Hello,
I need to canonize a XML Element of a digital signature element to
calculate his hash value.
For example:
The correct digest of canonized <ds:KeyInfois:
njihA04aMjUOyc0gnw6mfxjsfv8=
And my calculated digest is: FjnfpyzHGL+oyx4hWCxx/VhU9qk=
I think the problem is in the canonization of <ds:KeyInfo>.
*Canonized <ds:KeyInfo element>:*
<ds:KeyInfo Id="Certificate1"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds
:X509Certificate>
MIID4DCCA0mgAwIBAgIBOjANBgkq hkiG9w0BAQUFADByMQswCQ
YDVQQGEwJFUzEPMA0GA1UECBMG
TWFkcmlkMQ8wDQYDVQQ HEwZNYWRyaWQxDjAMBgNVB
AoTBU1JVHlDMRswGQYDVQQLExJNSVR5QyBE
TkllIFBydW ViYXMxFDASBgNVBAMTC0NB
IHVzdWFyaW9zMB4XDTA3MTIxMTE2NDYyNVoXDTA4MTIx
M DE2NDYyNVowfzELMAkGA1U
EBhMCRVMxDzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkc mlk
MQ4wDAYDVQQKEw
VNSVR5QzEbMBkGA1UECxMSTUlUeUMgRE5JZSBQcnVlYmFzMSEw HwYDVQQDExhV
c3Vhc
mlvIGVqZW1wbG8gRmFjdHVyYUUwgZ8wDQYJKoZIhvcNAQEBBQA DgY0AMIGJAoGBALiUcVbT&
#xA;N077nqQ2H+NaoGoE27n9x2LArAfiQ+2J+O5xpX1j0SyqdU qcXNL4LK6/6GJWqj93mkHE
f7c3SBXv
q68bvfaUUBQSOIbPqUGjA4kkK9gc/bx5NdkgfqZShNs7ErZFQDNho3Q2u2X
BGWBerov6pOTmrzjE
+82vUYvIu+R9AgMBAAGjggF3MIIB czAJBgNVHRMEAjAAMAsGA1
UdDwQEAwIF4DAdBgNVHQ4EFgQU
3tDPGV3C+DRtihXUKst MKGFp5zwwgZgGA1UdIwSBk
DCBjYAU9aFqqHdPW7EEjKd+SPEOn8V2jxuh
cqRwMG4xDz ANBgNVBAgTBk1hZHJpZDEP
MA0GA1UEBxMGTWFkcmlkMQ4wDAYDVQQKEwVNSVR5QzEb
M BkGA1UECxMSTUlUeUMgRE5
JZSBQcnVlYmFzMRAwDgYDVQQDEwdSb290IENBMQswCQYDVQQGE wJF
U4IBAzAJBgNVHR
EEAjAAMDYGA1UdEgQvMC2GK2h0dHA6Ly9taW5pc3Rlci04amd4 eTkubWl0eWMu
YWdlL
1BLSS9DQS5jcnQwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL21 pbmlzdGVyLThqZ3h5OS5t&
#xA;aXR5Yy5hZ2UvUEtJL2NybC5jcmwwHQYDVR0lBBYwFAYIKw YBBQUHAwIGCCsGAQUFBwME
MA0GCSqG
SIb3DQEBBQUAA4GBAES/a/gimvoEe168IQbWORPJLh1tuTrjzB549XF0kpG
DIuUzBqgeZq1HjYjA
iPgErqxGdk2qVVfDjjiNS5J+S6j5 MXTs7toij/qEtdZmQ9AUfY
RNKsNVFkUUI9j1ies3wUEecfvt
wmAAN12LtrNeBRc4GfT OOAeupFufFDjmI4gB

</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKe
yValue>
<ds:Modulus>
uJRxVtM3TvuepDYf41qga gTbuf3HYsCsB+JD7Yn47nG
lfWPRLKp1Spxc0vgsrr/oYlaqP3eaQcR/
tzdIFe+rrxu99pRQFBI4hs+pQaMDiSQr2B
z9vHk12SB+plKE2zsStkVAM2GjdDa7ZcEZYF6ui/qk
5OavOMT7za9Ri8i75H0=

</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>&
#xA;</ds:KeyValue>
</ds:KeyInfo>
*FULL Signature element:*
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:etsi="http://uri.etsi.org/01903/v1.2.2#" Id="Signature">
<ds:SignedInfo Id="Signature-SignedInfo">
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:Canonic
alizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMet
hod>
<ds:Reference Id="SignedPropertiesID"
Type="http://uri.etsi.org/01903/v1.2.2#SignedProperties"
URI="#Signature-SignedProperties">
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>E70IIZJgM5B3rTwGJ5b4hEeJ8N0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:T
ransform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>q54/ZNHSjMWKMD4A5xI9qL2tBOA=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Certificate1">
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>njihA04aMjUOyc0gnw6mfxjsfv8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="SignatureValue">
nfmak7CHtweDx/WkwizYHuNgL37d6QEyNkLIC99zK0Yar0fGtXzrKgKMSRQXdXX5 2ZtzdKKI
B7+Q
dUA9zCWUQlwAofPtbFCNYr8Ju3KDekmqEE3oTN9T689jTzW9Mn 9fsazBIaCVI/wgfv4PvS0Z
+lNH
ZIjb2UlCaZeVfdeInNo=
</ds:SignatureValue>
<ds:KeyInfo Id="Certificate1">
<ds:X509Data>
<ds:X509Certificate>
MIID4DCCA0mgAwIBAgIBOjANBgkqhkiG9w0BAQUFADByMQswCQ YDVQQGEwJFUzEPMA0GA1UE
CBMG
TWFkcmlkMQ8wDQYDVQQHEwZNYWRyaWQxDjAMBgNVBAoTBU1JVH lDMRswGQYDVQQLExJNSVR5
QyBE
TkllIFBydWViYXMxFDASBgNVBAMTC0NBIHVzdWFyaW9zMB4XDT A3MTIxMTE2NDYyNVoXDTA4
MTIx
MDE2NDYyNVowfzELMAkGA1UEBhMCRVMxDzANBgNVBAgTBk1hZH JpZDEPMA0GA1UEBxMGTWFk
cmlk
MQ4wDAYDVQQKEwVNSVR5QzEbMBkGA1UECxMSTUlUeUMgRE5JZS BQcnVlYmFzMSEwHwYDVQQD
ExhV
c3VhcmlvIGVqZW1wbG8gRmFjdHVyYUUwgZ8wDQYJKoZIhvcNAQ EBBQADgY0AMIGJAoGBALiU
cVbT
N077nqQ2H+NaoGoE27n9x2LArAfiQ+2J+O5xpX1j0SyqdUqcXN L4LK6/6GJWqj93mkHEf7c3
SBXv
q68bvfaUUBQSOIbPqUGjA4kkK9gc/bx5NdkgfqZShNs7ErZFQDNho3Q2u2XBGWBerov6pOTm
rzjE
+82vUYvIu+R9AgMBAAGjggF3MIIBczAJBgNVHRMEAjAAMAsGA1 UdDwQEAwIF4DAdBgNVHQ4E
FgQU
3tDPGV3C+DRtihXUKstMKGFp5zwwgZgGA1UdIwSBkDCBjYAU9a FqqHdPW7EEjKd+SPEOn8V2
jxuh
cqRwMG4xDzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkcm lkMQ4wDAYDVQQKEwVNSVR5
QzEb
MBkGA1UECxMSTUlUeUMgRE5JZSBQcnVlYmFzMRAwDgYDVQQDEw dSb290IENBMQswCQYDVQQG
EwJF
U4IBAzAJBgNVHREEAjAAMDYGA1UdEgQvMC2GK2h0dHA6Ly9taW 5pc3Rlci04amd4eTkubWl0
eWMu
YWdlL1BLSS9DQS5jcnQwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cD ovL21pbmlzdGVyLThqZ3h5
OS5t
aXR5Yy5hZ2UvUEtJL2NybC5jcmwwHQYDVR0lBBYwFAYIKwYBBQ UHAwIGCCsGAQUFBwMEMA0G
CSqG
SIb3DQEBBQUAA4GBAES/a/gimvoEe168IQbWORPJLh1tuTrjzB549XF0kpGDIuUzBqgeZq1H
jYjA
iPgErqxGdk2qVVfDjjiNS5J+S6j5MXTs7toij/qEtdZmQ9AUfYRNKsNVFkUUI9j1ies3wUEe
cfvt
wmAAN12LtrNeBRc4GfTOOAeupFufFDjmI4gB
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
uJRxVtM3TvuepDYf41qgagTbuf3HYsCsB+JD7Yn47nGlfWPRLK p1Spxc0vgsrr/oYlaqP3ea
QcR/
tzdIFe+rrxu99pRQFBI4hs+pQaMDiSQr2Bz9vHk12SB+plKE2z sStkVAM2GjdDa7ZcEZYF6u
i/qk
5OavOMT7za9Ri8i75H0=
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
<ds:Object Id="Signature-Object"><etsi:QualifyingProperties
Target="#Signature"><etsi:SignedProperties
Id="Signature-SignedProperties"><etsi:SignedSignatureProperties> <etsi:Si
gningTime>2007-12-11T19:21:28.229+01:00</etsi:SigningTime><etsi:SigningC
ertificate><etsi:Cert><etsi:CertDigest><ds:DigestM ethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds
:DigestValue>dDucu0BjFAIFCeiJpfVJOqAnsNk=</ds:DigestValue></etsi:CertDig
est><etsi:IssuerSerial><ds:X509IssuerName>CN=CA usuarios,OU=MITyC DNIe
Pruebas,O=MITyC,L=Madrid,ST=Madrid,C=ES</ds:X509IssuerName><ds:X509Seria
lNumber>58</ds:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:S
igningCertificate><etsi:SignaturePolicyIdentifier> <etsi:SignaturePolicyI
d><etsi:SigPolicyId><etsi:Identifier>http://www.facturae.es/politica de
firma formato facturae/politica de firma formato facturae
v3_0.pdf</etsi:Identifier><etsi:Description>Política de firma
electrónica para facturación electrónica con formato
Facturae</etsi:Description></etsi:SigPolicyId><etsi:SigPolicyHash><ds:Di
gestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds
:DigestValue>HQvPemjDslVpcNmaJPpbHzhdZ50=</ds:DigestValue></etsi:SigPoli
cyHash></etsi:SignaturePolicyId></etsi:SignaturePolicyIdentifier><etsi:S
ignerRole><etsi:ClaimedRoles><etsi:ClaimedRole>emi sor</etsi:ClaimedRole>
</etsi:ClaimedRoles></etsi:SignerRole></etsi:SignedSignatureProperties><
/etsi:SignedProperties></etsi:QualifyingProperties></ds:Object></ds:Sign
ature>
Any idea?
*** Sent via Developersdex http://www.developersdex.com ***