RE: Verify signature: bad for enveloped, ok for enveloping and detached.

Wed, 02 Feb 2005 07:25:08 -0800 

 --- Jesse Pelton <[EMAIL PROTECTED]> a écrit : 
> You need to include the enveloped signature
> transformation specifically.  This serves to remove
> the signature element from the document before
> signing and verification.  This is required because
> the signature element changes during signing; if the
> original signature element were part of the signed
> content, the final signature would be invalid,
> because part of the signed content (the signature)
> would be different.  See
>
http://www.w3.org/TR/xmldsig-core/#sec-EnvelopedSignature
> and
> http://www.w3.org/TR/xmldsig-core/#sec-Transforms.

Yep. You're right. 
The transform is within the Reference element, isn't
it ? And I get a different signature value, because
now the Transform element gets signed too, right ?

I've added the transform, but my signature still does
not validate...

I now have: 

<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
 <ds:Reference 
URI="file:/G:/prog/xml-security-1_2_0/misc.xml">
   <ds:Transforms>
     <ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
   </ds:Transforms>
   <ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>7uZSWomZ8W6sa3GI+e/XCygny2I=</ds:DigestValue>
 </ds:Reference>
</ds:SignedInfo>

******************
This is how I sign it:
XMLSignature signature;
                
signature = new XMLSignature(input,
inputURI.toString(),
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
                
Transforms transforms = new Transforms(input);
       
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
        
signature.addDocument(inputURI.toString(),
transforms);
signature.sign(prvkey);

**************
This is how I verify it:
NodeList dsNodeList =
doc.getElementsByTagName("ds:Signature");
if (dsNodeList.getLength() == 0)
        throw new IOException("No signature in file");
                
Element dsElement = (Element) dsNodeList.item(0);
                                
XMLSignature signature = new XMLSignature(dsElement,
outputURI.toString());
return signature.checkSignatureValue(pubkey);

-- Axelle.




        

        
                
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/

Reply via email to