EldoS | Feel safer!

Software components for data protection, secure storage and transfer

XML Signer different Signature value

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#36435
Posted: 04/11/2016 07:18:31
by Martin ANDRES (Standard support level)
Joined: 09/25/2014
Posts: 18

Hi,
I have the SecureBlackBox VCL edition and I would like to sign XML documents. Doing somes tests I'm getting a different value of Signature Value if I sign a XML document with the Blackbox Advance XML Signer VCL demo application and an application called XML Signer (you can download it from http://www.signfiles.com/xml-signer/). I'm using the same Signature algorithm SHA1, the same Digital Certificate and I'm doing it in the same computer.
I've compared the two resulting signed XML documents and I' ve checked that <DigestValue>, <Modulus>, <Exponent> and <X509Certificate> have the same values in both documents. Only the <SignatureValue> value is different.
Why the Advance XML Signer demo generates a different Signature value than the XML Signer application?. I need that the signed XML have the same values despite which application I'm using because this document will be verified by another party.

I attach a txt file with the two signed XML documents (one with the demo and the other with the XML Signer application) where you can check what it is generated with both applications.

Why this is happening. I'm missing some configuration?

I really appreciate any help.

Regards,
Martin


[ Download ]
#36436
Posted: 04/11/2016 07:21:54
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Quote
Only the <SignatureValue> value is different.

Random padding is used internaly in signing process. That's why signatures calculated for the same data are different.
#36437
Posted: 04/11/2016 07:25:34
by Martin ANDRES (Standard support level)
Joined: 09/25/2014
Posts: 18

Thanks Vsevolod for you're answer.
So what can I do to get the same signature?. I need to have the same values because the verification of the signature will fail.

Regards,
Martin
#36438
Posted: 04/11/2016 07:30:20
by Walter Schrabmair (Priority Standard support level)
Joined: 05/03/2013
Posts: 150

see http://crypto.stackexchange.com/questions/12249/how-is-an-aes-encrypted-message-decrypted-with-random-padding
#36439
Posted: 04/11/2016 07:37:19
by Martin ANDRES (Standard support level)
Joined: 09/25/2014
Posts: 18

So you're saying that I need to know which padding XML Signer is using in order to exchange signed XML documents with successful sign verification?

How can I set the padding in Blackbox XML Signer?.

Thanks and regards,
Martin
#36440
Posted: 04/11/2016 07:51:04
by Eugene Mayevski (EldoS Corp.)

You don't need to care about padding. Validators don't compare binary values in a straightforward way. Instead they re-calculate the hash and take care about padding themselves. If the validator doesn't accept some document, this is not due to padding.


Sincerely yours
Eugene Mayevski
#36441
Posted: 04/11/2016 07:58:19
by Martin ANDRES (Standard support level)
Joined: 09/25/2014
Posts: 18

Sorry Eugene but I'm a little confused. You're saying that the problem is not the padding, so why am I getting a different signature value?. I sent the signed document using Blackbox XML signer to be validated by a C# service and I've also get a signature verification failure.

What can I do to get the same signature value?

Thanks again for all your help.

Regards,
Martin
#36442
Posted: 04/11/2016 08:03:48
by Eugene Mayevski (EldoS Corp.)

Once again - you don't need the same signature value. Proper validator should not care about the signature value. The problem is in something else - for example, formatting does matter. AdvancedSigner formats the document, and this can be the reason. Try to compare the documents yourself and find other differences besides the signature value.

If you still think that it's the signature value that is the reason, then you can try to do the following: take the signature value from the accepted document and copy it to the non-acceptable document, then try to validate the latter.


Sincerely yours
Eugene Mayevski
#36443
Posted: 04/11/2016 08:36:35
by Martin ANDRES (Standard support level)
Joined: 09/25/2014
Posts: 18

Thanks Eugene .
How can avoid AdvencedSigner to not format the document?. What should I modified in the demo to remove the formatting and check if the formatting is the problem? I have the Delphi VCL component.

Thanks and regards,
Martin
#36444
Posted: 04/11/2016 09:01:05
by Martin ANDRES (Standard support level)
Joined: 09/25/2014
Posts: 18

I have found the problem!!!.
The XML Signer validator application doesn't work with the namespaces in the signature.
I have removed the ds namespace from the tags like <ds:Signature> and then the validation worked ok.
So I think that the problem is with the validator and not with the generation of the signature.

Thanks to all for your help!!!.

Regards,
Martin
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 3278 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!