Re: Xmldsig Countersignature DigestValue

On Mar 22, 2:32 pm, "Iguana" <szewcz...@xxxxxxxxxxxxxxx> wrote:
Hi!
How can i calculate DigestValue for Reference to signature ( ...
uri="#signatureId" ...)?
I try this code:

xmlElement - signature from xml file;
SignedXml signature = new SignedXml();
signature.LoadXml((XmlElement)xmlElement);
Transform t = new
System.Security.Cryptography.Xml.XmlDsigC14NTransform();
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml(signature.GetXml().OuterXml);
System.IO.Stream s = null;
t.LoadInput(doc);
SHA1 sha1 = SHA1.Create();
byte[] digestValue = t.GetDigestedOutput(sha1);
MessageBox.Show(Convert.ToBase64String(digestValue));

Calculated digestValue is not the same, which is in reference
digestValue in countersignature after signing.
Can anyone help me calculate this digestValue?
Iguana

Hi,
are you verifying signature created with .Net or with some other
framework?
the reason I'm asking is that .Net XmlDsigC14NTransform class is not
conformant.
If signature was created with .Net (same version), then you should not
have any problems, however
if this is other thirdparty library that creates signature, then you
may have problems.
According to spec. all whitespaces, significant or not, must be
preserved during serialization.
All open source or Java implementations of XML signatures follows this
rule and preserve all witespaces.
However .Net XmlDsigC14Transform never preservers insignificant
whitespaces, because no Microsoft
XML API reports insignificant whitespaces to the XML processors.
It is easy to check if you are experiencing this problem. Check if
input contains insignificant
whitespaces, and if it does, then it probably it.

-Valery.

.

Relevant Pages

  • Re: How to verify CA for a X.509 certificate
    ... There has been a lot of work done around X509 for the 2.0 release of the framework. ... Both XML Encryption and XML Digital Signatures have ... >>> The article DOES check if the public key is in the store, ... >>> to use it to explicitly verify the signature on the cert. ...
    (microsoft.public.dotnet.security)
  • Re: Digitally signing XML files
    ... PrivateKey privateKey, boolean debug) throws WSSecurityException ... //Add SecurityHelper.class header to the SOAP message if it does ... Append the signature element to proper location before signing ... // SOAP XML document, the SOAP body is referenced as a URI ...
    (comp.lang.java.programmer)
  • XMLDSig and DigestValue: WHAT IS THE BYTE SEQUENCE HASHED?
    ... I have NO problems with using XML detached signature, ... If I use the identical code to that listing, I get a different <DigestValue> ... XmlDsigC14NTransform transformer = new XmlDsigC14NTransform; ...
    (microsoft.public.dotnet.security)
  • XmlDSig trouble
    ... I'll start with a xml snippet of a signature: ... a customer wants to sign xml that is to be validated ... The problem is related to the first reference in the SignedInfo with ... Transform it with Enveloped Signature ...
    (microsoft.public.dotnet.security)
  • Re: Digitally signing XML files
    ... There is, W3C has a specification for XML Signatures, see ... You put in a new element called Signature. ... Crypto algorithms typically require their input to be bytes, ... These are easiest to answer with a single word: canonicalization. ...
    (comp.lang.java.programmer)