[xmlsec] Namespace problem

Szabó Áron aron at ik.bme.hu
Tue Jun 28 23:56:25 PDT 2005


Hi,

so, as it can be seen, in the Signature.xml there is no "xmlns" in
"SignedInfo" element, but during the creation it appears in the tag. If I
was the verifier application I would cut off the "SignedInfo" from
Signature.xml and after transformations I would make the SHA-1 hash which
should be calculated over "SignedInfo" without this "xmlns", but it wouldn't
match to the decrypted "SignatureValue" because of this "xmlns"... Thanks
for analyzing this problem!

Aron

---

SignedInfo before transforms:

<SignedInfo Id="SignedInfoId-9d2dbbbb-ab31-46b6-905c-de3901b94779"
xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/><Reference Id="ReferenceId-8c9cd97a-126e-45f3-8a48-8fd00afeb03b"
URI="#Document-053c99a0-3fd2-4c80-a496-305a4fceaa86"><Transforms><Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
/><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
/></Transforms><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/><DigestValue>kfAGey9JjpfoMRbqlVR5EceDBGw=</DigestValue></Reference><Refere
nce Id="X6a17047a-4260-480c-83d6-b70679d58e28"
URI="#SignedPropertiesId-b445d59d-a614-489d-8c48-16cb3766561d"
Type="http://uri.etsi.org/01903/v1.2.2#SignedProperties"><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/><DigestValue>RjzNKuPlSB19FaC3u5P2rPDGLY8=</DigestValue></Reference></Signe
dInfo>

SignedInfo after transforms:

<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"
Id="SignedInfoId-9d2dbbbb-ab31-46b6-905c-de3901b94779"><CanonicalizationMeth
od
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Canonicalizati
onMethod><SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Re
ference Id="ReferenceId-8c9cd97a-126e-45f3-8a48-8fd00afeb03b"
URI="#Document-053c99a0-3fd2-4c80-a496-305a4fceaa86"><Transforms><Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transfor
m><Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Transform></Tr
ansforms><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestVal
ue>kfAGey9JjpfoMRbqlVR5EceDBGw=</DigestValue></Reference><Reference
Id="X6a17047a-4260-480c-83d6-b70679d58e28"
Type="http://uri.etsi.org/01903/v1.2.2#SignedProperties"
URI="#SignedPropertiesId-b445d59d-a614-489d-8c48-16cb3766561d"><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestVal
ue>RjzNKuPlSB19FaC3u5P2rPDGLY8=</DigestValue></Reference></SignedInfo>

Signature.xml

<SignedDoc><DataFile Id="Document-053c99a0-3fd2-4c80-a496-305a4fceaa86"
FileName="test.txt" Size="4" MimeType="text/plain"
ContentType="EMBEDDED_BASE64" CreatedDate="2005-06-15T08:07:53"
LastWriteTime="2005-06-15T08:07:53" Comment="Created by Epszilon"
Original="">dGVzdA==</DataFile><Signature
Id="SignatureId-01f0876a-0954-4c09-9140-f57849706fb5"
xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo
Id="SignedInfoId-9d2dbbbb-ab31-46b6-905c-de3901b94779"><CanonicalizationMeth
od Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/><Reference Id="ReferenceId-8c9cd97a-126e-45f3-8a48-8fd00afeb03b"
URI="#Document-053c99a0-3fd2-4c80-a496-305a4fceaa86"><Transforms><Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
/><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
/></Transforms><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/><DigestValue>kfAGey9JjpfoMRbqlVR5EceDBGw=</DigestValue></Reference><Refere
nce Id="X6a17047a-4260-480c-83d6-b70679d58e28"
URI="#SignedPropertiesId-b445d59d-a614-489d-8c48-16cb3766561d"
Type="http://uri.etsi.org/01903/v1.2.2#SignedProperties"><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/><DigestValue>RjzNKuPlSB19FaC3u5P2rPDGLY8=</DigestValue></Reference></Signe
dInfo><SignatureValue
Id="SignatureValueId-e3fee550-a8f9-4bb0-ae12-3ced7a323e36">WKPeO0XU4Bogc1ei0
K/BFFXCWiJezsLhzI25m/uahDRY+B4xXd0mAggCebvbnH+XE3/dr/X3qvoyn8oBhthk+mTfhw3o+
s/maf/6pX8RlmhcfbFy0K5Ui1Dj8Q9TmjXMWUX+TiKI4MMiW47nwG+1Bq82hVEdZ69U6yogzZmTX
ms=</SignatureValue><KeyInfo
Id="KeyInfoId-6095e66c-51df-4e85-8703-4f2c4b7f3b5c"><X509Data
xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Certificate>MIIFRjCCBC6gAwIB
AgICBO4wDQYJKoZIhvcNAQEFBQAwgc4xCzAJBgNVBAYTAkhVMREwDwYDVQQHEwhCdWRhcGVzdDEd
MBsGA1UEChMUTUFWIElORk9STUFUSUtBIEtmdC4xGDAWBgNVBAsTD1BLSSBTZXJ2aWNlcyBCVTEg
MB4GA1UEAwwXVHJ1c3QmU2lnbiBUZXN0IENBIHYxLjAxHDAaBgNVBAkTE0tyaXN6dGluYSBrcnQu
IDM3L0ExDTALBgNVBBETBDEwMTIxJDAiBgkqhkiG9w0BCQEWFWljYUBtYXZpbmZvcm1hdGlrYS5o
dTAeFw0wNTA1MTAxODI0MDBaFw0wNTA4MTAxODI0MDBaMHUxCzAJBgNVBAYTAkhVMRMwEQYDVQQK
EwpTREEgU3R1ZGlvMRMwEQYDVQQLEwpTREEgU3R1ZGlvMRUwEwYDVQQDEwxTemVrZWx5IE1hcmsx
JTAjBgkqhkiG9w0BCQEWFnN6ZWtlbHkubWFya0BzZGFrZnQuaHUwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAI94XaGxCHgea3XwD1/CfyarDFAJ/MJEU3+wbVmGTRfl4QAJXs8V/rDO3m7/spRA
6SAVcr7CakIMIT2agCESBgsoALMKhK7+Jb3gHdJ/YlrcaKxBlCZe6yZnk1m4JVxVrs9jILF9ZAbZ
Z2qbRZ4wyEDxjgKY1+04AGULm//oMKFpAgMBAAGjggIIMIICBDAfBgNVHSMEGDAWgBR2a2030FBj
mWiTWyOZH5Gh1B2ncDAdBgNVHQ4EFgQUJ6iEd9IRziBcbC0zZbg+GqGuezowDgYDVR0PAQH/BAQD
AgO4ME8GA1UdJQRIMEYGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggr
BgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHMIIBAgYDVR0gBIH6MIH3MIH0BgkrBgEEAfQUAQEw
geYwJAYIKwYBBQUHAgEWGGh0dHA6Ly9jcHMudHJ1c3Qtc2lnbi1odTCBvQYIKwYBBQUHAgIwgbAa
ga1BIHRhbnVzaXR2YW55IGVydGVsbWV6ZXNlaGV6IGVzIGVsZm9nYWRhc2Fob3ogYSBTem9sZ2Fs
dGF0byBIU3pTei1lYmVuIGZvZ2xhbHRhayBzemVyaW50IGtlbGwgZWxqYXJuaSwgbWVseWVrIG1l
Z3RhbGFsaGF0b2sgYSBrb3ZldGtlem8gd2ViIG9sZGFsb246IGh0dHA6Ly93d3cudHJ1c3Qtc2ln
bi5odTAMBgNVHRMBAf8EAjAAME0GA1UdHwRGMEQwQqBAoD6GPGh0dHA6Ly90cnVzdC1zaWduLXRl
c3RjYS5tYXZpbmZvcm1hdGlrYS5odS9UZXN0Q0EvVGVzdENBLmNybDANBgkqhkiG9w0BAQUFAAOC
AQEARzWwSCp97sil9fdcyOZ5oVSTQjEbUn8JFlGBVY/kX7IIgJTl1tuh99J03CEYMR3VJ+H6omBQ
wsdlHUS5gTeZewTmJOVvYV0lKv/2GEKxfPkqafBj9r5gzrmdexw0qNRQ2mCyppXpksWevoHWAneL
XoJPeBU8hgYaxEikdJZ3T9JvL3lFRngeS8VczZjudUn7sNoXC+znCa5iCIdRLsWeyXRQWCo5cxeZ
pnJThrc9vaOE7XgTXyFgOhExQFY9T7QGxrjgeqFNOCvohlVDjlNLYeYTHenyWWHdWV2QI8k1P8lB
pvLf3EikqMUeZpeqg5qfkCPHu9wLIIRp1vH82Xt9zQ==</X509Certificate></X509Data><Ke
yValue
xmlns="http://www.w3.org/2000/09/xmldsig#"><RSAKeyValue><Modulus>j3hdobEIeB5
rdfAPX8J/JqsMUAn8wkRTf7BtWYZNF+XhAAlezxX+sM7ebv+ylEDpIBVyvsJqQgwhPZqAIRIGCyg
AswqErv4lveAd0n9iWtxorEGUJl7rJmeTWbglXFWuz2MgsX1kBtlnaptFnjDIQPGOApjX7TgAZQu
b/+gwoWk=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyIn
fo><Object Id="XadesObject"><QualifyingProperties
Id="QualifyingId-385f04e7-e264-4e80-86d3-72deed989185"
Target="#SignatureId-01f0876a-0954-4c09-9140-f57849706fb5"
xmlns="http://uri.etsi.org/01903/v1.2.2#"><SignedProperties
Id="SignedPropertiesId-b445d59d-a614-489d-8c48-16cb3766561d"><SignedSignatur
eProperties
Id="SignedSignaturePropertiesId-34d035b0-65e9-444e-bc69-8a2b2f74fa78"><Signi
ngTime>2005-06-17T11:06:48</SigningTime><SigningCertificate><Cert><CertDiges
t><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/><DigestValue>t23jJhVVxI08T6WZZLgS8GpWK3A=</DigestValue></CertDigest><Issue
rSerial><X509IssuerName
xmlns="http://www.w3.org/2000/09/xmldsig#">E=ica at mavinformatika.hu,
PostalCode=1012, STREET=Krisztina krt. 37/A, CN=Trust&amp;Sign Test CA v1.0,
OU=PKI Services BU, O=MAV INFORMATIKA Kft., L=Budapest,
C=HU</X509IssuerName><X509SerialNumber
xmlns="http://www.w3.org/2000/09/xmldsig#">1262</X509SerialNumber></IssuerSe
rial></Cert></SigningCertificate><SignaturePolicyIdentifier><SignaturePolicy
Implied
/></SignaturePolicyIdentifier></SignedSignatureProperties></SignedProperties
><UnsignedProperties
Id="UnsignedPropertiesId-60e11448-2925-46d9-9b3f-58bb638ab162"><UnsignedSign
atureProperties
Id="UnsignedSignaturePropertiesId-152fefbe-7ce4-4672-a697-4ee9ad8f4825"><Sig
natureTimeStamp
Id="XadesTTimeStampId-5dba2c16-ef6f-4c52-8f12-2d01c288f540"><Include
URI="#SignatureValueId-e3fee550-a8f9-4bb0-ae12-3ced7a323e36"
/><EncapsulatedTimeStamp
Id="SignatureTimeStampEncapsulatedId-ac0a7dcb-6aff-4521-8b4b-9c303f459332">M
IIFhgIBAzELMAkGBSsOAwIaBQAwdAYLKoZIhvcNAQkQAQSgZQRjMGECAQEGCyqGSIb3DQEJEAEEM
CEwCQYFKw4DAhoFAAQU2jmj7l5rSw0yVb/vlWAYkK/YBwkCAgu4GA8yMDA1MDYxNzA5MDcwN1owC
gICAlcCAQACAQABAf8GCCsGAQUFBwACoIIDVjCCA1IwggK7oAMCAQICCHOm09T7Zxh0MA0GCSqGS
Ib3DQEBBQUAMGExDzANBgNVBAMTBnN6bWFyazEMMAoGA1UECxMDU0RBMQwwCgYDVQQKEwNTREExC
zAJBgNVBAYTAkhVMSUwIwYJKoZIhvcNAQkBFhZzemVrZWx5Lm1hcmtAc2Rha2Z0Lmh1MB4XDTA0M
DUxOTEwMjQwMVoXDTA2MDUxOTEwMjQwMVowYTEPMA0GA1UEAxMGc3ptYXJrMQwwCgYDVQQLEwNTR
EExDDAKBgNVBAoTA1NEQTELMAkGA1UEBhMCSFUxJTAjBgkqhkiG9w0BCQEWFnN6ZWtlbHkubWFya
0BzZGFrZnQuaHUwgZ8wDQYJKoZIhvcNAQEBBQADgY4AMIGJAoGBALqf8cNC98/1CFWl5L6/0sBHM
FCEiUAk+dggC7FgiuLNxy6MCUz/GWBXdPaYfJz6OmzHjBwUF2/h/XzPYm7+WQB7tWgmqpkdSGu7P
op6oonpb0L4JPWNTqxrLwvq8XgQ7urcN9tQCUobxw51pvvFhYxaLt6JyY9anRI+AqtEWglVAgMBA
AGjggERMIIBDTAdBgNVHQ4EFgQU69ePf8xolAbEQywx8RttN2nNhc8wCwYDVR0PBAQDAwO4MDsGA
1UdJQQ0MDIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDC
DAPBgNVHRMECDAGAQH/AgEBMIGQBgNVHQEEgYgwgYWAFOvXj3/MaJQGxEMsMfEbbTdpzYXPoWMwY
TEPMA0GA1UEAxMGc3ptYXJrMQwwCgYDVQQLEwNTREExDDAKBgNVBAoTA1NEQTELMAkGA1UEBhMCS
FUxJTAjBgkqhkiG9w0BCQEWFnN6ZWtlbHkubWFya0BzZGFrZnQuaHWCCHOm09T7Zxh0MA0GCSqGS
Ib3DQEBBQUAA4GCAHg7PUxCdJSDXfa3uKcHY7jbeX22FizzcDt8LH99/cmjNdXXJhHrMY8IVYd2+
uQ10QVxXoZH8w7WiGgwproNSZqLIrY+2oQ7gb2PRdkW5Tba8EmkvLysoJZymiAXE6RmnXfpxtSXa
4FRwoGKiWRQDntpBWkZyHhweBfxbM+4fNh7MYIBojCCAZ4CAQEwbTBhMQswCQYDVQQGEwJIVTEMM
AoGA1UEChMDU0RBMQwwCgYDVQQLEwNTREExDzANBgNVBAMTBnN6bWFyazElMCMGCSqGSIb3DQEJA
RYWc3pla2VseS5tYXJrQHNkYWtmdC5odQIIdBhn+9TTpnMwCQYFKw4DAhoFAKCBjDAaBgkqhkiG9
w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTA1MDYxNzA5MDcwN1owIwYJKoZIh
vcNAQkEMRYEFECcG2kHPc1KoRqhNs2rBzEdD09bMCsGCyqGSIb3DQEJEAIMMRwwGjAYMBYEFAygP
25/pakxmY+p9KV4tov3jAnqMA0GCSqGSIb3DQEBAQUABIGAfalgGgrXFfP6M+MK3tpW534hrzzMb
AZxkTPdBD0sHxyokPuo/d3ZO5NGvMbHIlYfQRVtJVcE0neS5EAEfxANXnt/42rzYPkWvaUHRE9qX
GBjfL8Xd+YdKDP7Z8cCtE4vloO5fVZbznbPsx7nfs7dpMuQaGxjDbt96yEfz1yeIsM=</Encapsu
latedTimeStamp></SignatureTimeStamp></UnsignedSignatureProperties></Unsigned
Properties></QualifyingProperties></Object></Signature></SignedDoc>

---





More information about the xmlsec mailing list