Discuss this help topic in SecureBlackbox Forum
Validate CAdES signature
Validation of CAdES signature depends on the specific environment. The first and the foremost, you need to check the signature's validity, i.e., make sure it corresponds to the signed data. This confirms that the data hasn't been changed in transit, and that the signer produced the signature over exactly the same revision of data.
The next step, validation of the signer's trust, is the most complicated part in CAdES validation. This procedure ensures that it was actually the signer who made the signature, and that the signature was produced at the time it claims it was. Hence, the certificate chain of the signer's certificate should be validated and checked against revocation information (at the moment of signing). The latter may involve contacting third parties (CRL and OCSP services) to obtain certificate statuses at the requested time. Similar validations have to be performed for subordinate chains such as the timestamp service chains.
Higher level policies might set certain compliance requirements for all signatures operating within the environment such as compliance to a particular signature profile (e.g. CAdES-T). Those have to be checked on the final stage of CAdES validation.
To validate a CAdES signature with SecureBlackbox:
TElCMSSignature sig = cms.get_Signatures(0);
TElCAdESSignatureProcessor processor = new TElCAdESSignatureProcessor(sig);
processor.ValidationMoment = sig.SigningTime; // or, alternatively, sig.get_Timestamps(0).Info.Time;
TSBCAdESSignatureValidity validity = processor.Validate();
It will return one of the following values:
bool isT = processor.IsT();