EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Signature bug?

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#1925
Posted: 12/20/2006 07:53:55
by Stanko Milošev (Standard support level)
Joined: 10/08/2006
Posts: 37

Hello,

first, let me thank you for this great components, but, it seems that there is a bug.

I made a signature using demo which I downloaded from Eldos, and then I tried to verify it with:

http://www.setcce.si/eng/index45c.php

http://www.aleksey.com/xmlsec/

and one other company and non of them could not verify signature. With xmlsec I don't have problems, every software can verify xmlsec signature.

Since SecureBlackBox is easier to use, and exe file is cleaner, we would like to use SecureBlackBox, but because this possible bug, we can't continue.

I am working from Trinet d.o.o. company from Slovenia, http://www.trinet.si/, they bought from you SecureBlackBox few month ago.

Version 4.0.94, VCL edition, Delphi 7 development enviroment.

Thank you in advance,
Stanko.
#1927
Posted: 12/20/2006 08:58:00
by Ken Ivanov (EldoS Corp.)

Would you be so kind to clarify, how exactly the 'invalid' signature was created (i.e., which sample application was used and what settings were applied)? It would be excellent if you post the signed file to the topic so that we could investigate it in our conditions. Please use the sample EldoS certificate (included to the distribution) for signing.

Thank you in advance.
#1929
Posted: 12/20/2006 09:25:24
by Stanko Milošev (Standard support level)
Joined: 10/08/2006
Posts: 37

Thank you Innokentiy for your quick reply,

I was using sample application which I downloaded from EldoS (SimpleSigner.exe).

Settings:

Signature type: Enveloped
Canonicalization method: Canonical
Signature method type: Signature method
Signature method: RSA SHA1
Key: cert.pem

I am sending you following files:
cert.pem - EldoS key
eul00059.xml - XML document from which I started
eul00059-sbb-new.xml - XML document signed with SecureBlackBox
eul00059-s.xml - XML document signed with XML Security library (from www.aleksey.com)

Thank you once again.
Stanko.


[ Download ]
#1930
Posted: 12/20/2006 09:37:46
by Ken Ivanov (EldoS Corp.)

Thank you very much. We will start investigating the problem right now.
#1931
Posted: 12/20/2006 16:22:11
by Dmytro Bogatskyy (EldoS Corp.)

By default, SBB SimpleSigner sample, place an enveloped signature under the selected node and also create a reference with URI pointing to this node (not to root node), as "Signatures" doesn't have an id then a SimpleSigner place to URI the name of node, which incorrect and not resolved by online verifier, I'll fix this. Anyway, for you sample a reference should be modified to point not to a selected node, so you need press a "Reference" button while signing and then modify an URI and URINode fields.

P.S. The online verifier http://www.aleksey.com/xmlsec/ doesn't work well with line feeds others then LF (0A).
In the attached file your sample xml signed with SBB SimpleSigner sample which will pass online verification (all line feeds replaced from 0d0a to 0a before signing).


[ Download ]
#1934
Posted: 12/21/2006 01:24:40
by Stanko Milošev (Standard support level)
Joined: 10/08/2006
Posts: 37

Hello Bogatskyy,

thank you for your help. XML document which you attached work perfectly, but I can't repeat signature. I need more information, in SBB SimpleSigner sample, when I click reference button, then I click info, what I need to write in ID field, what to choose for digest method, what to write in URI field?

Stanko.
#1935
Posted: 12/21/2006 08:42:51
by Stanko Milošev (Standard support level)
Joined: 10/08/2006
Posts: 37

Hello again,

I found that I need to put one white space in URI reference, now I almost get the same XML which Bogatskyy sent, but still DigestValue and SignatureValue are different, and still I can't my XML document to verify with http://www.setcce.si/eng/index45c.php, while XML document which Bogatskyy sent is ok.

Please, what more do I need to do?
#1936
Posted: 12/21/2006 14:39:28
by Dmytro Bogatskyy (EldoS Corp.)

Quote
I found that I need to put one white space in URI reference

Yes, it is correct.

For "URI Node" you need to enter "xpath expression" pointing to root node, in your case "/Message"
For digest method use SHA1.
#1939
Posted: 12/22/2006 01:33:08
by Stanko Milošev (Standard support level)
Joined: 10/08/2006
Posts: 37

Quote
For "URI Node" you need to enter "xpath expression" pointing to root node, in your case "/Message"


I don't understand this. In my code, I have something like: _references.URINode := _SigNode, what do I need more to do? Can you please give me an example?
#1940
Posted: 12/22/2006 10:00:32
by Dmytro Bogatskyy (EldoS Corp.)

Quote
I don't understand this. In my code, I have something like: _references.URINode := _SigNode, what do I need more to do? Can you please give me an example?

That's right.

To set URINode in SimpleSigner sample you need to enter xpath expression that point's to a node, there is no selector user interface for it.

Code
// select root element (first could be a text/comments node and etc.)
Node := Document.FirstChild;
while Assigned(Node) and not (Node is TElXMLDOMElement) do
  Node := Node.NextSibling;

Ref.URINode := Node;
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 3737 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!