XPath Filter 2.0 Support? (XML Digital Signatures)

Hello all,

I am working with Adobe LiveCycle Designer 8.1 to create forms that the user
will sign with their X.509 Certificate and submit electronically to a
generic .NET HTTP handler (ASHX). I have done some work in both creating and
verifying digital signatures, but I have run into an issue that I'm hoping
someone else has seen. Adobe's XML Digital Signatures seem to use the
XML-Signature XPath Filter 2.0
(http://www.w3.org/TR/2002/PR-xmldsig-filter2-20020827/Overview.html), but
there doesn't seem to be a corresponding .NET Framework class to support
this transform, and the SignedXml.LoadXml() call fails when I try to specify
an XML element containing a Transform with the Algorithm ID
"http://www.w3.org/2002/06/xmldsig-filter2";.

Does anyone know where I can get a class that will support this
transformation, such that I can check Adobe-generated XML Digital
Signatures? It's also fine if someone knows a way to instruct Adobe not to
use this Transform when creating the Signature. Least desirable but also a
last-resort option is for someone to provide guidance on "rolling my own"
such Transform.

TIA,

Tim

Here's what I'm getting:

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"; Id="datasignature_1">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#iddb88862c-6627-11dc-8d00-000c6e541685"
Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties";>
<Transforms>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>CP/cXdv2OcTnq7bKaWOgOSR9N8g=</DigestValue>
</Reference>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2";>
<XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2";
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";
Filter="intersect">here()/ancestor::dsig:Signature[1]/../../form1[1]//. |
here()/ancestor::dsig:Signature[1]/../../form1[1]//@* |
here()/ancestor::dsig:Signature[1]/../../form1[1]//namespace::*</XPath>
</Transform>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>IIiJsLFvk2HvWO+roUQwC0P/ODw=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
..
..
..




.

Relevant Pages

  • Support for XPath Filter 2.0 Transform? (Xml Digital Signatures)
    ... I am working with Adobe LiveCycle Designer 8.1 to create forms that the user ... verifying digital signatures, but I have run into an issue that I'm hoping ... Adobe's XML Digital Signatures seem to use the ... an XML element containing a Transform with the Algorithm ID ...
    (microsoft.public.dotnet.security)
  • Signing messages
    ... message signatures are described in Signature\SignedInfo element. ... The receiver uses the canonicalization and digest methods to calculate reference digest. ... Why do you need to have DigestValue in the envelope when the receiver can calculate it by himself using the canonicalization and digest methods? ... What is the difference between Canonicalization and Transform algorithm? ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: XPath Filter 2.0 Support? (XML Digital Signatures)
    ... digitized signature capture using a SignatureGem LCD 1x5 signature pad ... verifying digital signatures, but I have run into an issue that I'm hoping ... an XML element containing a Transform with the Algorithm ID ... <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> ...
    (microsoft.public.dotnet.framework.aspnet.security)