is XML well signed with xades-bes signature -
i've got xml file should signed certificate enerated openssl.
<?xml version="1.0" encoding="utf-8"?><ds:signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" id="pemi-signature-id-1"><ds:signedinfo id="pemi-signedinfo-id-1"><ds:canonicalizationmethod algorithm="http://www.w3.org/tr/2001/rec-xml-c14n-20010315"></ds:canonicalizationmethod><ds:signaturemethod algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:signaturemethod><ds:reference id="pemi-reference-id-1" uri="#pemi-object-id-2"><ds:digestmethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:digestmethod><ds:digestvalue>rq307h+y/mfzlpfuzuchjxmhj/8=</ds:digestvalue></ds:reference><ds:reference id="pemi-reference-id-2" type="http://uri.etsi.org/01903#signedproperties" uri="#pemi-signedproperties-id-1"><ds:digestmethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:digestmethod><ds:digestvalue>lhsgsg21vkezqhkysxukhxo3npi=</ds:digestvalue></ds:reference></ds:signedinfo><ds:signaturevalue id="pemi-signaturevalue-id-1">fzvu6dz3zeuvj5yrdh8+x3c4qzkwq4t1d4zj7g4gabh4pifhjkdvpgufym37mnsja/lka6xokr2q r9k+p8lhfa==</ds:signaturevalue><ds:keyinfo id="pemi-keyinfo-id-1"><ds:x509data><ds:x509certificate>miicfdccaiagawibagijamoeglkffg3dma0gcsqgsib3dqebbauamf8xczajbgnvbaytalbmmrqw egydvqqiewttyxpvd2lly2tpzterma8ga1uebxmiv2fyc3phd2exedaobgnvbaotb1rfu1rpv0ex ftatbgnvbamtdephbiblb3dhbhnrataefw0xnta0mtqxndm4mjnafw0xoda0mtmxndm4mjnamf8x czajbgnvbaytalbmmrqwegydvqqiewttyxpvd2lly2tpzterma8ga1uebxmiv2fyc3phd2exedao bgnvbaotb1rfu1rpv0exftatbgnvbamtdephbiblb3dhbhnratbcma0gcsqgsib3dqebaquaa0sa megcqqc8a4puzmx+ni1xltip+owtz70jhnubrzs/+dwry0hpwxxft6c4vsob4rk3flazbszyg3i/ u9d4qok16yteo6hdagmbaagjgcqwgcewhqydvr0obbyefc4cmmnl8zt+fjcsooi7prpt+ee+migr bgnvhsmegykwgyaafc4cmmnl8zt+fjcsooi7prpt+ee+owokytbfmqswcqydvqqgewjqtdeumbig a1uecbmlbwf6b3dpzwnrawuxetapbgnvbactcfdhcnn6yxdhmrawdgydvqqkewdurvnut1dbmruw ewydvqqdewxkyw4gs293ywxza2mccqdkhhpzhxynwzambgnvhrmebtadaqh/ma0gcsqgsib3dqeb bauaa0earfizmsaqgpgrlh/xb2wr9bhasehtkorbze5xha9ad5l7sy14loh7gcvjlrpuu8chbxr9 xecvnvhhim1ymaszvq==</ds:x509certificate></ds:x509data></ds:keyinfo><ds:object id="pemi-object-id-1"><xades:qualifyingproperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" id="pemi-qualifyingproperties-id-1" target="#pemi-signature-id-1"><xades:signedproperties id="pemi-signedproperties-id-1"><xades:signedsignatureproperties id="pemi-signedsignatureproperties-id-1"><xades:signingtime>2015-04-14t14:45:56z</xades:signingtime><xades:signingcertificate><xades:cert><xades:certdigest><ds:digestmethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:digestmethod><ds:digestvalue></ds:digestvalue></xades:certdigest><xades:issuerserial><ds:x509issuername>c=pl, s=mazowieckie, l=warszawa, o=testowa, cn=jan kowalski</ds:x509issuername><ds:x509serialnumber>14564107215038713283</ds:x509serialnumber></xades:issuerserial></xades:cert></xades:signingcertificate></xades:signedsignatureproperties></xades:signedproperties></xades:qualifyingproperties></ds:object><ds:object id="pemi-object-id-2" mimetype="text/xml"><a> <b>some data</b> </a></ds:object></ds:signature>
whe try check if signed 1 software ok(http://www.pemi.org.pl/index.php/do-pobrania/31-aplikacja-protektor), , when try verify in other it's says signature not valid(http://sigillum.pl/pliki_do_pobrania.html). can verify signature? or maybe me how 100% certainty.
i tried validation using serenity (http://www.cryptolog.com/fr/produits/produits-serveurs/serenity-validation-de-signature-electronique). gives following report:
- the cryptographic value (the signature value) valid
- your signature has 2 references (two signed objects):
- 1) uri="#pemi-signedproperties-id-1" valid
- 2) uri="#pemi-object-id-2" is invalid.
for last reference, expected input hashing
<ds:object xmlns:ds="http://www.w3.org/2000/09/xmldsig#" id="pemi-object-id-2" mimetype="text/xml"><a> <b>some data</b> </a></ds:object>
Comments
Post a Comment