EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Singing XML RSA at Delphi,verifying with .net classes

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#4794
Posted: 01/26/2008 12:39:47
by PBW (Basic support level)
Joined: 01/26/2008
Posts: 4

Hello
I got a couple of c# .net2 application using System.Security.Cryptography.Xml - signing and verifying XML with RSA keys.
On friday I tried to use SecureBlackBox(Delphi 7) to sign XML with RSA.
This delphi-signed xml looks a bit different and cannot be verified with SignedXML microsoft class. They RSA keys is being generated dynamically.
So,

the result of microsoft signing - the initial XML is contained in <Object> tag, which ID attribute is the same URI from <Reference> tag

When I write SecureBlackBox signature, I can see that it adds another <Object> tag without attributes around the proper <Object Id="referenceURIattr">

As a result, the document verification(by MS .net classes) result is FALSE. Any simple manipulations(removing second Object tag) do not help.

So, It looks I miss something, ot MS mises, or Eldos :)
#4795
Posted: 01/26/2008 13:19:51
by Dmytro Bogatskyy (EldoS Corp.)

Quote
This delphi-signed xml looks a bit different and cannot be verified with SignedXML microsoft class. They RSA keys is being generated dynamically.

To interchange RSA keys between SecureBlackbox and MS .Net use xml format.
To load and save RSA keys for SecureBlackbox use ElRSAKeyMaterial.LoadFromXML/SaveToXML methods.
For microsoft RSACryptoServiceProvider use ToXmlString/FromXmlString methods:
http://msdn2.microsoft.com/en-us/libr...tring.aspx

Quote
the result of microsoft signing - the initial XML is contained in <Object> tag, which ID attribute is the same URI from <Reference> tag

When I write SecureBlackBox signature, I can see that it adds another <Object> tag without attributes around the proper <Object Id="referenceURIattr">

As a result, the document verification(by MS .net classes) result is FALSE. Any simple manipulations(removing second Object tag) do not help.

Do you want to use "Enveloping" signature?
In this case reference created to element under Object element, it should have an id.

Please, check if you set "PreserveWhitespace" property to "true" before loading/saving signed XmlDocument in MS .Net
#4798
Posted: 01/27/2008 11:07:59
by PBW (Basic support level)
Joined: 01/26/2008
Posts: 4

Thank you for your prompt responce. I don't have access to delphi today, so I have downloaded SBB .net edition here and tried the same thing I tried with delphi at the office. This time it worked! - after signing XML with RSA enveloping singanture by your SBB components, I was able to verify it with microsoft SignedXML class. Thank you!

Probably the problem is really with whitespaces. I will check it with delphi tomorrow with more attention, and I think my company will buy your SBB for Delphi 7.
#4799
Posted: 01/27/2008 12:43:45
by Dmytro Bogatskyy (EldoS Corp.)

Quote
Probably the problem is really with whitespaces.

Probably. Whitespaces are important in canonicalization. Even a slight variation in white spaces will result in a different hash value. This applies to referenced elements and SignedInfo element.
You can comment the following lines in the sample:
Signer.OnFormatElement = ...
Signer.OnFormatText = ...
And if the original xml document din't had whitespaces between tags ><, then signed xml will not have them too, and verification with MS .Net should work with "PreserveWhitespace" set to "false".
#4823
Posted: 01/30/2008 09:33:55
by PBW (Basic support level)
Joined: 01/26/2008
Posts: 4

Quote
Bogatskyy wrote:
To load and save RSA keys for SecureBlackbox use ElRSAKeyMaterial.LoadFromXML/SaveToXML methods.

please point me with more details, I can't see such methods in ElRSAKeyMaterial interface.
#4825
Posted: 01/30/2008 10:29:51
by Eugene Mayevski (EldoS Corp.)

These methods were added into SBB 6.0 beta 3. They are not available in 5.2 release


Sincerely yours
Eugene Mayevski
Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.

Reply

Statistics

Topic viewed 3605 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!