Help | Site Map
Connecting Tech Pros Worldwide
bytes > groups > XML
 
 
LinkBack Thread Tools
  #1  
Old August 14th, 2008, 03:15 PM
josep ribas
Guest
  
Posts: n/a
Default XML Canonicalization error
Hello,

I need to canonize a XML Element of a digital signature element to
calculate his hash value.
For example:

The correct digest of canonized <ds:KeyInfois:
njihA04aMjUOyc0gnw6mfxjsfv8=
And my calculated digest is: FjnfpyzHGL+oyx4hWCxx/VhU9qk=

I think the problem is in the canonization of <ds:KeyInfo>.

*Canonized <ds:KeyInfo element>:*
<ds:KeyInfo Id="Certificate1"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">&#xA;<ds:X509Data>&#xA;<ds
:X509Certificate>&#xA;MIID4DCCA0mgAwIBAgIBOjANBgkq hkiG9w0BAQUFADByMQswCQ
YDVQQGEwJFUzEPMA0GA1UECBMG&#xA;TWFkcmlkMQ8wDQYDVQQ HEwZNYWRyaWQxDjAMBgNVB
AoTBU1JVHlDMRswGQYDVQQLExJNSVR5QyBE&#xA;TkllIFBydW ViYXMxFDASBgNVBAMTC0NB
IHVzdWFyaW9zMB4XDTA3MTIxMTE2NDYyNVoXDTA4MTIx&#xA;M DE2NDYyNVowfzELMAkGA1U
EBhMCRVMxDzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkc mlk&#xA;MQ4wDAYDVQQKEw
VNSVR5QzEbMBkGA1UECxMSTUlUeUMgRE5JZSBQcnVlYmFzMSEw HwYDVQQDExhV&#xA;c3Vhc
mlvIGVqZW1wbG8gRmFjdHVyYUUwgZ8wDQYJKoZIhvcNAQEBBQA DgY0AMIGJAoGBALiUcVbT&
#xA;N077nqQ2H+NaoGoE27n9x2LArAfiQ+2J+O5xpX1j0SyqdU qcXNL4LK6/6GJWqj93mkHE
f7c3SBXv&#xA;q68bvfaUUBQSOIbPqUGjA4kkK9gc/bx5NdkgfqZShNs7ErZFQDNho3Q2u2X
BGWBerov6pOTmrzjE&#xA;+82vUYvIu+R9AgMBAAGjggF3MIIB czAJBgNVHRMEAjAAMAsGA1
UdDwQEAwIF4DAdBgNVHQ4EFgQU&#xA;3tDPGV3C+DRtihXUKst MKGFp5zwwgZgGA1UdIwSBk
DCBjYAU9aFqqHdPW7EEjKd+SPEOn8V2jxuh&#xA;cqRwMG4xDz ANBgNVBAgTBk1hZHJpZDEP
MA0GA1UEBxMGTWFkcmlkMQ4wDAYDVQQKEwVNSVR5QzEb&#xA;M BkGA1UECxMSTUlUeUMgRE5
JZSBQcnVlYmFzMRAwDgYDVQQDEwdSb290IENBMQswCQYDVQQGE wJF&#xA;U4IBAzAJBgNVHR
EEAjAAMDYGA1UdEgQvMC2GK2h0dHA6Ly9taW5pc3Rlci04amd4 eTkubWl0eWMu&#xA;YWdlL
1BLSS9DQS5jcnQwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL21 pbmlzdGVyLThqZ3h5OS5t&
#xA;aXR5Yy5hZ2UvUEtJL2NybC5jcmwwHQYDVR0lBBYwFAYIKw YBBQUHAwIGCCsGAQUFBwME
MA0GCSqG&#xA;SIb3DQEBBQUAA4GBAES/a/gimvoEe168IQbWORPJLh1tuTrjzB549XF0kpG
DIuUzBqgeZq1HjYjA&#xA;iPgErqxGdk2qVVfDjjiNS5J+S6j5 MXTs7toij/qEtdZmQ9AUfY
RNKsNVFkUUI9j1ies3wUEecfvt&#xA;wmAAN12LtrNeBRc4GfT OOAeupFufFDjmI4gB&#xA;
</ds:X509Certificate>&#xA;</ds:X509Data>&#xA;<ds:KeyValue>&#xA;<ds:RSAKe
yValue>&#xA;<ds:Modulus>&#xA;uJRxVtM3TvuepDYf41qga gTbuf3HYsCsB+JD7Yn47nG
lfWPRLKp1Spxc0vgsrr/oYlaqP3eaQcR/&#xA;tzdIFe+rrxu99pRQFBI4hs+pQaMDiSQr2B
z9vHk12SB+plKE2zsStkVAM2GjdDa7ZcEZYF6ui/qk&#xA;5OavOMT7za9Ri8i75H0=&#xA;
</ds:Modulus>&#xA;<ds:Exponent>AQAB</ds:Exponent>&#xA;</ds:RSAKeyValue>&
#xA;</ds:KeyValue>&#xA;</ds:KeyInfo>

*FULL Signature element:*

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:etsi="http://uri.etsi.org/01903/v1.2.2#" Id="Signature">
<ds:SignedInfo Id="Signature-SignedInfo">
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:Canonic
alizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMet
hod>
<ds:Reference Id="SignedPropertiesID"
Type="http://uri.etsi.org/01903/v1.2.2#SignedProperties"
URI="#Signature-SignedProperties">
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>E70IIZJgM5B3rTwGJ5b4hEeJ8N0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:T
ransform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>q54/ZNHSjMWKMD4A5xI9qL2tBOA=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Certificate1">
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>njihA04aMjUOyc0gnw6mfxjsfv8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="SignatureValue">
nfmak7CHtweDx/WkwizYHuNgL37d6QEyNkLIC99zK0Yar0fGtXzrKgKMSRQXdXX5 2ZtzdKKI
B7+Q
dUA9zCWUQlwAofPtbFCNYr8Ju3KDekmqEE3oTN9T689jTzW9Mn 9fsazBIaCVI/wgfv4PvS0Z
+lNH
ZIjb2UlCaZeVfdeInNo=
</ds:SignatureValue>
<ds:KeyInfo Id="Certificate1">
<ds:X509Data>
<ds:X509Certificate>
MIID4DCCA0mgAwIBAgIBOjANBgkqhkiG9w0BAQUFADByMQswCQ YDVQQGEwJFUzEPMA0GA1UE
CBMG
TWFkcmlkMQ8wDQYDVQQHEwZNYWRyaWQxDjAMBgNVBAoTBU1JVH lDMRswGQYDVQQLExJNSVR5
QyBE
TkllIFBydWViYXMxFDASBgNVBAMTC0NBIHVzdWFyaW9zMB4XDT A3MTIxMTE2NDYyNVoXDTA4
MTIx
MDE2NDYyNVowfzELMAkGA1UEBhMCRVMxDzANBgNVBAgTBk1hZH JpZDEPMA0GA1UEBxMGTWFk
cmlk
MQ4wDAYDVQQKEwVNSVR5QzEbMBkGA1UECxMSTUlUeUMgRE5JZS BQcnVlYmFzMSEwHwYDVQQD
ExhV
c3VhcmlvIGVqZW1wbG8gRmFjdHVyYUUwgZ8wDQYJKoZIhvcNAQ EBBQADgY0AMIGJAoGBALiU
cVbT
N077nqQ2H+NaoGoE27n9x2LArAfiQ+2J+O5xpX1j0SyqdUqcXN L4LK6/6GJWqj93mkHEf7c3
SBXv
q68bvfaUUBQSOIbPqUGjA4kkK9gc/bx5NdkgfqZShNs7ErZFQDNho3Q2u2XBGWBerov6pOTm
rzjE
+82vUYvIu+R9AgMBAAGjggF3MIIBczAJBgNVHRMEAjAAMAsGA1 UdDwQEAwIF4DAdBgNVHQ4E
FgQU
3tDPGV3C+DRtihXUKstMKGFp5zwwgZgGA1UdIwSBkDCBjYAU9a FqqHdPW7EEjKd+SPEOn8V2
jxuh
cqRwMG4xDzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkcm lkMQ4wDAYDVQQKEwVNSVR5
QzEb
MBkGA1UECxMSTUlUeUMgRE5JZSBQcnVlYmFzMRAwDgYDVQQDEw dSb290IENBMQswCQYDVQQG
EwJF
U4IBAzAJBgNVHREEAjAAMDYGA1UdEgQvMC2GK2h0dHA6Ly9taW 5pc3Rlci04amd4eTkubWl0
eWMu
YWdlL1BLSS9DQS5jcnQwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cD ovL21pbmlzdGVyLThqZ3h5
OS5t
aXR5Yy5hZ2UvUEtJL2NybC5jcmwwHQYDVR0lBBYwFAYIKwYBBQ UHAwIGCCsGAQUFBwMEMA0G
CSqG
SIb3DQEBBQUAA4GBAES/a/gimvoEe168IQbWORPJLh1tuTrjzB549XF0kpGDIuUzBqgeZq1H
jYjA
iPgErqxGdk2qVVfDjjiNS5J+S6j5MXTs7toij/qEtdZmQ9AUfYRNKsNVFkUUI9j1ies3wUEe
cfvt
wmAAN12LtrNeBRc4GfTOOAeupFufFDjmI4gB
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
uJRxVtM3TvuepDYf41qgagTbuf3HYsCsB+JD7Yn47nGlfWPRLK p1Spxc0vgsrr/oYlaqP3ea
QcR/
tzdIFe+rrxu99pRQFBI4hs+pQaMDiSQr2Bz9vHk12SB+plKE2z sStkVAM2GjdDa7ZcEZYF6u
i/qk
5OavOMT7za9Ri8i75H0=
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
<ds:Object Id="Signature-Object"><etsi:QualifyingProperties
Target="#Signature"><etsi:SignedProperties
Id="Signature-SignedProperties"><etsi:SignedSignatureProperties> <etsi:Si
gningTime>2007-12-11T19:21:28.229+01:00</etsi:SigningTime><etsi:SigningC
ertificate><etsi:Cert><etsi:CertDigest><ds:DigestM ethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds
:DigestValue>dDucu0BjFAIFCeiJpfVJOqAnsNk=</ds:DigestValue></etsi:CertDig
est><etsi:IssuerSerial><ds:X509IssuerName>CN=CA usuarios,OU=MITyC DNIe
Pruebas,O=MITyC,L=Madrid,ST=Madrid,C=ES</ds:X509IssuerName><ds:X509Seria
lNumber>58</ds:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:S
igningCertificate><etsi:SignaturePolicyIdentifier> <etsi:SignaturePolicyI
d><etsi:SigPolicyId><etsi:Identifier>http://www.facturae.es/politica de
firma formato facturae/politica de firma formato facturae
v3_0.pdf</etsi:Identifier><etsi:Description>Política de firma
electrónica para facturación electrónica con formato
Facturae</etsi:Description></etsi:SigPolicyId><etsi:SigPolicyHash><ds:Di
gestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds
:DigestValue>HQvPemjDslVpcNmaJPpbHzhdZ50=</ds:DigestValue></etsi:SigPoli
cyHash></etsi:SignaturePolicyId></etsi:SignaturePolicyIdentifier><etsi:S
ignerRole><etsi:ClaimedRoles><etsi:ClaimedRole>emi sor</etsi:ClaimedRole>
</etsi:ClaimedRoles></etsi:SignerRole></etsi:SignedSignatureProperties><
/etsi:SignedProperties></etsi:QualifyingProperties></ds:Object></ds:Sign
ature>

Any idea?




*** Sent via Developersdex http://www.developersdex.com ***
 

Bookmarks

« Previous Thread | Next Thread »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

What is Bytes?

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over network members.
Post your question now . . .
It's fast and it's free

Popular Articles
Quick Browse:
Communities / Archives
XML / CSS | HTML | Javascript | PHP | Perl | Visual Basic | Python | C++ / C | Java | .NET / C# / VB / XML / ASP.net | ASP
PostgreSQL | MS SQL | Oracle | IBM DB2 | MS Access | MySQL

About Bytes | Sitemap | Privacy Policy | Terms of Use
Copyright 1995-2008 Bytes.com. All rights Reserved