P7S Signer User Manual - Digital Signature Software
Contents
1. P7S Signer exe c lnputFolder c OutputFolder c config client2 xml Page 13 P7S Signer User Manual version 7 0 http Awww signfiles com p7s signer Digitally Sign Files Using Windows PowerShell P7S Signer main functions are available on SignLib library available at this link http www signfiles com sdk SignatureLibrary Zip To digitally sign a file using Windows PowerShell simply download the library above and inspect Signature Library PowerShell Scripts folder The Windows PowerShell script will look below digitally sign a file file using a PFX certificate creted on the fly the format of the signed file will be CAdES the script can be configured to use an existing PFX file or a certificate loaded from Microsoft Store smart card certificate if Sargs Length eq 0 echo Usage signInCAdESFormat psl lt unsigned file gt lt signed file gt else SD11Path d SignLib dl1l System Reflection Assembly LoadFrom SD11Path create a PFX digital certificate Sgenerator new object typeName SignLib Certificates x509CertificateGenerator Serial number SpFXFilePassword tempP ssword Sgenerator Subject CN Your Certificate E useremail email com O Organzation Sgenerator Extensions AddKeyUsage SignLib Certificates CertificateKeyUsage DigitalSig nature Sgenerator Extensions AddEnhancedKeyUsage SignLib Certificates CertificateEnhancedKeyUs age DocumentSigning echo Create the2. inPFX on P12 files The certificates stored on Microsoft Store are available by opening nternet Explorer Tools menu nternet Options Content tab Certificates button see below To create digital signatures the certificates stored on Personal tab are used These certificates have a public and a private key The digital signature is created by using the private key of the certificate The private key can be stored on the file system imported PFX files on an cryptographic smart card like Aladdin e Token or SafeNet iKey or on a HSM Hardware Security Module Certificates Intended purpose lt All gt Personal Other People Intermediate Certification Authorities Trusted Root Certification Issued To Issued By Expiratio Friendly Name a lUser Test Secure Soft Private CA 6 18 2011 User Test Signing certificates available on Microsoft Store Another way to store a digital certificate is a PFX or P12 file This file contain the public and the private key of the certificate This file is protected by a password in order to keep safe the key pair Note that a PFX file can be imported on Microsoft Store just open the PFX file and follow the wizard To obtain a free digital certificate in PFX format follow this link https ca signfiles com userEnroll aspx Page 4 P7S Signer User M
3. Digtal srt hash sgn SHAE vV Time stamp document Time Stamping Settings Page 12 P7S Signer User Manual version 7 0 http Awww signfiles com p7s signer Batch Signatures Automatically Made Without User Intervention By default P7S Signer is installed on this location C Program Files Secure Soft P7S Signer P7S Signer exe The command line parameters are P7S Signer exe lt source file folder gt lt destination file folder gt lt XML configuration file gt To automatically sign a file use the following command c Program Files Secure Soft P7S Signer gt P7S Signer exe c TestFile txt c TestFile txt p7s To automatically sign a folder that contains files use the following command c Program Files Secure Soft P7S Signer gt P7S Signer exe c InputFolder c OutoputFolder Custom Configuration In some cases you will need a different signature configuration e g different signature appearance and digital certificates for different files folders To save a specific configuration go to File Save Configuration As and save the configuration on a file Later you can use that file in batch mode to apply different signature configuration on your signed file Open Ctrl O0 Apply Digital Signature Save Configuration Ctri 5 Load Configuration Exit Destination Restore Defaults To automatically sign a folder that contains files using a custom configuration use the following command
4. Curent User v C Show expired certifica j v Show _ Smat Card PIN Bypassing the Smart Card PIN Attention This feature will NOT work for all available smart card USB tokens because of the drivers or other security measures Use this property carefully Page 9 P7S Signer User Manual version 7 0 http www signfiles com p7s signer Time Stamping Time Stamp a Digital Signature Timestamping is an important mechanism for the long term preservation of digital signatures time sealing of data objects to prove when they were received protecting copyright and intellectual property and for the provision of notarization services To add time stamping information to the digital signature you will need access to a RFC 3161 time stamping server A fully functional version of our TSA Authority is available for testing purposes at this link http ca signfiles com TSAServer aspx no credentials are needed The Time Stamping options can be configured on the Time Stamping section Time Stamp Server URL http casigntiles com TSAServer aspx Time Stamp Server requires authentication I lg ppm F am _ Time Stamp Server Policy Use NONCE Hash algorithm used for request SHA256 Nonce and Policy The Nonce if included allows the client to verify the timeliness of the response when no local clock is available The nonce is a large random num
5. com p7s signer Digital Signature Options Using SHA256 SHA512 Hash Algorithms The default hash algorithm used by the product is SHA1 but in some cases SHA256 or 512 must be used for the digital signature Attention SHA 256 and SHA 512 hash algorithms are not supported by Windows XP Note that some smart cards and USB tokens not support SHA 256 and SHA 512 hash algorithms Curent certificate was issued to Secure Soft 5 F L Valid until 5 28 2016 Certificate Service Provider Microsoft Enhanced Cryptographic Provider v1 0 Location Microsoft Store Digtal sonar hash algoritm SHAZEG wv Version 7 0 Set the Hash Algorithm Page 8 P7S Signer User Manual version 7 0 http www signfiles com p7s signer Bypassing the Smart Card PIN In case the digital signature must be made without user intervention and the certificate is stored on a smart card or USB token the PIN dialog might be automatically bypassed for some models Enter the Token Password Token Name My Token PIN dialog can be bypassed In order to bypass the PIN dialog window the Smart Card PIN checkbox must be checked and the right PIN to be entered DigitalCertificate SmartCardPin propery must be set This option bypass the PIN dialog and the file is automatically signed without any user intervention Windows Certificate Store Certificates Available on Microsoft Store Certificate Store
6. P7S Signer User Manual Introduction The main function of P7S Signer is to sign any kind of documents using X 509 digital certificates Using this product you can quickly sign multiple files bulk sign by selecting input and output directory This is ideal for bulk signing of a large number of corporate documents rather than signing each one individually Links P7S Signer main page http www signfiles com p s signer Download P7S Signer Free 30 Day Trial http www signfiles com apps P 7SSigner msi Warning and Disclaimer Every effort has been made to make this manual as complete and accurate as possible but no warranty or fitness is implied The information provided is on an as is basis The author shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this manual Trademarks NET Visual Studio NET are trademarks of Microsoft Inc All other trademarks are the property of their respective owners Page 1 P7S Signer User Manual version 7 0 http www signfiles com p7s signer Product NS Cal ACEO acatsee esac cesses ccisniesewiene pecs at oncetenunee sesmensie NANA AENA KNA EE 3 Digal CCU CTC AUS 5 E E E E eee 4 Digital Certificate LOCA O Discs cacecewsenvanssiiviesaiciesadannisumsiudianctsuawAcanaldsuuxddecsluisiediaiibla aaa aaaea iraa Raa EEA E ai 4 Certificates Stored on Smart Cards or USB TOKENS ccccceccecee
7. We recommend to install the product using an Administrator account After the setup file is verified the operating system might request your permission to install this program Windows protected your PC Windows SmartScreen prevented an unrecognized app from starting Running this app might put your PC at risk Click More info and next click Run anyway Read the Eula and if you want to continue select Agree and click Next button until the setup is finished License Agreement Please take a moment to read the license agreement now If you accept the terme below click Agree then Next Othenwise click Cancel PTS Signer End User License Agreement EULA Important Read the following terms carefully before installing copying and or using the product Installing copying or using the product indicates your acceptance of these terms as well the terms in the contract between Client and Secure Sof This End User License Agreement EULA is a legal agreement between Client and Secure Soft governing the use of the software SOFTWARE arromnanvinn this FILA including anv and all accnriated media nrinted CDI Do Not Agree Cancel Page 3 P7S Signer User Manual version 7 0 http www signfiles com p7s signer Digital Certificates Digital Certificate Location To use P7S Signer software a digital certificate is needed The digital certificates are stored in two places in Microsoft Store
8. anual version 7 0 http www signfiles com p7s signer Certificates Stored on Smart Cards or USB Tokens If your certificate is stored on a smart card or USB token like Aladdin eToken the certificate must appear on Microsoft Certifictae Store in order to be used by the library If the certificate not appears on Microsoft Store you must ask your vendor about how to import the certificate on the MS Store Usulally the smart card driver or the middleware atutomatically install the certificate on Microsoft Certificate Store You should also look at the middleware options like below m P Private Key RSA 1024 4 459 Ip bdb79bed db 11 4f55 a07e 3ca06da4c759 Container a key Exchange Certificate e k3 20148 new Fh Public Key RSA2048 boosts 4 Private Key RS42048 Refresh View Registration Logout Export Certificate Unregistration Adding the certificate on Microsoft Certificate Store Password Quality Advanced Copy User certificates to a local store thentcation Ghent Tools Copy CA certificates to a local store Ens Enable single logon My Token Allow password quality configuration on token after initialization as or a Allow only an administrator to configure password quality on token Adding the certificate on Microsoft Certificate Store Page 5 P7S Signer User Manual version 7 0 http www signfiles com p7s signer Select the Digital Certificate for Creating Signatures To digitally
9. ber with a high probability that the client generates it only once e g a 64 bit integer Some TSA servers require to set a Time Stamp Server Policy on the Time Stamp Requests By default no Time Stamp Server Policy is included on the TSA request Page 10 P7S Signer User Manual version 7 0 http Awww signfiles com p7s signer Product Registration To register the product you will need a serial number It can be purchased online directly form the product mail page After you will obtain your serial number open P7S Signer and click Register Now button File Tools Time stamp document Time Stamping Settings F you encounter any problems to register the http wwew signtiles com contact Click Register button Page 11 P7S Signer User Manual version 7 0 http www signfiles com p7s signer If the serial number is correct the product will be sucesfully registered P75 Signer Expires in 30 days E _ 5 oe bee Registration x ign Enter the received license code tficate Create Certificat ssued to Secure Soft 5 R L V P75 Signer was registered succesfully ature file format CMS Thank you anit Time Stamping Settings yoga Sane Es Versio Select the Digital Certificate Create Certificate Curent certificate was issued to Secure Soft 5 R L Valid until 5 26 2016 Cerificate Service Provider Microsoft Enhanced Cryptographic Provider v1 0 Location Microsoft Store
10. certificate Scertificate S generator GenerateCertificate SpFXFilePassword digitally sign the file in CAdES format Ssign new object typeName SignLib Cades CadesSignature serial number Ssign DigitalSignatureCertificate SignLib Certificates DigitalCertificate LoadCertificate Scertificate SpFXFilePassword echo Perform the digital signature System 10 File WriteAllBytes Sargs 1 S sign ApplyDigitalSignature Sargs 0 How to run the Windows PowerShell script from command line powershell executionPolicy bypass file d signinCAdESFormat ps71 d test txt d test txt p 7S Page 14 P7S Signer User Manual version 7 0 http Awww signfiles com p7s signer Digitally Sign Files Using C or VB NET P7S Signer main functions are available on SignLib library available at this link http www signfiles com sdk SignatureLibrary Zip To digitally sign a file using C or VB NET download the library above and inspect Signature Library VS2008 Projects folder The C will look like below CadesSignature cs new CadesSignature serialNumber Digital signature certificate can be loaded from various sources Load the signature certificate from a PFX or P12 file cs DigitalSignatureCertificate DigitalCertificate LoadCertificate Environment CurrentDirectory cert pfx ViZogo0 3 Load the certificate from Microsoft Store The smart card or USB token certificates are usually available on Microso
11. eeeseeeeeeeeeeeeeeeeseeeeeseeeeseeeeeseeseeeeeeeeeeneeseeeaeees 5 Select the Digital Certificate for Creating SIQN tUIeS cccccccccccseeeeeeeeeeeaeeeeeeeeeeseeeeesaeeeeseeeeesaeeeeaseeeeeseeeaeees 6 Create a Digital COriniCate ss ics iaiccccsewcnolusenewsiersuatisunbicuasieresuwescuasuusnticwnddsieadamaedtvvnneed QidbiadmunduaddewseiiwausesedumesesGaaduauss 7 Digital IN AU UEC ONS Scrat ewe te enee ee sese cc teee ch seeeec ase seaceuescautesteaneota 8 Using SHAZ56 SHA512 Hash AIGOMM Serene 2acincetaidecnsscetasdeesttencasndpianeeeddanacebewetee saedenediaceecteantewnaiveedddaxcedatadcDd 8 Bypassing the Smart Card PUN ivscicicirisasvassaiaacscebebienadotens nndiaawnnliaazasuncedatensdieded aahacteacders beviesiddeshencuaduneuiucecesnes 9 HME SCANNING oa ce seen tence sence cn E eecceceecceeeeetacetacececeese 10 Time Stamp a Digital Signature ssassn E E EROE aa 10 Nonce Na FONG Vores nae E E E E E 10 Product Registrato Nissin EEE AEE EE 11 Batch Signatures Automatically Made Without User Intervention cceeeeeeeees 13 CUS FONT 6S ONO U AU OM oes tess sess ects a o S E EE 13 Digitally Sign Files Using Windows PowerShell cccccccssseecsseeeeseeceeeeeeneeeeeeseeneseneesees 14 Digitally Sign Files Using C or VB NET ccccccssccceeeeesseeceneeeeneesensoneseesceesesenesensonesaeees 15 Page 2 P7S Signer User Manual version 7 0 http www signfiles com p7s signer Product Installation
12. ft Certificate Store start run certmgr msc T the smart card certificate not appears on Microsoft Certificate Store it cannot be used by the library cos DigitalSignatureCertificate DigitalCertificate LoadCertificate false string Empty Select Certificate Select the certificate for digital signature The smart card PIN dialog can be bypassed for some smart cards USB Tokens ATTENTION This feature will NOT work for all available smart card USB Tokens becauase of the drivers or other security measures Use this property carefully DigitalCertificate SmartCardPin 123456 optionally the signature can be timestamped cs TimeStamping ServerUrl new Uri http ca signfiles com TSAServer aspx write the signed file usually the signed CAdES file should be saved with p7s or p7m extension File WriteAllBytes signedDocument cs ApplyDigitalSignature unsignedDocument Console WriteLine The CAdES signature was created Environment NewLine Page 15 P7S Signer User Manual version 7 0 http Awww signfiles com p7s signer
13. sign a document a digital certificate must be selected from Digital Certificates section The digital certificate used to create the digital signature can be stored on Microsoft Store or a PFX file Select the digital certificate used for digital signature Smart Card PIN PFX digital certificate file PFX Certificate File PF file password Certificate Information Issued to Secure Soft 5 R L Issued by thawte SHAZ56 Code Signing CA Valid until 5 28 2016 Certificate Service Provider Microsoft Enhanced Cryptographic Provider v1 0 Select the digital certificate Page 6 P7S Signer User Manual version 7 0 http www signfiles com p7s signer Create a Digital Certificate If no certificates are available on the computer a new certificate can be created from Create a Digital Certificate section This certificate can be set as the default digital certificate used for creating signatures Where would you like to save your self signed digital certificate On Microsoft Certificate Store Ona password protected PACSH12 PFX file Issued to e g Elaine Smith User Certificate Organization Name O Organization Title T Organizational Unit OU E mail address E user organization com Country C EU RSA Key Algorithm bits Signature Algonthm SHATWHhRSA Set as cument digital certificate Create a digital certificate Page 7 P7S Signer User Manual version 7 0 http www signfiles
Download Pdf Manuals
Related Search