Jump to content

tufffta

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by tufffta

  1. I am analyzing an XML-DSIG file in order to know how to write my piece of software code that generates XML-DSIGnatures. I am having this trouble and desperately need help... This is a bit I am trying to understand from an attached signatures0.xml: <SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> [...deleted...] <Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#SignedPropertiesElem_0" xmlns="http://www.w3.org/2000/09/xmldsig#"> <Transforms xmlns="http://www.w3.org/2000/09/xmldsig#"> <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestValue>kOlNXyBs6oSP9hbh+4niZMNQ9OsOCzYhkSYYG4YdHQU=</DigestValue> </Reference></SignedInfo> From what I understand, this refers to a SignedPropertiesElem_0 element in the same file. I am trying to determine exactly what it refers to - what piece of code should be selected and used later on for canonicalization and then calculating a digest value. Is it this: <SignedProperties Id="SignedPropertiesElem_0"> <SignedSignatureProperties> <SigningTime>2014-08-21T06:09:55Z</SigningTime> <SigningCertificate> <Cert> <CertDigest> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" xmlns="http://www.w3.org/2000/09/xmldsig#"/> <DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">JQ0kZvd0mtXQPA/RTuYV9iuc346tznvN9MoAd/0jNyM=</DigestValue> </CertDigest> <IssuerSerial> <X509IssuerName xmlns="http://www.w3.org/2000/09/xmldsig#">CN=Nacionalinis sertifikavimo centras (IssuingCA-,OU=Nacionalinis sertifikavimo centras (NSC),O=Gyventoju registro tarnyba prie LR VRM - i.k. 188756767,C=LT</X509IssuerName> <X509SerialNumber xmlns="http://www.w3.org/2000/09/xmldsig#">1315010063538360283821765366094690</X509SerialNumber> </IssuerSerial> </Cert> </SigningCertificate> <SignaturePolicyIdentifier> <SignaturePolicyImplied/> </SignaturePolicyIdentifier> </SignedSignatureProperties> </SignedProperties> Or this: <SignedSignatureProperties> <SigningTime>2014-08-21T06:09:55Z</SigningTime> <SigningCertificate> <Cert> <CertDigest> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" xmlns="http://www.w3.org/2000/09/xmldsig#"/> <DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">JQ0kZvd0mtXQPA/RTuYV9iuc346tznvN9MoAd/0jNyM=</DigestValue> </CertDigest> <IssuerSerial> <X509IssuerName xmlns="http://www.w3.org/2000/09/xmldsig#">CN=Nacionalinis sertifikavimo centras (IssuingCA-,OU=Nacionalinis sertifikavimo centras (NSC),O=Gyventoju registro tarnyba prie LR VRM - i.k. 188756767,C=LT</X509IssuerName> <X509SerialNumber xmlns="http://www.w3.org/2000/09/xmldsig#">1315010063538360283821765366094690</X509SerialNumber> </IssuerSerial> </Cert> </SigningCertificate> <SignaturePolicyIdentifier> <SignaturePolicyImplied/> </SignaturePolicyIdentifier> </SignedSignatureProperties> Or this: <SigningTime>2014-08-21T06:09:55Z</SigningTime> <SigningCertificate> <Cert> <CertDigest> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" xmlns="http://www.w3.org/2000/09/xmldsig#"/> <DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">JQ0kZvd0mtXQPA/RTuYV9iuc346tznvN9MoAd/0jNyM=</DigestValue> </CertDigest> <IssuerSerial> <X509IssuerName xmlns="http://www.w3.org/2000/09/xmldsig#">CN=Nacionalinis sertifikavimo centras (IssuingCA-,OU=Nacionalinis sertifikavimo centras (NSC),O=Gyventoju registro tarnyba prie LR VRM - i.k. 188756767,C=LT</X509IssuerName> <X509SerialNumber xmlns="http://www.w3.org/2000/09/xmldsig#">1315010063538360283821765366094690</X509SerialNumber> </IssuerSerial> </Cert> </SigningCertificate> <SignaturePolicyIdentifier> <SignaturePolicyImplied/> </SignaturePolicyIdentifier> Or some other part of it? I tried the first one, then letting it through a StylusStudio canonicalization OR http://www.soapclient.com/xmlcanon.html (both seem to return identical results), which results in this: <SignedProperties Id="SignedPropertiesElem_0"> <SignedSignatureProperties> <SigningTime>2014-08-21T06:09:55Z</SigningTime> <SigningCertificate> <Cert> <CertDigest> <DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod> <DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">JQ0kZvd0mtXQPA/RTuYV9iuc346tznvN9MoAd/0jNyM=</DigestValue> </CertDigest> <IssuerSerial> <X509IssuerName xmlns="http://www.w3.org/2000/09/xmldsig#">CN=Nacionalinis sertifikavimo centras (IssuingCA-,OU=Nacionalinis sertifikavimo centras (NSC),O=Gyventoju registro tarnyba prie LR VRM - i.k. 188756767,C=LT</X509IssuerName> <X509SerialNumber xmlns="http://www.w3.org/2000/09/xmldsig#">1315010063538360283821765366094690</X509SerialNumber> </IssuerSerial> </Cert> </SigningCertificate> <SignaturePolicyIdentifier> <SignaturePolicyImplied></SignaturePolicyImplied> </SignaturePolicyIdentifier> </SignedSignatureProperties> </SignedProperties> and then calculating the digest value using these tools: http://www.webutils.pl/index.php?idx=sha1 http://hash.online-convert.com/sha256-generator http://www.freeformatter.com/message-digest.html#ad-output They all returned the same result, but that result is different from the one in the xml file: kOlNXyBs6oSP9hbh+4niZMNQ9OsOCzYhkSYYG4YdHQU=. What am I doing wrong? What part of the xml document should I copy and paste into the canonicalizer and then into digest calculator? I've spent several days trying different things and looking for answers and haven't got anything... I am sure I missed something, therefore I am asking for your help.
  2. Hello, I am a bit confused by this statement that I found on a sha256 digestvalue calculation here: http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#sha256 A SHA-256 digest is a 256-bit string. The content of the DigestValue element shall be the base64 encoding of this bit string viewed as a 32-octet octet stream. Does that mean that the sha256 hash value has to be converted to a 32-bit string before encoding it to base64? If yes, could someone please tell me how this can be done? I'm a kind of a n00b, but I haven't found info on how to do that on the internet.
×
×
  • Create New...