Hi,
I am facing an issue trying to sign an xml document which makes
reference to an external file.
xmlsec1 gives me a digest for the URI=#Manifest which is not verified by
tool like Apache XML Security.
I am pretty sure there is something missing in the XML document I give
to xmlsec but can't figure what.
I sign the document named acmt.007.001.02_1.skel.1sign.object2.xml.
The command I use is : xmlsec1 -- sign --output fpl.xml --privkey <key>
acmt.007.001.02_1.skel.1sign.object2.xml
The output document is fpl.xml
The digest which is not the same as the one computed by Apache XML
Security is 2jmj7l5rSw0yVb/vlWAYkK/YBwk=
Apache Security is expecting M3eHHYZ3d//5HW/Gp583TrV/K4I=
I found that the expecting digest match the manifest3.xml file enclosed
(I built it manually).
So it seems xmlsec is not creating the same manifest part.
Do you have any idea what can be wrong in my
acmt.007.001.02_1.skel.1sign.object2.xml file ? Do I need to add a
transform ?
Thanks for your help.
Francois
<?xml version = "1.0" encoding = "UTF-8"?>
<Document xmlns = "urn:iso:std:iso:20022:tech:xsd:acmt.007.001.02" >
<AcctOpngReq>
<Refs>
<MsgId>
<Id>ABC/090928/CCT001</Id>
<CreDtTm>2010-09-28T14:07:00</CreDtTm>
</MsgId>
<PrcId>
<Id>ABC/090928/CCT001</Id>
<CreDtTm>2010-09-28T14:07:00</CreDtTm>
</PrcId>
</Refs>
<Acct>
<Id>
<Othr>
<Id>NOREF2</Id>
</Othr>
</Id>
<Tp>
<Cd>CASH</Cd>
</Tp>
<Ccy>USD</Ccy>
<MnthlyRcvdVal>200000</MnthlyRcvdVal>
<MnthlyTxNb>100</MnthlyTxNb>
<AvrgBal>10000</AvrgBal>
</Acct>
<CtrctDts>
<TrgtGoLiveDt>2010-10-02</TrgtGoLiveDt>
</CtrctDts>
<UndrlygMstrAgrmt>
<Ref>ABC/Acct/BBBBUS33</Ref>
<Vrsn>1.0</Vrsn>
</UndrlygMstrAgrmt>
<AcctSvcrId>
<FinInstnId>
<BICFI>BBBBUS33</BICFI>
</FinInstnId>
</AcctSvcrId>
<Org>
<FullLglNm>ABC Corporation</FullLglNm>
<CtryOfOpr>US</CtryOfOpr>
<RegnDt>1999-09-01</RegnDt>
<LglAdr>
<StrtNm>Times Square</StrtNm>
<BldgNb>7</BldgNb>
<PstCd>NY 10036</PstCd>
<TwnNm>New York</TwnNm>
<Ctry>US</Ctry>
</LglAdr>
<OrgId>
<Othr>
<Id>01256485-85</Id>
<SchmeNm>
<Prtry>TAX</Prtry>
</SchmeNm>
</Othr>
</OrgId>
<MainMndtHldr>
<Nm>Richard Jones</Nm>
<PstlAdr>
<AdrTp>HOME</AdrTp>
<StrtNm>La Guardia Drive</StrtNm>
<BldgNb>12</BldgNb>
<PstCd>NJ 07054</PstCd>
<TwnNm>Parsippany</TwnNm>
<Ctry>US</Ctry>
</PstlAdr>
<Id>
<DtAndPlcOfBirth>
<BirthDt>1960-05-01</BirthDt>
<CityOfBirth>New york</CityOfBirth>
<CtryOfBirth>US</CtryOfBirth>
</DtAndPlcOfBirth>
</Id>
</MainMndtHldr>
</Org>
<DgtlSgntr>
<Pty>
<Nm>fplou</Nm>
</Pty>
<Sgntr>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Manifest">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue />
<KeyInfo>
<KeyValue />
</KeyInfo>
<Object>
<Manifest Id="Manifest">
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue></DigestValue>
</Reference>
<Reference URI="sign.sh">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue></DigestValue>
</Reference>
</Manifest>
</Object>
</Signature>
</Sgntr>
</DgtlSgntr>
</AcctOpngReq>
</Document>
<?xml version="1.0" encoding="UTF-8"?>
<Document xmlns="urn:iso:std:iso:20022:tech:xsd:acmt.007.001.02">
<AcctOpngReq>
<Refs>
<MsgId>
<Id>ABC/090928/CCT001</Id>
<CreDtTm>2010-09-28T14:07:00</CreDtTm>
</MsgId>
<PrcId>
<Id>ABC/090928/CCT001</Id>
<CreDtTm>2010-09-28T14:07:00</CreDtTm>
</PrcId>
</Refs>
<Acct>
<Id>
<Othr>
<Id>NOREF2</Id>
</Othr>
</Id>
<Tp>
<Cd>CASH</Cd>
</Tp>
<Ccy>USD</Ccy>
<MnthlyRcvdVal>200000</MnthlyRcvdVal>
<MnthlyTxNb>100</MnthlyTxNb>
<AvrgBal>10000</AvrgBal>
</Acct>
<CtrctDts>
<TrgtGoLiveDt>2010-10-02</TrgtGoLiveDt>
</CtrctDts>
<UndrlygMstrAgrmt>
<Ref>ABC/Acct/BBBBUS33</Ref>
<Vrsn>1.0</Vrsn>
</UndrlygMstrAgrmt>
<AcctSvcrId>
<FinInstnId>
<BICFI>BBBBUS33</BICFI>
</FinInstnId>
</AcctSvcrId>
<Org>
<FullLglNm>ABC Corporation</FullLglNm>
<CtryOfOpr>US</CtryOfOpr>
<RegnDt>1999-09-01</RegnDt>
<LglAdr>
<StrtNm>Times Square</StrtNm>
<BldgNb>7</BldgNb>
<PstCd>NY 10036</PstCd>
<TwnNm>New York</TwnNm>
<Ctry>US</Ctry>
</LglAdr>
<OrgId>
<Othr>
<Id>01256485-85</Id>
<SchmeNm>
<Prtry>TAX</Prtry>
</SchmeNm>
</Othr>
</OrgId>
<MainMndtHldr>
<Nm>Richard Jones</Nm>
<PstlAdr>
<AdrTp>HOME</AdrTp>
<StrtNm>La Guardia Drive</StrtNm>
<BldgNb>12</BldgNb>
<PstCd>NJ 07054</PstCd>
<TwnNm>Parsippany</TwnNm>
<Ctry>US</Ctry>
</PstlAdr>
<Id>
<DtAndPlcOfBirth>
<BirthDt>1960-05-01</BirthDt>
<CityOfBirth>New york</CityOfBirth>
<CtryOfBirth>US</CtryOfBirth>
</DtAndPlcOfBirth>
</Id>
</MainMndtHldr>
</Org>
<DgtlSgntr>
<Pty>
<Nm>fplou</Nm>
</Pty>
<Sgntr>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Manifest">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>2jmj7l5rSw0yVb/vlWAYkK/YBwk=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>oniX6GCuto3mLkTC28tH49MMp1zC/ofccv3ry6SZG5mnhJrTDch3OQArnCBGp+XF
2JV3dOqLyROngdoIc/KiLorKkzNKoLr4rr9+U4krQChJyjvtlDMJUtGVvjewSxBI
UIezmxhL4KeE+7q5jVqtl5f4peiCnyKC2wEKUoMjdxzZueyAl96GK62FxDiHeJTn
h6+Y4STkaeLCsFksuLonmw+zCo5rDnq/M/umrSi3m5IqJTTL7X65oKQrS/qrkgzd
8DDq7wfzWpe/2F/XBel+/L5mGpEi1lANAlmcoUiazLC8xSp2Zu26qTkN6Jp0plnX
uD2ZSS1bWu236lKh1elKWw==</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>
6YkxawwM+ydRECsRK+t1ONIAI6ZHz1zZyohEdtqYso/2a5/nDTst4MKT4mFYr3Gp
BlOgfSYxC0pUXWC3iSAIAbvcjNSQMSgeiAiJL4pbzX/5uYyBIXFHNdSuOQVyoSJB
jDaPx19UyMqmZaLn5Flj7YVmpUyPAR1V4DHSmHGC4gDSqUHEphVHU/lnjnB+KEGm
W03J6OzVjJi7bK/EmZjliOHZhgsNY1FmYesZsbI1GI/RsuBBA3NxvcAC0kXBUJ4n
qHW7y7Ww8Yv77sFP/2g5s/fqW7HrnUnVh/xf3bs2a6EuriY4BI9M8YEmF0EGpbth
ycR4QLM0jQPdGBEamqitFQ==
</Modulus>
<Exponent>
AQAB
</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
<Object>
<Manifest Id="Manifest">
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>vSK1aioRUa7Gz2jLpN9LFqFeXSI=</DigestValue>
</Reference>
<Reference URI="sign.sh">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>4JgfakTfEbqzVpb+lP8vAWsD0u8=</DigestValue>
</Reference>
</Manifest>
</Object>
</Signature>
</Sgntr>
</DgtlSgntr>
</AcctOpngReq>
</Document>
<Manifest xmlns="http://www.w3.org/2000/09/xmldsig#"; Id="Manifest">
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></DigestMethod>
<DigestValue>vSK1aioRUa7Gz2jLpN9LFqFeXSI=</DigestValue>
</Reference>
<Reference URI="sign.sh">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></DigestMethod>
<DigestValue>4JgfakTfEbqzVpb+lP8vAWsD0u8=</DigestValue>
</Reference>
</Manifest>
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
