XML Canonicalization error

josep ribas

Hello,

I need to canonize a XML Element of a digital signature element to
calculate his hash value.
For example:

The correct digest of canonized <ds:KeyInfois:
njihA04aMjUOyc0gnw6mfxjsfv8=
And my calculated digest is: FjnfpyzHGL+oyx4hWCxx/VhU9qk=

I think the problem is in the canonization of <ds:KeyInfo>.

*Canonized <ds:KeyInfo element>:*
<ds:KeyInfo Id="Certificate1"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds
:X509Certificate>
MIID4DCCA0mgAwIBAgIBOjANBgkq hkiG9w0BAQUFADByMQswCQ
YDVQQGEwJFUzEPMA0GA1UECBMG
TWFkcmlkMQ8wDQYDVQQ HEwZNYWRyaWQxDjAMBgNVB
AoTBU1JVHlDMRswGQYDVQQLExJNSVR5QyBE
TkllIFBydW ViYXMxFDASBgNVBAMTC0NB
IHVzdWFyaW9zMB4XDTA3MTIxMTE2NDYyNVoXDTA4MTIx
M DE2NDYyNVowfzELMAkGA1U
EBhMCRVMxDzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkc mlk
MQ4wDAYDVQQKEw
VNSVR5QzEbMBkGA1UECxMSTUlUeUMgRE5JZSBQcnVlYmFzMSEw HwYDVQQDExhV
c3Vhc
mlvIGVqZW1wbG8gRmFjdHVyYUUwgZ8wDQYJKoZIhvcNAQEBBQA DgY0AMIGJAoGBALiUcVbT&
#xA;N077nqQ2H+NaoGoE27n9x2LArAfiQ+2J+O5xpX1j0SyqdU qcXNL4LK6/6GJWqj93mkHE
f7c3SBXv
q68bvfaUUBQSOIbPqUGjA4kkK9gc/bx5NdkgfqZShNs7ErZFQDNho3Q2u2X
BGWBerov6pOTmrzjE
+82vUYvIu+R9AgMBAAGjggF3MIIB czAJBgNVHRMEAjAAMAsGA1
UdDwQEAwIF4DAdBgNVHQ4EFgQU
3tDPGV3C+DRtihXUKst MKGFp5zwwgZgGA1UdIwSBk
DCBjYAU9aFqqHdPW7EEjKd+SPEOn8V2jxuh
cqRwMG4xDz ANBgNVBAgTBk1hZHJpZDEP
MA0GA1UEBxMGTWFkcmlkMQ4wDAYDVQQKEwVNSVR5QzEb
M BkGA1UECxMSTUlUeUMgRE5
JZSBQcnVlYmFzMRAwDgYDVQQDEwdSb290IENBMQswCQYDVQQGE wJF
U4IBAzAJBgNVHR
EEAjAAMDYGA1UdEgQvMC2GK2h0dHA6Ly9taW5pc3Rlci04amd4 eTkubWl0eWMu
YWdlL
1BLSS9DQS5jcnQwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL21 pbmlzdGVyLThqZ3h5OS5t&
#xA;aXR5Yy5hZ2UvUEtJL2NybC5jcmwwHQYDVR0lBBYwFAYIKw YBBQUHAwIGCCsGAQUFBwME
MA0GCSqG
SIb3DQEBBQUAA4GBAES/a/gimvoEe168IQbWORPJLh1tuTrjzB549XF0kpG
DIuUzBqgeZq1HjYjA
iPgErqxGdk2qVVfDjjiNS5J+S6j5 MXTs7toij/qEtdZmQ9AUfY
RNKsNVFkUUI9j1ies3wUEecfvt
wmAAN12LtrNeBRc4GfT OOAeupFufFDjmI4gB

</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKe
yValue>
<ds:Modulus>
uJRxVtM3TvuepDYf41qga gTbuf3HYsCsB+JD7Yn47nG
lfWPRLKp1Spxc0vgsrr/oYlaqP3eaQcR/
tzdIFe+rrxu99pRQFBI4hs+pQaMDiSQr2B
z9vHk12SB+plKE2zsStkVAM2GjdDa7ZcEZYF6ui/qk
5OavOMT7za9Ri8i75H0=

</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>&
#xA;</ds:KeyValue>
</ds:KeyInfo>

*FULL Signature element:*

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:etsi="http://uri.etsi.org/01903/v1.2.2#" Id="Signature">
<ds:SignedInfo Id="Signature-SignedInfo">
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:Canonic
alizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMet
hod>
<ds:Reference Id="SignedPropertiesID"
Type="http://uri.etsi.org/01903/v1.2.2#SignedProperties"
URI="#Signature-SignedProperties">
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>E70IIZJgM5B3rTwGJ5b4hEeJ8N0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:T
ransform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>q54/ZNHSjMWKMD4A5xI9qL2tBOA=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Certificate1">
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>njihA04aMjUOyc0gnw6mfxjsfv8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="SignatureValue">
nfmak7CHtweDx/WkwizYHuNgL37d6QEyNkLIC99zK0Yar0fGtXzrKgKMSRQXdXX5 2ZtzdKKI
B7+Q
dUA9zCWUQlwAofPtbFCNYr8Ju3KDekmqEE3oTN9T689jTzW9Mn 9fsazBIaCVI/wgfv4PvS0Z
+lNH
ZIjb2UlCaZeVfdeInNo=
</ds:SignatureValue>
<ds:KeyInfo Id="Certificate1">
<ds:X509Data>
<ds:X509Certificate>
MIID4DCCA0mgAwIBAgIBOjANBgkqhkiG9w0BAQUFADByMQswCQ YDVQQGEwJFUzEPMA0GA1UE
CBMG
TWFkcmlkMQ8wDQYDVQQHEwZNYWRyaWQxDjAMBgNVBAoTBU1JVH lDMRswGQYDVQQLExJNSVR5
QyBE
TkllIFBydWViYXMxFDASBgNVBAMTC0NBIHVzdWFyaW9zMB4XDT A3MTIxMTE2NDYyNVoXDTA4
MTIx
MDE2NDYyNVowfzELMAkGA1UEBhMCRVMxDzANBgNVBAgTBk1hZH JpZDEPMA0GA1UEBxMGTWFk
cmlk
MQ4wDAYDVQQKEwVNSVR5QzEbMBkGA1UECxMSTUlUeUMgRE5JZS BQcnVlYmFzMSEwHwYDVQQD
ExhV
c3VhcmlvIGVqZW1wbG8gRmFjdHVyYUUwgZ8wDQYJKoZIhvcNAQ EBBQADgY0AMIGJAoGBALiU
cVbT
N077nqQ2H+NaoGoE27n9x2LArAfiQ+2J+O5xpX1j0SyqdUqcXN L4LK6/6GJWqj93mkHEf7c3
SBXv
q68bvfaUUBQSOIbPqUGjA4kkK9gc/bx5NdkgfqZShNs7ErZFQDNho3Q2u2XBGWBerov6pOTm
rzjE
+82vUYvIu+R9AgMBAAGjggF3MIIBczAJBgNVHRMEAjAAMAsGA1 UdDwQEAwIF4DAdBgNVHQ4E
FgQU
3tDPGV3C+DRtihXUKstMKGFp5zwwgZgGA1UdIwSBkDCBjYAU9a FqqHdPW7EEjKd+SPEOn8V2
jxuh
cqRwMG4xDzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkcm lkMQ4wDAYDVQQKEwVNSVR5
QzEb
MBkGA1UECxMSTUlUeUMgRE5JZSBQcnVlYmFzMRAwDgYDVQQDEw dSb290IENBMQswCQYDVQQG
EwJF
U4IBAzAJBgNVHREEAjAAMDYGA1UdEgQvMC2GK2h0dHA6Ly9taW 5pc3Rlci04amd4eTkubWl0
eWMu
YWdlL1BLSS9DQS5jcnQwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cD ovL21pbmlzdGVyLThqZ3h5
OS5t
aXR5Yy5hZ2UvUEtJL2NybC5jcmwwHQYDVR0lBBYwFAYIKwYBBQ UHAwIGCCsGAQUFBwMEMA0G
CSqG
SIb3DQEBBQUAA4GBAES/a/gimvoEe168IQbWORPJLh1tuTrjzB549XF0kpGDIuUzBqgeZq1H
jYjA
iPgErqxGdk2qVVfDjjiNS5J+S6j5MXTs7toij/qEtdZmQ9AUfYRNKsNVFkUUI9j1ies3wUEe
cfvt
wmAAN12LtrNeBRc4GfTOOAeupFufFDjmI4gB
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
uJRxVtM3TvuepDYf41qgagTbuf3HYsCsB+JD7Yn47nGlfWPRLK p1Spxc0vgsrr/oYlaqP3ea
QcR/
tzdIFe+rrxu99pRQFBI4hs+pQaMDiSQr2Bz9vHk12SB+plKE2z sStkVAM2GjdDa7ZcEZYF6u
i/qk
5OavOMT7za9Ri8i75H0=
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
<ds:Object Id="Signature-Object"><etsi:QualifyingProperties
Target="#Signature"><etsi:SignedProperties
Id="Signature-SignedProperties"><etsi:SignedSignatureProperties> <etsi:Si
gningTime>2007-12-11T19:21:28.229+01:00</etsi:SigningTime><etsi:SigningC
ertificate><etsi:Cert><etsi:CertDigest><ds:DigestM ethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds
:DigestValue>dDucu0BjFAIFCeiJpfVJOqAnsNk=</ds:DigestValue></etsi:CertDig
est><etsi:IssuerSerial><ds:X509IssuerName>CN=CA usuarios,OU=MITyC DNIe
Pruebas,O=MITyC,L=Madrid,ST=Madrid,C=ES</ds:X509IssuerName><ds:X509Seria
lNumber>58</ds:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:S
igningCertificate><etsi:SignaturePolicyIdentifier> <etsi:SignaturePolicyI
d><etsi:SigPolicyId><etsi:Identifier>http://www.facturae.es/politica de
firma formato facturae/politica de firma formato facturae
v3_0.pdf</etsi:Identifier><etsi:Description>Política de firma
electrónica para facturación electrónica con formato
Facturae</etsi:Description></etsi:SigPolicyId><etsi:SigPolicyHash><ds:Di
gestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds
:DigestValue>HQvPemjDslVpcNmaJPpbHzhdZ50=</ds:DigestValue></etsi:SigPoli
cyHash></etsi:SignaturePolicyId></etsi:SignaturePolicyIdentifier><etsi:S
ignerRole><etsi:ClaimedRoles><etsi:ClaimedRole>emi sor</etsi:ClaimedRole>
</etsi:ClaimedRoles></etsi:SignerRole></etsi:SignedSignatureProperties><
/etsi:SignedProperties></etsi:QualifyingProperties></ds:Object></ds:Sign
ature>

Any idea?

*** Sent via Developersdex http://www.developersdex.com ***

Aug 14 '08 #1

Subscribe Post Reply

1589

by: AIM | last post by:

Error in msvc in building inheritance.obj to build hello.pyd Hello, I am trying to build the boost 1.31.0 sample extension hello.cpp. I can not compile the file inheritance.cpp because the two...

Python

Error during deployment

by: Tony Wright | last post by:

Hi, I am having a problem installing an msi for a web site. The error message I am getting is: "The specified path 'http://mipdev05/features/Fas2' is unavailable. The Internet Information...

.NET Framework

ILINK32 Errors: Error: Unresolved external

by: Aravind | last post by:

we have two files: 1. rc4.c (defines one function "create_pin()") 2. MyImpl.c(calling the function "create_pin()"),This implements JNI method. 1.When I am trying to create .dll file with one...

C / C++

how to resolve "error lnk 2001"

by: yanwan | last post by:

I met this problem in executing a c++ project in visual studio. Does anyone have suggestions to resolve "error lnk 2001"? --------------------Configuration: reconstruction - Win32...

C / C++

Error Handler best practices

by: deko | last post by:

I use this convention frequently: Exit_Here: Exit Sub HandleErr: Select Case Err.Number Case 3163 Resume Next Case 3376 Resume Next

Microsoft Access / VBA

Error crystal websetup 9 install

by: p | last post by:

WE had a Crystal 8 WebApp using vs 2002 which we upgraded to VS2003. I also have Crystal 9 pro on my development machine. The web app runs fine on my dev machine but am having problems deploying....

ASP.NET

test for canonicalization issues

by: MattB | last post by:

I'm trying to implement this MS "best practice" to test for canonicalization issues in my web application. I went to http://support.microsoft.com/?kbid=887459 and pasted their code into my...

ASP.NET

canonicalization in Framework 2.0

by: Niclas | last post by:

In Framework 1.1 Microsoft recommended developers to add some code in the Application_BeginRequest event. http://support.microsoft.com/?kbid=887459 Does anyone knows if this is necessary in...

ASP.NET

Custom Error Messages in Access

by: hyperpau | last post by:

Before anything else, I am not a very technical expert when it comes to VBA coding. I learned most of what I know by the excellent Access/VBA forum from bytes.com (formerly thescripts.com). Ergo, I...

Visual Basic 4 / 5 / 6

Custom Error Messages

by: hyperpau | last post by:

Microsoft Access / VBA

Navigating the Data Structures and Algorithms (DSA)

by: BarryA | last post by:

What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...

Algorithms / Advanced Math

Is that possible of reading the .csv file in column wise and the column have different lengths ?

by: Sonnysonu | last post by:

This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...

C / C++

How to build RAID in BIOS?

by: Hystou | last post by:

There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

Computer Hardware

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...

Windows Server

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...

C / C++

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...

General

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...

Microsoft Access / VBA

XML Canonicalization error

Similar topics