark_mode

Need for Advanced Electronic Signatures for XML and JSON - XAdES and JAdES in C# / .NET

Last year I was working on a project, which included development of functionalities related to creation and validation of Advanced Electronic Signatures for XML and JSON - XAdES and JAdES. These are part of the larger eIDAS EU regulation.

The project itself was implemented in .NET. While working with .NET in this area I have realized that the .NET platform has some gaps both as unimplemented, but needed, base platform functionalities and in documentation and examples.

So - I created a library to facilitate my team working on the main project. Also, library that may be used as a reference (or example if you prefer) of how to achieve some tasks using .NET platform's abilities in some areas and how to extend minor .NET platform's gaps in other areas, to be in help for the broader developers community.

With the help of the CryptoEx library you can create Advanced Electronic Signatures for XML and JSON - XAdES and JAdES of the all four levels:

  1. Baseline-B - The basic qualified signature
  2. Baseline-T - Qualified signature with a signature timestamp
  3. Baseline-LT - Long-term qualified signature
  4. Baseline-LTA - Long-term archived qualified signature

I have published the library CryptoEx as a NuGET package.

The code of the library is publicly available at Github at: CryptoEx. There is also a documentation / HOW-TOs available as Wiki at Github.

XML Advanced Electronic Signatures in C# / .NET

There is mature (and not very much evolving) library provided by the .NET platform itself - System.Security.Cryptography.Xml, but in my personal experience there are few issues with it:

  1. Examples and documentation are messy - You may easily see from Microsoft's docs how to do basic sign / verify of an enveloped XML message, but you will be in trouble finding "official" docs and examples on some more advanced scenarios, like - detached signatures or signing additional Reference XML data.

  2. The basic library also lacks some algorithms that are part of the XML digital signature specification - namely the ones with EcDSA.

  3. There is specific knowledge, e.g. rules that come with XAdES. In the same time there are no available, easily accessible examples and documentation that cover implementing the additional XAdES requirements in .NET / C#.

Now this might be annoying flaws, but also they are to some extend either "natural" (the all possible implementations, ways to implement XML signing, is vast area, because of the "openness" of the specification) or easy to overcome. So, in the CryptoEx library I have extended the standard platform's capabilities to support the missing algorithms and have provided some implementations to show, as an example, how to sign Detached data and additional Reference XML elements.

You can check the code and some pages in the Wiki of the CryptoEx project.

You can freely use it as an example and further amend or extend the code to suit your particular needs as possible applications are vast.

JSON Advanced Electronic Signatures in C# / .NET

In this domain there are few open source libraries, but either their focus is JSON Web Tokens (that are private case of the broader JSON Web Signatures area) or they are limited in application for JAdES.

I haven't been able to find a library (for .NET / C#), that focus primary on the RFC 7515 (JSON Web Signatures) and that is easily extendable to be used with JAdES

Here, as with XMLs, there is specific knowledge, e.g. rules that come with the JAdES. In the same time there are no available, easily accessible examples and documentation that cover implementing the additional JAdES requirements in .NET / C#.

In the CryptoEx library you can find an implementation of the RFC 7515 (JSON Web Signatures) specification and practical implementation for the European Union's Advanced electronic signatures for JSON data specification (JAdES), that builds on top of RFC 7515 (JSON Web Signatures).

Please, check the code and the corresponding Wiki Pages.

Again, you are free and encouraged to use these as an example or to extend these to suit you purposes in a better way.