[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
Trying to understand XML signatures
- From: Plot Lost <plot.lost@gmail.com>
- To: xml-dev@lists.xml.org
- Date: Sun, 31 Oct 2010 20:51:28 +0400
Hi, I'm trying to get a full understanding of XML signatures (for
verification, not creation), and to this end I want to actually
perform each of the individual verification steps myself rather than
using something like the xmlsec library.
Given an xml signature containing the following:
<SignedInfo><CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></CanonicalizationMethod><SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></SignatureMethod><Reference
URI="#m2048635"><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></DigestMethod><DigestValue>Akj7jUg3dwCrVDPiIJ4NszuqylI=</DigestValue></Reference></SignedInfo>
what is the correct method for calculating the actual signature
digest. Doing an sha1 digest over all of the above produces a value as
follows:
9cebc38973bc4b458e75fa91fd3ad4413599a4ab
however this is not the value that is expected - the actual value
expected according to the signature is
925bf883053f5a03819237ccbdf5cfdc5f7db5bd
(The source data is all in one line - no line breaks, no extra
whitespace etc, and passing it through c14n does not alter the data in
any way. I'm using xmlC14NDocDumpMemory from libxml2 to get that for
now)
What I'm trying to figure out is where am I going wrong. I though I
had figured out how this stuff works, but obvisouly not...
Am I trying to digest too much info, not enough info, or just the wrong info???
I know this is all very much a case of reinventing the wheel, but I
like to understand exactly what is going on and be able to reproduce
it myself just to prove that I really do get it. Just calling a few
'black box' functions in a library does not really give me what I feel
to be a full understanding of things.
In case it helps, a more readable version of the data is as follows
(this has been modified, so will not verify)
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";>
</CanonicalizationMethod>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";>
</SignatureMethod>
<Reference URI="#m2048786">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";>
</DigestMethod>
<DigestValue>3ksGRsnDgqy9yOdjb+aS9OGHrxk=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>MAxBhy7ikz6+dryysDqwzTj/JAnqFOwg9o8N8H0r9Ll/+OjBa+pe9DCiMQS9fE/b5gl465jIqwl8eOyXqpVDUfKiJDB/VYd82isBqoxe
xfXiKzNlFwVlbt5usLA2nTXymnjFrCUHnDprzX3FwP/csS5nmFNkXom43o1ZEHYPLlM=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>...</X509Certificate>
<X509Certificate>...</X509Certificate>
<X509Certificate>...</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
All the X509 certificates decode and verify ok, and I am able to
decrypt the data in signature value ok using the relevant public key.
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
