[xmlsec] How to reference KeyInfo and add SignedProperties?

Thu, 06 Sep 2012 00:22:56 -0700 


Hi all,
I'm new to XMLSEC -and just giving up writing my own library (got lost in the canonicalization labyrinth)...- 


Is it possible to use the current XMLSEC API for producing XML 
signatures that comply with the ETSI specifications and the following:



1) have a Reference (in SignedInfo) to KeyInfo (KeyInfo obviously needs 
an Id="...");



2) add the Object for QualifyingProperties (example later) and a 
Reference to that too?


Thanks a lot for any suggestion / explanation!


This is an example of the aforementioned Object (target value is the Id 
of the Signature):


    <ds:Object>

      <xades:QualifyingProperties 
xmlns:xades="http://uri.etsi.org/01903/v1.3.2#"; Target="#sig">

        <xades:SignedProperties Id="sprop">
          <xades:SignedSignatureProperties>
<xades:SigningTime>2012-08-23T10:11:24+02:00</xades:SigningTime>
          </xades:SignedSignatureProperties>
        </xades:SignedProperties>
      </xades:QualifyingProperties>
    </ds:Object>

And this is how the whole should glue together:

<Envelope>

  <ds:Object xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; 
Encoding="UTF-8" Id="orig" MimeType="text/xml">blah blah blah...</ds:Object>

  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Id="sig">
    <ds:SignedInfo>

<!-- the Reference to the object, must be expressed this way... -->

      <ds:CanonicalizationMethod 
Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments";></ds:CanonicalizationMethod>
      <ds:SignatureMethod 
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";></ds:SignatureMethod>
      <ds:Reference Type="http://uri.etsi.org/01903#SignedProperties"; 
URI="#SignedProperties-Signer-T-1345709484789">
        <ds:DigestMethod 
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256";></ds:DigestMethod>

<ds:DigestValue>dRkQKf/Kqv/V8SZej/41+T6z4+4Pxus8wyPAFUaJM5E=</ds:DigestValue>
      </ds:Reference>

      <ds:Reference URI="#orig">blah blah blah...</ds:Reference>
      <ds:Reference URI="#crt">blah blah blah...</ds:Reference>

    </ds:SignedInfo>

    <ds:SignatureValue>blah blah blah...</ds:SignatureValue>


    <ds:KeyInfo Id="crt"><ds:X509Data><ds:X509Certificate>blah blah 
blah...</ds:X509Certificate></ds:X509Data></ds:KeyInfo>


    <ds:Object>(...as indicated above...)</ds:Object>

  </ds:Signature>
</Envelope>


_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec






















					Reply via email to