 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / March 2007Xmldsig Countersignature DigestValue
Hi! How can i calculate DigestValue for Reference to signature ( ... uri="#signatureId" ...)? I try this code: xmlElement - signature from xml file; SignedXml signature = new SignedXml(); signature.LoadXml((XmlElement)xmlElement); Transform t = new System.Security.Cryptography.Xml.XmlDsigC14NTransform(); XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml(signature.GetXml().OuterXml); System.IO.Stream s = null; t.LoadInput(doc); SHA1 sha1 = SHA1.Create(); byte[] digestValue = t.GetDigestedOutput(sha1); MessageBox.Show(Convert.ToBase64String(digestValue)); Calculated digestValue is not the same, which is in reference digestValue in countersignature after signing. Can anyone help me calculate this digestValue? Iguana > Hi! > How can i calculate DigestValue for Reference to signature ( ... [quoted text clipped - 19 lines] > Can anyone help me calculate this digestValue? > Iguana Hi, are you verifying signature created with .Net or with some other framework? the reason I'm asking is that .Net XmlDsigC14NTransform class is not conformant. If signature was created with .Net (same version), then you should not have any problems, however if this is other thirdparty library that creates signature, then you may have problems. According to spec. all whitespaces, significant or not, must be preserved during serialization. All open source or Java implementations of XML signatures follows this rule and preserve all witespaces. However .Net XmlDsigC14Transform never preservers insignificant whitespaces, because no Microsoft XML API reports insignificant whitespaces to the XML processors. It is easy to check if you are experiencing this problem. Check if input contains insignificant whitespaces, and if it does, then it probably it. -Valery. > > Hi! > > How can i calculate DigestValue for Reference to signature ( ... [quoted text clipped - 19 lines] > > Can anyone help me calculate this digestValue? > > Iguana Another problem with your code could be the use of OuterXml in case if it also returns xml header (ie. <?xml version...). In that case you'll have problems verifying signature created anywhere - you are trying to verify hash of child node and that can never contain xml header which is only alllowed to be placed before rootElement. -Valery. Hi! I have create signatures with csharp (vc 2005) and net 2.0. I think preserwe white spaces is not a problem in my code - this works fine (with my code I verify signature have generated in java - verification works good). What I do exacly in my code: read from xml document all tag <Signature ... </Signature> and put this to new XmlDocument. // get signature to countersign XmlNodeList signs = existingXmlDocument.GetElementsByTagName("Signature", SignedXml.XmlDsigNamespaceUrl); XmlElement el = signs[0]; // in my test code I have only one signature to countersign SignedXml sig = new SignedXml(); sig.LoadXml((XmlElement)el); XmlDocument doc = new XmlDocument(); //new empty xmlDocument - without header and any attributes doc.PreserveWhitespace = true; // load obj - sognature to countersign to new created XmlDocument System.Security.Cryptography.Xml.DataObject obj = new System.Security.Cryptography.Xml.DataObject(); obj.LoadXml(sig.GetXml()); doc.LoadXml(obj.GetXml().OuterXml); // this load to new created XmlDocument signature xml text Transform t1 = new System.Security.Cryptography.Xml.XmlDsigC14NTransform(); // my reference have not transforms - only SignedINfo have connonicalization transform t1.LoadInput(doc); System.IO.Stream s1 = (System.IO.Stream)t1.GetOutput(); // calculate hash after transform SHA1 sha1 = SHA1.Create(); MessageBox.Show(string.Format("{0}", Convert.ToBase64String(sha1.ComputeHash(s1)))); This is my first test After fall, I add new transform: Transform t2 = (Transform)CryptoConfig.CreateFromName("http:// www.w3.org/2001/10/xml-exc-c14n#WithComments"); t2.LoadInput(t1); // transform on transformed signature System.IO.Stream s2 = (System.IO.Stream)t2.GetOutput(); MessageBox.Show(string.Format("{0}", Convert.ToBase64String(sha1.ComputeHash(s2)))); This is what i do. DigestValue is wrong (in code with two transformation - I have DigestValue on t1 and t2 the same always!) I have no more idea... but must calculate this DigestValue before i call SignedXml.ComputeSignature and show DigestValue to my application user. Any other idea? Iguana > Hi! > I have create signatures with csharp (vc 2005) and net 2.0. [quoted text clipped - 56 lines] > Any other idea? > Iguana As i told you in one of my prev. letters - check what you get from OuterXml. It will most probably give you xml header as well. -Valery Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.