EldoS | Feel safer!

Software components for data protection, secure storage and transfer

XML Sig and Encoding problem

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#899
Posted: 08/01/2006 02:10:51
by Haris Zujo (Standard support level)
Joined: 05/12/2006
Posts: 33

Hi Eldos,

How to sign XML document that has different XML encodings?

I think that XML BlackBox always thinks that document is UTF-8 document and ignores the encoding specified in XML document. My problem is when I try to verify the signature the signature is not OK for all other encodings except for UTF-8.

regards Haris
#900
Posted: 08/01/2006 02:20:21
by Eugene Mayevski (EldoS Corp.)

Quote
Haris Zujo wrote:
How to sign XML document that has different XML encodings?


What do you mean by "different"? Do they differ in various nodes of the single document?


Sincerely yours
Eugene Mayevski
#901
Posted: 08/01/2006 02:21:34
by Eugene Mayevski (EldoS Corp.)

Also, does the problem happen with test applications, shipped with SecureBlackbox?


Sincerely yours
Eugene Mayevski
#902
Posted: 08/01/2006 02:40:21
by Eugene Mayevski (EldoS Corp.)

I have just reviewed the specification and XMLDSig requires that the data is in UTF-8. If it's not, conversion must take place. XMLBlackbox doesn't do this conversion by default. We might need to add charset conversion transform, but I need to discuss this with the developers. Meanwhile it's your duty to perform such conversion before signing.

With encryption the situation is similar - everything is in UTF-8.


Sincerely yours
Eugene Mayevski
#903
Posted: 08/01/2006 03:43:52
by Haris Zujo (Standard support level)
Joined: 05/12/2006
Posts: 33

Thak you for now. I will convert the documents to UTF-8.

Quote
I have just reviewed the specification and XMLDSig requires that the data is in UTF-8


Can you tell me where in the specification is this?
#906
Posted: 08/01/2006 08:58:05
by Eugene Mayevski (EldoS Corp.)

XMLDSig - http://www.w3.org/TR/xmldsig-core/
XMLEnc - http://www.w3.org/TR/xmlenc-core/

You can do conversion using XMLBlackbox itself, it's not a problem. And maybe in SecureBlackbox 5 conversion will be done implicitly. We have to investigate the question deeper.


Sincerely yours
Eugene Mayevski
#907
Posted: 08/01/2006 09:02:36
by Dmytro Bogatskyy (EldoS Corp.)

Quote
I think that XML BlackBox always thinks that document is UTF-8 document and ignores the encoding specified in XML document. My problem is when I try to verify the signature the signature is not OK for all other encodings except for UTF-8.

XMLBlackbox when loads data convert it to UTF-16 (WideString). At signing process if some data needed to be converted to octets then it converted to UTF-8 according to the specs.
The test application save XML document at UTF-8 by default. You can use (TElXMLDocument).SaveToStream method to save with other encodings.

Quote
Can you tell me where in the specification is this?

http://www.w3.org/TR/xmldsig-core/
#929
Posted: 08/02/2006 05:09:21
by Dmytro Bogatskyy (EldoS Corp.)

By the way, where did you verified your signature?
Can you drop sample that produced incorrect result.
#13007
Posted: 04/15/2010 03:22:13
by Mitja Bog (Basic support level)
Joined: 03/30/2010
Posts: 5

I've tried to save my XMLDoc: TElXMLDOMDocument to stream, so that the encoding will be changed form UTF-16 to UTF-8. (Signing sets my xml from UTF-8 to UTF-16)

Quote

var
sStream : TStringStream;
begin
sStream := TStringStream.Create('');

XMLDoc.SaveToStream(sStream, xcmCanon, ElXMLUTF8Codec );


And the answer is

Quote


[Pascal Error] UfrmSignXML.pas(250): E2250 There is no overloaded version of 'SaveToStream' that can be called with these arguments



Why?
I've read the specification, but I just don't understand where is the problem.

I've searched for samples, but just didn't find any.

Help please! (Sample)
#13009
Posted: 04/15/2010 03:58:38
by Dmytro Bogatskyy (EldoS Corp.)

Quote
I've tried to save my XMLDoc: TElXMLDOMDocument to stream, so that the encoding will be changed form UTF-16 to UTF-8. (Signing sets my xml from UTF-8 to UTF-16)
I've read the specification, but I just don't understand where is the problem.

The function expect instance of class not a class itself.
For example:
Code
      var Codec : TElXMLCodec;

      Codec := TElXMLUTF8Codec.Create;
      try
        Codec.WriteBOM := True;
        XMLDoc.SaveToStream(sStream, xcmCanon, Codec);
      finally
        FreeAndNil(Codec);
      end;

The simpler way is to pass encoding name:
Code
XMLDoc.SaveToStream(sStream, xcmCanon, 'utf-8');
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 6110 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!