Hello everyone,
I have to develop a program which signs xml files like xmlsec.
Unfortunately I can't use it in my working context.
My program is almost working but I'm still experiencing a problem which
I hope you can help me to solve.
I actually can't get the same hash value than xmlsec for the
<signedInfo> block. Everything instead of that seems to be ok.
Here is the final signed file I get with xmlsec :
<?xml version="1.0"?>
<ELOGBOOK>
<LASTNAME>ADM</LASTNAME>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo><ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference
URI=""><ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>J8fCJ85jpSs/YUSouyMIxwg6TxE=</ds:DigestValue></ds:Reference></ds:SignedInfo>
<ds:SignatureValue>WG0JXYTU0gB79tHkMUBlIiH1oGjMLuvWypY5LTJ72xyKtUt40Pv68vsvYZPL9+rZwjLMo/2NQoFMx/0xQLz4Cg==</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>tLzRCnoRfyzMDfgmTj+ve/goIlstlbhhWZLjCoTn4R3dIP5gcIM/+kldrYxR+0V5g6NMKwj+ftfErKSbW1/79w==</ds:Modulus>
<ds:Exponent>EQ==</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature></ELOGBOOK>
As I don't get the same signatureValue than xmlsec (I used the same key
of course) I tried to find out where the problem was coming from.
Using the public key I got the following "padded ASN.1 with prefix" value :
01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003021300906052B0E03021A0500041473CE2A0596699B230D78ABE4A21149A557D42936
which gives me 73CE2A0596699B230D78ABE4A21149A557D42936 ( or
c84qBZZpmyMNeKvkohFJpVfUKTY= in MIME64) as <signedInfo> hash value.
With my program I have the following <signedInfo> block :
<SignedInfo><CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></CanonicalizationMethod><SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></SignatureMethod><Reference
URI=""><Transforms><Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></Transform><Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></Transform></Transforms><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></DigestMethod><DigestValue>J8fCJ85jpSs/YUSouyMIxwg6TxE=</DigestValue></Reference></SignedInfo>
(everything on the same line)
which gives me CF0BA03D8B20618BBC22D681E589DC7B22983B02 (or
zwugPYsgYYu8ItaB5YnceyKYOwI= ) for its hash value.
It seems the problem comes from my <SignedInfo> block that is maybe not
properly c14nized .... I tried many variants of this block (with
namespace ds:, without c14n, etc....) but nothing gave me the "right"
hash value.
I've spent many days on that problem but didn't manage to solve it :(
Can anyone explain me why we can't get the same hash for that block and
how to get the correct hash value ? Thanks a lot in advance.
Antoine.
--
Antoine GIRARD
Systèmes d'Information
ANYWARE TECHNOLOGIES
Tél. : +33 (0)5 61 00 73 42
Fax : +33 (0)5 61 00 51 46
www.anyware-tech.com
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
