EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Distributed Cryptography Generates incalid XML Siganture

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#29353
Posted: 04/30/2014 10:05:38
by Gabriele Cannata (Standard support level)
Joined: 04/30/2014
Posts: 10

Hi, we just ordered SBB because we need to sign some XML files (XADES). No issues with desktop applications. With Distributed Cryptography, though, the final XML generated has the following structure:

Code
<ds:Signature>
   <ds:SignedInfo>..</ds:SignedInfo>
   <ds:SignatureValue>..</ds:SignatureValue>
   <ds:Object>...</ds:Object>
   <ds:KeyInfo>...</ds:KeyInfo>
</ds:Signature>


which is the wrong order (cfr: http://www.w3.org/TR/xmldsig-core/#sec-Signature)

Code
<element name="Signature" type="ds:SignatureType"/>
   <complexType name="SignatureType">
     <sequence>
       <element ref="ds:SignedInfo"/>
       <element ref="ds:SignatureValue"/>
       <element ref="ds:KeyInfo" minOccurs="0"/>
       <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
     </sequence>  
     <attribute name="Id" type="ID" use="optional"/>
   </complexType>


Also all security software we tried (except SBB samples) won't validate the documents thus signed with the "KeyInfo not found" error.

Any idea on how to generate a valid sequence also with DC?

Thank you very much for any help.
#29354
Posted: 04/30/2014 15:37:44
by Dmytro Bogatskyy (EldoS Corp.)

Hello,

Quote

Code
<ds:Signature>
   <ds:SignedInfo>..</ds:SignedInfo>
   <ds:SignatureValue>..</ds:SignatureValue>
   <ds:Object>...</ds:Object>
   <ds:KeyInfo>...</ds:KeyInfo>
</ds:Signature>

which is the wrong order

Yes, the KeyInfo element, in general, should be before an Object element. At the moment, with distributed cryptography, when CompleteAsyncSign method is called the signing certificate from a response is inserted as the last child of a Signature element. I'll change the order of KeyInfo element for the next build.
If you set a KeyData on a first stage (with a public certificate), then a KeyInfo element will be added after SignatureValue element. Also, it is possible to move (copy and remove) KeyInfo element after signing (this will not break a signature).
Thank you for pointing this out.
#29376
Posted: 05/06/2014 04:44:48
by Gabriele Cannata (Standard support level)
Joined: 04/30/2014
Posts: 10

Thank you very much for your quick response.

Reply

Statistics

Topic viewed 425 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!