Hi,

I'm a bit stuck on XmlDSig, and I hope someone can help me out.
I'll start with a xml snippet of a signature:
<ds:Signature>
<ds:SignedInfo>
  <ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/>
<ds:Reference URI="">
<ds:Transforms>
  <ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
  </ds:Transforms>
  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
  <ds:DigestValue>TWn8c8ogPhXR5Lm2NizZK8ymIH8=</ds:DigestValue>
  </ds:Reference>
<ds:Reference URI="i_NL.IMRO.9999.AP20090000314-0003.pdf">
  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
  <ds:DigestValue>hkMmb3O13o6PMMioMQkGyQkT1OE=</ds:DigestValue>
  </ds:Reference>
</ds:SignedInfo>
  <ds:SignatureValue>... omitted for clarity ...</ds:SignatureValue>
- <ds:KeyInfo>
- <ds:X509Data>
  <ds:X509Certificate>... also omitted ...</ds:X509Certificate>
  </ds:X509Data>
  </ds:KeyInfo>
  </ds:Signature>

So here is my problem: a customer wants to sign xml that is to be validated
by a third party. There the problem starts, first of all the OpenSSL,
BouncyCastle and .NET implementations all result in a different SHA-1 hash
and therefore signature.

The problem is related to the first reference in the SignedInfo with
reference uri="".
Here is what I see the .NET code do:
- Take reference URI="" (whole document)
- Transform it with Enveloped Signature
- Calculate the hash over this transformed xml (not canonical??)
- Put the reference in the list
- Canonicalize the SignedInfo with Exclusive C14n
- Hash it (SHA-1)
- Encrypt this with the private key
- put in the different parts etc.

This verifies without a problem in the .NET 'world'. But not in the
BouncyCastle 'world' or the OpenSSL 'world'. In fact neither of them offer
interopability between each other as far as I can tell. At least not with the
input xml I have.

So I have a question about how I should treat Reference Uri="".
Here is what I suspect needs to be done:
- Apply the Enveloped Signature transform to the document (basically removes
any Signature objects, but does not re-order or process whitespace etc?)
- Then my question: should I apply the exc-C14n canonicalization now on the
result of the transform?
- Should I then calculate the hash over this canonical data?

I'm a bit disappointed in the different implementions of XMLDSIG that exist.
Either the W3C is not clear enough or nobody implemented what thay recommend.

Anyhow I'm in trouble.

Regards,

Tom

There are certain transforms that should be done on the input document
before it can be signed. Only after applying those transforms the document
will be validated correctly.

I can't comment on other libraries, but our customers successfully implement
digital signing as defined in XMLDSig and XAdES. See
http://www.eldos.com/sbb/net-xml.php

Hi Eugene,

Thank you for your reply.
I looked to this software in the past, but it didn't suit our needs
completely.
We have kind of a special setup where the private keys are stored in a HSM
(FIPS certified) and therefore we need to be able to interact with the
signing process at the moment the hash has to be signed.
This cannot be done in the .NET library (there is no CSP for this device) so
we need to call our own code to encrypt the hash with the private key stored
in the HSM.

So we need to either write our own code (using .NET etc) to take control of
the whole xml signing process. Or we need to have a library that allows us to
jump in at the moment the actual private key is used.

Kind regards,

Tom

Show quoteHide quote

SecureBlackbox has this functionality for years.

Eugene,

I know that you want to promote the product of your firm, but it does not
have what I need.
It does support CryptoCards etc, but only if the have a PKCS#11 or CryptoApi
(CSP) interface. Our HSM has none of these (to bad), but uses a proprietry
protocol.



Show quoteHide quote

This is not a problem either. You just need to write a small module which
will interface with your HSM. This is not hard at all. I.e. if you want to
have your task done, it IS possible with SecureBlackbox.

That is good news,

Is the SecureBlackbox compatible with other signing libs like BouncyCastle,
OpenSSL, .NET etc?
Because we have to interface with a third party who validates the signed xml
we need to be sure it will validate.

I know in utopia they all should work together but in reality they don't.



Show quoteHide quote

We didn't get complaints from our customers about compatibility issues, and
we do have a number of customers using XMLBlackbox for signing XMLs for
government infrastructure (where even handmade XML validators are often
used). Also, none of the libraries you mentioned actually implement XMLDSig
completely. Unlike SecureBlackbox they offer building blocks which you use
to create XML signing/validating code, and it's easy to make a mistake. In
other words, if some code is written using one of the above libraries and
something doesn't work, this might be not because the library is not
compliant, but because the building blocks were used not correctly (or not
completely). For example, XML canonicalization is a must in XMLDSig, and
it's user's job to do it (the above libraries don't do it).

Can't import x.509: Cannot find the requested object
SslStream and AES 128 cipher
'Global\.net clr networking' is denied - via IPAddress.TryParse
How to decipher data in .NET using "RSA/ECB/PKCS1Padding"?
Possible spyware problem
Question about TCP/IP and SSL with sslstream
Request for the permission of type
CAS Evidence collection on Vista 64 :-(
help i have a weird virus thing
Setting full trust on a server directory for Visual Studio 2005