<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class="">Hi, unfortunately I’m a newbie in signature and cryptograhical staff. Im not sure about the used signature algorithm..</div><div class=""><br class=""></div><div class="">At first I read the documenation of xmlsec and created a xml file to sign:</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><?xml version="1.0" encoding="UTF-8"?></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><Request xmlns="<a href="http://uvbus.dguv.de/datatypes/v1" class="">http://uvbus.dguv.de/datatypes/v1</a>"></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <SenderID><a href="http://kuvb.de" class="">kuvb.de</a></SenderID></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <TimeStamp>2019-02-02T13:49:14.005120+01:00</TimeStamp></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <Procedure><a href="http://www.x-uv.de/fachverfahren/ozgua/v1</Procedure>" class="">http://www.x-uv.de/fachverfahren/ozgua/v1</Procedure></a></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <Signature xmlns="<a href="http://www.w3.org/2000/09/xmldsig" class="">http://www.w3.org/2000/09/xmldsig</a>#"></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <SignedInfo></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <CanonicalizationMethod Algorithm="<a href="http://www.w3.org/2001/10/xml-exc-c14n" class="">http://www.w3.org/2001/10/xml-exc-c14n</a>#"/></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <SignatureMethod Algorithm="<a href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512" class="">http://www.w3.org/2001/04/xmldsig-more#rsa-sha512</a>"/></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <Reference></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <Transforms></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <Transform Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" class="">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>"/></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <Transform Algorithm="<a href="http://www.w3.org/2001/10/xml-exc-c14n" class="">http://www.w3.org/2001/10/xml-exc-c14n</a>#"/></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> </Transforms></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <DigestMethod Algorithm="<a href="http://www.w3.org/2001/04/xmlenc#sha512" class="">http://www.w3.org/2001/04/xmlenc#sha512</a>"/></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <DigestValue /></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> </Reference></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> </SignedInfo></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <SignatureValue /></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <KeyInfo></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <X509Data /></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> </KeyInfo></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> </Signature></span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""></Request></span></div></div><div class=""><br class=""></div><div class="">After this I signed the file with the following command:</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">xmlsec1 --sign --privkey-pem kuvbkey.pem,kuvbcert.pem,subca01.pem,interca01.pem,cnuvroot.pem --output uvsigned.xml mytosign.xml</span></div></div><div class=""><br class=""></div><div class="">… and after this I verified the file successfully with the following command:</div><div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">xmlsec1 --verify --trusted-pem cnuvroot.pem uvsigned.xml</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">OK</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">SignedInfo References (ok/all): 1/1</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Manifests References (ok/all): 0/0</span></div></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div class=""><br class=""></div><div class="">Now my Question: If I send the file in payload of an Webservice-Call I get an error from Server-side that the server isn’t able to verify my signature. All hints I got was:</div><div class=""><br class=""></div><div class="">Are you sure, that you use the correct Algorithm for sign the XML?? - no I’m not! Therfore my Questions:</div><div class=""><br class=""></div><div class="">How can I check which SignatureAlgorithm or DigestMethod was used to sign my XML-File?</div><div class=""><br class=""></div><div class="">All Example Files I found had SHA1 as SignatureAlgorithm...</div><ul class=""><li class="">What I have to do if I want to use explizit another SignatureAlgorithm then sha1. In my case I have to use rsa-sha512?</li><li class="">...and what I have to do if I want to use another DigestMethod - in my case sha512?</li></ul><div class="">I cannot believe that it is enough to set other URL’s in the XML-Template..?? Or its determined through the Key-File that I use to sign the XML??</div><div class=""><br class=""></div><div class="">Thanks for any Hint</div><div class=""><br class=""></div></body></html>