We use cookies to give you the best experience on our website. If you continue to browse, then you agree to our privacy policy and cookie policy.
Syncfusion has very useful function ValidateSignature() that is used in validation process which returns a powerful class with lots of properties such as revocationresult,ltvinfotmation, ValidationErrors...etc.
Is there another way that can be used in order to check the validity of certificate of Signer before starting the signing process such as checking certificate entire chain (not partial),revocation check...etc.?
Waiting for your reply... i hope there is a workaround or a plan to implement such functionality 😊
Thank you for contacting Syncfusion support,
We do not have direct support to validate the validity of the signer for all intermediate certificates and revocation status. However, you can use the X509Certificate2 class from the System.Security.Cryptography.X509Certificates namespace to verify the validity of the certificate.
Please note that this only works with trusted certificates. Therefore, please ensure that your certificate is a trusted certificate or install your untrusted certificate in the Trusted Root Certificate Authorities.
The Verify() method checks the certificate's validity against the certificate chain, revocation lists, and other factors. If the certificate is valid, it returns true; otherwise, it returns false.
You can also check the specific reason why the certificate is invalid by examining the X509ChainStatus property of the X509Chain object that is returned by the Verify() method.
|
// Load the certificate from a file X509Certificate2 cert = new X509Certificate2("your certicate path");
// Check the certificate's validity bool isValid = cert.Verify(); if (isValid) { Console.WriteLine("Certificate is valid!"); } else { Console.WriteLine("Certificate is invalid!"); }
// Create a new chain policy object X509ChainPolicy chainPolicy = new X509ChainPolicy { RevocationMode = X509RevocationMode.Online };
// Create a new chain object and build the chain X509Chain chain = new X509Chain(); chain.ChainPolicy = chainPolicy; bool chainIsValid = chain.Build(cert);
// Check the chain's validity if (chainIsValid) { Console.WriteLine("Certificate chain is valid!"); } else { foreach (X509ChainStatus status in chain.ChainStatus) { Console.WriteLine(status.StatusInformation); } Console.WriteLine("Certificate chain is invalid!"); } |
Thanks Irfana,
actually that is what i am using right now ... but unfortunately it has inconsistent behaviour while checking revocation as sometimes it gives false build with error revocation server unavailable on winforms and webforms
winforms works fine all the time , while webforms sometimes gives error ( revocation server unavailable ) while testing the two projects on same machine.
That's why i was checking if you have a workaround or
We don't have any other workaround solution to check the validity and revocation status of intermediate certificates. If you want to stop signing signatures due to issues with the revocation server of an intermediate certificate, we recommend trying our EnableLTV API. When all intermediate certificate CRL/OCSP is embedded, the API returns 'true'; otherwise, it returns 'false'. Additionally, we have shared a custom NuGet package in forum #180445 to address the EnableLTV problem. Please try it and let us know your feedback.
Yes i know and i am alredy using it with the x509 build ... i didn't have the chance to try the fix yet ... but the enable ltv will only help in ensuring ltv signature ... i need also the other checks like checking for expired certificates or revoked , entire chain elements exist,...etc
Can syncfusion provide a function for signing checks same as you do in validation ? In future releases
We don't have any plans for external validation requirements, such as checking the validity of intermediate certificates, the existence of all chains, and revocation status.
Thanks Irfana
Is syncfusion pdfvalidatesignature based on .net x509 verify() and chain build functions ?
|
Is syncfusion pdfvalidatesignature based on .net x509 verify() and chain build functions ? |
No, we are not using x509 verify() and chain build functions for signature validation. Instead, we have our own function to validate PDF signatures. |
Thanks
