Hello dear readers,
I would like to get an enlightment on a problem I have here, I am rather new
to the xml-security so I might have missed a simple point.
Here is the problem : I have a envelopped signature with an XML message, when
I temper with the content of the message, and verify it again, I don't get
any errors, which should not be the case. The modification are done this
way : output to a File stream the signed document mody it then pqrsing it
back and try to verify the signature. The certificate is correcly validated
but I don't get any errors telling me the hashs are different.
I tried to put in the Reference uri the message id (<ds:Reference URI="#id">)
but without any succes either.
Thank you very much for your time.
Akeru.
PS : Here is the message :
<message Id="id">
message content here
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="IB">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001
REC-xml-c14n-20010315">
</ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1";>
</ds:SignatureMethod>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/
xmldsig#enveloped-signature">
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";>
</ds:DigestMethod>
<ds:DigestValue>D1Dxy1CGON5SCt2rzm2NFvHfpu0=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue> Encrypted digest value </ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
Certificate here
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</message>
