Unable to verify digital signature between Microsoft Cryptography and OpenSSL

Mon, 10 Sep 2007 10:10:06 -0700 

I am working on a project where I need to verify the signature of a
SAML 1.1 POST response using OpenSSL on Linux in PHP.  I have followed
the XML Signature Spec to a 't' and everything works until the very
last test which is to validate the signature of SignatureInfo against
the SignatureValue.

Here are my steps:

1. Get the SignatureValue and base64 decode  ($signValue)
2. Load the public key of the signer using their modulus/exponent
values ($pubKey)
3. Canonicalize the the SignatureInfo element of the request
($conSignInfo)
4. Verify the signature
          $ok = openssl_verify($conSignInfo, $signValue, $pubKey)

At this point I am grasping at straws and wondering if anybody is
aware of any discrepancies between the Microsoft
System.Security.Cryptography System.Security.Cryptography XML
Signature classes from the steps I identified above or in how
Microsoft computes the SignatureValue.

What I can think of being the problem includes but limited to:

a) RSA signature calculations different between Microsoft and OpenSSL
b) Canonicalization discrepancies between the two IdP and client app

Below is the code used to Sign the Digital Assertion.

Any thoughts or suggestions would be graciously appreciated.

Thanks,

John

pbwebguy  AT  gmail  D0T com


    Friend Function SignAssertion(ByVal assertion As XmlDocument,
ByVal signingKey As Crypto.RSA) As XmlDocument
        Dim sgnAssertion As Crypto.Xml.SignedXml

        Dim AssertionRef As Crypto.Xml.Reference

        'Generate Digitial Signature
        Try
            sgnAssertion = New Crypto.Xml.SignedXml(assertion)
            sgnAssertion.SigningKey = signingKey

            'Grab Reference to Root of the XML Document
            'and base the signature upon the entire document

            'Empty Sting tells the reference to use the root of the
entire document
            AssertionRef = New Crypto.Xml.Reference(String.Empty)
            AssertionRef.AddTransform(New
Crypto.Xml.XmlDsigEnvelopedSignatureTransform)
            sgnAssertion.AddReference(AssertionRef)
            sgnAssertion.ComputeSignature()
            'Add the calculated signature back into the document
 
assertion.DocumentElement.AppendChild(sgnAssertion.GetXml())
        Catch ex As Exception
            Throw New
Exception(ERR_UNABLE_TO_GENERATE_SIGNED_ASSERTION, ex)
        End Try
        Return (assertion)
    End Function

_______________________________________________
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to