Re: Enveloped signature verification (with enveloped + C14N transform)

def abc Fri, 11 Feb 2005 00:37:34 -0800

Hi Raul (and all ;-)),

> Change this:
>
transforms.addTransform(Transforms.TRANSFORM_C14N_OMIT_COMMENTS);
> 
> for the exclusive c14n and it should work.


Unfortunately, my verification still fails !
I tried it with TRANSFORM_C14N_EXCL_OMIT_COMMENTS
and with TRANSFORM_C14N_EXCL_WITH_COMMENTS
and with TRANSFORM_C14N_WITH_COMMENTS
...

Another guess ? I really do not see the problem... but
maybe it's in how I verify the document ?

Regards,
Axelle.

> > Creating the enveloped signature:
> > XMLSignature signature;
> > 
> > signature = new XMLSignature(input,
> > inputURI.toString(),
> > XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
> > 
> > Transforms transforms = new Transforms(input);
> > 
> >
>
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
> > 
> >
>
transforms.addTransform(Transforms.TRANSFORM_C14N_OMIT_COMMENTS);
> > 
> > signature.addDocument("", transforms);
> > signature.sign(prvkey);
> > 
> > Element root = input.getDocumentElement();
> > root.appendChild(signature.getElement());
> > 
> > XMLUtils.outputDOM(input, output);
> > 
> > ========
> > Verification code:
> > FileInputStream fis = new
> > FileInputStream(outputURI.getPath());
> > Document doc = db.parse(fis);
> > fis.close();
> > 
> > NodeList dsNodeList =
> > doc.getElementsByTagName("ds:Signature");
> > if (dsNodeList.getLength() == 0)
> >         throw new IOException("No signature in
> file");
> > 
> > Element dsElement = (Element) dsNodeList.item(0);
> > 
> > XMLSignature signature = new
> XMLSignature(dsElement,
> > outputURI.toString());
> > return signature.checkSignatureValue(pubkey);
> > 
> > =============
> > XML file :
> > <policy xsi:schemaLocation="http://xxx /home/xxx">
> > <dsi_policy>
> >  ...
> > </dsi_policy>
> > <ds:Signature>
> > <ds:SignedInfo>
> > <ds:CanonicalizationMethod
> >
>
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> > <ds:SignatureMethod
> >
>
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> > <ds:Reference URI="">
> > <ds:Transforms>
> > <ds:Transform
> >
>
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> > <ds:Transform
> >
>
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> > </ds:Transforms>
> > <ds:DigestMethod
> >
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> >
>
<ds:DigestValue>7uZSWomZ8W6sa3GI+e/XCygny2I=</ds:DigestValue>
> > </ds:Reference>
> > </ds:SignedInfo>
> > <ds:SignatureValue>
> > BaUch43FSfEA4YFrFFp ....
> > </ds:SignatureValue>
> > </ds:Signature>
> > </policy>



        

        
                
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/

Re: Enveloped signature verification (with enveloped + C14N transform)

Reply via email to