TECHNOLOGIES
FORUMS
JOBS
BOOKS
EVENTS
INTERVIEWS
Live
MORE
LEARN
Training
CAREER
MEMBERS
VIDEOS
NEWS
BLOGS
Sign Up
Login
No unread comment.
View All Comments
No unread message.
View All Messages
No unread notification.
View All Notifications
Answers
Post
An Article
A Blog
A News
A Video
An EBook
An Interview Question
Ask Question
Forums
Monthly Leaders
Forum guidelines
Josep Ribas
NA
1
0
invalid Hash on canonicalized XML
Aug 14 2008 10:15 AM
Hello,
I need to canonize a XML Element of a digital signature element to calculate its hash value.
For example:
The correct digest of canonized <ds:KeyInfo> is: njihA04aMjUOyc0gnw6mfxjsfv8=
And my calculated digest is: FjnfpyzHGL+oyx4hWCxx/VhU9qk=
I think the problem is in the canonization of <ds:KeyInfo>.
Canonized <ds:KeyInfo element>:
<ds:KeyInfo Id="Certificate1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIID4DCCA0mgAwIBAgIBOjANBgkqhkiG9w0BAQUFADByMQswCQYDVQQGEwJFUzEPMA0GA1UECBMG
TWFkcmlkMQ8wDQYDVQQHEwZNYWRyaWQxDjAMBgNVBAoTBU1JVHlDMRswGQYDVQQLExJNSVR5QyBE
TkllIFBydWViYXMxFDASBgNVBAMTC0NBIHVzdWFyaW9zMB4XDTA3MTIxMTE2NDYyNVoXDTA4MTIx
MDE2NDYyNVowfzELMAkGA1UEBhMCRVMxDzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkcmlk
MQ4wDAYDVQQKEwVNSVR5QzEbMBkGA1UECxMSTUlUeUMgRE5JZSBQcnVlYmFzMSEwHwYDVQQDExhV
c3VhcmlvIGVqZW1wbG8gRmFjdHVyYUUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALiUcVbT
N077nqQ2H+NaoGoE27n9x2LArAfiQ+2J+O5xpX1j0SyqdUqcXNL4LK6/6GJWqj93mkHEf7c3SBXv
q68bvfaUUBQSOIbPqUGjA4kkK9gc/bx5NdkgfqZShNs7ErZFQDNho3Q2u2XBGWBerov6pOTmrzjE
+82vUYvIu+R9AgMBAAGjggF3MIIBczAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQU
3tDPGV3C+DRtihXUKstMKGFp5zwwgZgGA1UdIwSBkDCBjYAU9aFqqHdPW7EEjKd+SPEOn8V2jxuh
cqRwMG4xDzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkcmlkMQ4wDAYDVQQKEwVNSVR5QzEb
MBkGA1UECxMSTUlUeUMgRE5JZSBQcnVlYmFzMRAwDgYDVQQDEwdSb290IENBMQswCQYDVQQGEwJF
U4IBAzAJBgNVHREEAjAAMDYGA1UdEgQvMC2GK2h0dHA6Ly9taW5pc3Rlci04amd4eTkubWl0eWMu
YWdlL1BLSS9DQS5jcnQwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL21pbmlzdGVyLThqZ3h5OS5t
aXR5Yy5hZ2UvUEtJL2NybC5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqG
SIb3DQEBBQUAA4GBAES/a/gimvoEe168IQbWORPJLh1tuTrjzB549XF0kpGDIuUzBqgeZq1HjYjA
iPgErqxGdk2qVVfDjjiNS5J+S6j5MXTs7toij/qEtdZmQ9AUfYRNKsNVFkUUI9j1ies3wUEecfvt
wmAAN12LtrNeBRc4GfTOOAeupFufFDjmI4gB
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
uJRxVtM3TvuepDYf41qgagTbuf3HYsCsB+JD7Yn47nGlfWPRLKp1Spxc0vgsrr/oYlaqP3eaQcR/
tzdIFe+rrxu99pRQFBI4hs+pQaMDiSQr2Bz9vHk12SB+plKE2zsStkVAM2GjdDa7ZcEZYF6ui/qk
5OavOMT7za9Ri8i75H0=
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
FULL Signature element:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:etsi="http://uri.etsi.org/01903/v1.2.2#" Id="Signature">
<ds:SignedInfo Id="Signature-SignedInfo">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference Id="SignedPropertiesID" Type="http://uri.etsi.org/01903/v1.2.2#SignedProperties" URI="#Signature-SignedProperties">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>E70IIZJgM5B3rTwGJ5b4hEeJ8N0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>q54/ZNHSjMWKMD4A5xI9qL2tBOA=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Certificate1">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>njihA04aMjUOyc0gnw6mfxjsfv8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="SignatureValue">
nfmak7CHtweDx/WkwizYHuNgL37d6QEyNkLIC99zK0Yar0fGtXzrKgKMSRQXdXX52ZtzdKKIB7+Q
dUA9zCWUQlwAofPtbFCNYr8Ju3KDekmqEE3oTN9T689jTzW9Mn9fsazBIaCVI/wgfv4PvS0Z+lNH
ZIjb2UlCaZeVfdeInNo=
</ds:SignatureValue>
<ds:KeyInfo Id="Certificate1">
<ds:X509Data>
<ds:X509Certificate>
MIID4DCCA0mgAwIBAgIBOjANBgkqhkiG9w0BAQUFADByMQswCQYDVQQGEwJFUzEPMA0GA1UECBMG
TWFkcmlkMQ8wDQYDVQQHEwZNYWRyaWQxDjAMBgNVBAoTBU1JVHlDMRswGQYDVQQLExJNSVR5QyBE
TkllIFBydWViYXMxFDASBgNVBAMTC0NBIHVzdWFyaW9zMB4XDTA3MTIxMTE2NDYyNVoXDTA4MTIx
MDE2NDYyNVowfzELMAkGA1UEBhMCRVMxDzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkcmlk
MQ4wDAYDVQQKEwVNSVR5QzEbMBkGA1UECxMSTUlUeUMgRE5JZSBQcnVlYmFzMSEwHwYDVQQDExhV
c3VhcmlvIGVqZW1wbG8gRmFjdHVyYUUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALiUcVbT
N077nqQ2H+NaoGoE27n9x2LArAfiQ+2J+O5xpX1j0SyqdUqcXNL4LK6/6GJWqj93mkHEf7c3SBXv
q68bvfaUUBQSOIbPqUGjA4kkK9gc/bx5NdkgfqZShNs7ErZFQDNho3Q2u2XBGWBerov6pOTmrzjE
+82vUYvIu+R9AgMBAAGjggF3MIIBczAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQU
3tDPGV3C+DRtihXUKstMKGFp5zwwgZgGA1UdIwSBkDCBjYAU9aFqqHdPW7EEjKd+SPEOn8V2jxuh
cqRwMG4xDzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkcmlkMQ4wDAYDVQQKEwVNSVR5QzEb
MBkGA1UECxMSTUlUeUMgRE5JZSBQcnVlYmFzMRAwDgYDVQQDEwdSb290IENBMQswCQYDVQQGEwJF
U4IBAzAJBgNVHREEAjAAMDYGA1UdEgQvMC2GK2h0dHA6Ly9taW5pc3Rlci04amd4eTkubWl0eWMu
YWdlL1BLSS9DQS5jcnQwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL21pbmlzdGVyLThqZ3h5OS5t
aXR5Yy5hZ2UvUEtJL2NybC5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqG
SIb3DQEBBQUAA4GBAES/a/gimvoEe168IQbWORPJLh1tuTrjzB549XF0kpGDIuUzBqgeZq1HjYjA
iPgErqxGdk2qVVfDjjiNS5J+S6j5MXTs7toij/qEtdZmQ9AUfYRNKsNVFkUUI9j1ies3wUEecfvt
wmAAN12LtrNeBRc4GfTOOAeupFufFDjmI4gB
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
uJRxVtM3TvuepDYf41qgagTbuf3HYsCsB+JD7Yn47nGlfWPRLKp1Spxc0vgsrr/oYlaqP3eaQcR/
tzdIFe+rrxu99pRQFBI4hs+pQaMDiSQr2Bz9vHk12SB+plKE2zsStkVAM2GjdDa7ZcEZYF6ui/qk
5OavOMT7za9Ri8i75H0=
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
<ds:Object Id="Signature-Object"><etsi:QualifyingProperties Target="#Signature"><etsi:SignedProperties Id="Signature-SignedProperties"><etsi:SignedSignatureProperties><etsi:SigningTime>2007-12-11T19:21:28.229+01:00</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>dDucu0BjFAIFCeiJpfVJOqAnsNk=</ds:DigestValue></etsi:CertDigest><etsi:IssuerSerial><ds:X509IssuerName>CN=CA usuarios,OU=MITyC DNIe Pruebas,O=MITyC,L=Madrid,ST=Madrid,C=ES</ds:X509IssuerName><ds:X509SerialNumber>58</ds:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyId><etsi:SigPolicyId><etsi:Identifier>http://www.facturae.es/politica de firma formato facturae/politica de firma formato facturae v3_0.pdf</etsi:Identifier><etsi:Description>Política de firma electrónica para facturación electrónica con formato Facturae</etsi:Description></etsi:SigPolicyId><etsi:SigPolicyHash><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>HQvPemjDslVpcNmaJPpbHzhdZ50=</ds:DigestValue></etsi:SigPolicyHash></etsi:SignaturePolicyId></etsi:SignaturePolicyIdentifier><etsi:SignerRole><etsi:ClaimedRoles><etsi:ClaimedRole>emisor</etsi:ClaimedRole></etsi:ClaimedRoles></etsi:SignerRole></etsi:SignedSignatureProperties></etsi:SignedProperties></etsi:QualifyingProperties></ds:Object></ds:Signature>
Any idea?
Reply
Answers (
1
)
Forms Login, Cookie and IIS
Protection and security for Asp.net Web application