[xmlsec] Digital signature

Aleksey Sanin aleksey at aleksey.com
Wed Dec 12 08:21:56 PST 2012 

Please read FAQ

http://www.aleksey.com/xmlsec/faq.html

Aleksey

On 12/12/12 7:25 AM, Milan Tribuson wrote:
> Hi Aleksey,
> 
>  
> 
> we are trying to create a digital signature for xml invoice in Croatia
> and we can't make it work and we can't get the correct value.
> 
> I've tried using your sign3.py in original and with changes (adding
> refNode.addTransform(xmlsec.transformExclC14NId()) and referencing to
> URI which I can't get to work.
> 
> I can reference to id but URI doesn't work (refNode =
> signNode.addReference(xmlsec.transformSha1Id(), None, "#RacunZahtjev",
> None)), even when I add dsig_ctx.enabledReferenceUris =
> xmlsec.TransformUriTypeAny and
> dsig_ctx.keyInfoReadCtx.retrievalMethodCtx.enabledUris =
> xmlsec.TransformUriTypeAny, I always get an error:
> 
>  
> 
> func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2
> library function failed:expr=xpointer(id('RacunZahtjev'))
> 
> func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec
> library function failed:
> 
> func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec
> library function failed:
> 
> func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2395:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec
> library function failed:
> 
> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1226:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec
> library function failed:transform=xpointer
> 
> func=xmlSecTransformCtxExecute:file=transforms.c:line=1286:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
> library function failed:
> 
> func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec
> library function failed:
> 
> func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
> library function failed:node=Reference
> 
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
> library function failed:
> 
> func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
> library function failed:
> 
> Error: signature failed
> 
>  
> 
>  
> 
> My XML looks like:
> 
> <tns:RacunZahtjev Id="RacunZahtjev"
> xmlns:tns="http://www.apis-it.hr/fin/2012/types/f73"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> 
>                 <tns:Zaglavlje>
> 
>                               
> <tns:IdPoruke>4ddfcb83-df33-413b-974c-ab90bdb69022</tns:IdPoruke>
> 
>                               
> <tns:DatumVrijeme>12.12.2012T09:56:35</tns:DatumVrijeme>
> 
>                 </tns:Zaglavlje>
> 
>                 <tns:Racun>
> 
>                                <tns:Oib>68111664044</tns:Oib>
> 
>                                <tns:USustPdv>true</tns:USustPdv>
> 
>                               
> <tns:DatVrijeme>12.12.2012T09:56:35</tns:DatVrijeme>
> 
>                                <tns:OznSlijed>P</tns:OznSlijed>
> 
>                                <tns:BrRac>
> 
>                                               
> <tns:BrOznRac>37</tns:BrOznRac>
> 
>                                               
> <tns:OznPosPr>S1</tns:OznPosPr>
> 
>                                               
> <tns:OznNapUr>31</tns:OznNapUr>
> 
>                                </tns:BrRac>
> 
>                                <tns:Pdv>
> 
>                                                <tns:Porez>
> 
>                                                               
> <tns:Stopa>25.00</tns:Stopa>
> 
>                                                               
> <tns:Osnovica>0.64</tns:Osnovica>
> 
>                                                               
> <tns:Iznos>0.16</tns:Iznos>
> 
>                                                </tns:Porez>
> 
>                                </tns:Pdv>
> 
>                                <tns:Pnp/>
> 
>                                <tns:OstaliPor>
> 
>                                                <tns:Porez>
> 
>                                                               
> <tns:Naziv>PNV</tns:Naziv>
> 
>                                                               
> <tns:Stopa>10.00</tns:Stopa>
> 
>                                                               
> <tns:Osnovica>0.64</tns:Osnovica>
> 
>                                                               
> <tns:Iznos>0.06</tns:Iznos>
> 
>                                                </tns:Porez>
> 
>                                </tns:OstaliPor>
> 
>                                <tns:IznosUkupno>0.86</tns:IznosUkupno>
> 
>                                <tns:NacinPlac>G</tns:NacinPlac>
> 
>                                <tns:OibOper>66666666666</tns:OibOper>
> 
>                               
> <tns:ZastKod>57da4ce965fa09fe81070918b016422d</tns:ZastKod>
> 
>                                <tns:NakDost>false</tns:NakDost>
> 
>                 </tns:Racun>
> 
> </tns:RacunZahtjev>
> 
>  
> 
>  
> 
> Then I've tried using xmlsec1 but that doesn't work either. It
> calculates a wrong digital signature. I've tried with (like you've said
> in http://www.mail-archive.com/xmlsec@aleksey.com/msg05017.html):
> 
> xmlsec1 --sign --id-attr:Id
> http://www.apis-it.hr/fin/2012/types/f73:RacunZahtjev --output test.xml
> --pkcs12 fiskal1.pfx --pwd password  racun_nepotpisani2.xml
> 
>  
> 
> Please help me if you can, I can give you more details if you need them.
> 
>  
> 
> Thank you in advance!
> 
>                 Milan
> 
> 
> 
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 7793 (20121212) __________
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com

More information about the xmlsec mailing list