XmlDSig trouble
- From: Tom <Tom@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 4 May 2009 09:58:01 -0700
Hi,
I'm a bit stuck on XmlDSig, and I hope someone can help me out.
I'll start with a xml snippet of a signature:
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
/>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue>TWn8c8ogPhXR5Lm2NizZK8ymIH8=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="i_NL.IMRO.9999.AP20090000314-0003.pdf">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue>hkMmb3O13o6PMMioMQkGyQkT1OE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>... omitted for clarity ...</ds:SignatureValue>
- <ds:KeyInfo>
- <ds:X509Data>
<ds:X509Certificate>... also omitted ...</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
So here is my problem: a customer wants to sign xml that is to be validated
by a third party. There the problem starts, first of all the OpenSSL,
BouncyCastle and .NET implementations all result in a different SHA-1 hash
and therefore signature.
The problem is related to the first reference in the SignedInfo with
reference uri="".
Here is what I see the .NET code do:
- Take reference URI="" (whole document)
- Transform it with Enveloped Signature
- Calculate the hash over this transformed xml (not canonical??)
- Put the reference in the list
- Canonicalize the SignedInfo with Exclusive C14n
- Hash it (SHA-1)
- Encrypt this with the private key
- put in the different parts etc.
This verifies without a problem in the .NET 'world'. But not in the
BouncyCastle 'world' or the OpenSSL 'world'. In fact neither of them offer
interopability between each other as far as I can tell. At least not with the
input xml I have.
So I have a question about how I should treat Reference Uri="".
Here is what I suspect needs to be done:
- Apply the Enveloped Signature transform to the document (basically removes
any Signature objects, but does not re-order or process whitespace etc?)
- Then my question: should I apply the exc-C14n canonicalization now on the
result of the transform?
- Should I then calculate the hash over this canonical data?
I'm a bit disappointed in the different implementions of XMLDSIG that exist.
Either the W3C is not clear enough or nobody implemented what thay recommend.
Anyhow I'm in trouble.
Regards,
Tom
.
- Follow-Ups:
- Re: XmlDSig trouble
- From: Eugene Mayevski
- Re: XmlDSig trouble
- Prev by Date: Re: SslStream and AES 128 cipher
- Next by Date: Re: XmlDSig trouble
- Previous by thread: SslStream and AES 128 cipher
- Next by thread: Re: XmlDSig trouble
- Index(es):
