Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Trying to understand XML signatures
 Hi, I'm trying to get a full understanding of XML signatures (for verification, not creation), and to this end I want to actually perform each of the individual verification steps myself rather than using something like the xmlsec library. Given an xml signature containing the following: <SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference URI="#m2048635"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>Akj7jUg3dwCrVDPiIJ4NszuqylI=</DigestValue></Reference></SignedInfo> what is the correct method for calculating the actual signature digest. Doing an sha1 digest over all of the above produces a value as follows: 9cebc38973bc4b458e75fa91fd3ad4413599a4ab however this is not the value that is expected - the actual value expected according to the signature is 925bf883053f5a03819237ccbdf5cfdc5f7db5bd (The source data is all in one line - no line breaks, no extra whitespace etc, and passing it through c14n does not alter the data in any way. I'm using xmlC14NDocDumpMemory from libxml2 to get that for now) What I'm trying to figure out is where am I going wrong. I though I had figured out how this stuff works, but obvisouly not... Am I trying to digest too much info, not enough info, or just the wrong info??? I know this is all very much a case of reinventing the wheel, but I like to understand exactly what is going on and be able to reproduce it myself just to prove that I really do get it. Just calling a few 'black box' functions in a library does not really give me what I feel to be a full understanding of things. In case it helps, a more readable version of the data is as follows (this has been modified, so will not verify) <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"> </CanonicalizationMethod> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"> </SignatureMethod> <Reference URI="#m2048786"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"> </DigestMethod> <DigestValue>3ksGRsnDgqy9yOdjb+aS9OGHrxk=</DigestValue> </Reference> </SignedInfo> <SignatureValue>MAxBhy7ikz6+dryysDqwzTj/JAnqFOwg9o8N8H0r9Ll/+OjBa+pe9DCiMQS9fE/b5gl465jIqwl8eOyXqpVDUfKiJDB/VYd82isBqoxe xfXiKzNlFwVlbt5usLA2nTXymnjFrCUHnDprzX3FwP/csS5nmFNkXom43o1ZEHYPLlM=</SignatureValue> <KeyInfo> <X509Data> <X509Certificate>...</X509Certificate> <X509Certificate>...</X509Certificate> <X509Certificate>...</X509Certificate> </X509Data> </KeyInfo> </Signature> All the X509 certificates decode and verify ok, and I am able to decrypt the data in signature value ok using the relevant public key.  [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
