invalid Hash on canonicalized XML

Josep Ribas

Aug 14 2008 10:15 AM

6.6k

Hello,

I need to canonize a XML Element of a digital signature element to calculate its hash value.
For example:

The correct digest of canonized <ds:KeyInfo> is: njihA04aMjUOyc0gnw6mfxjsfv8=
And my calculated digest is: FjnfpyzHGL+oyx4hWCxx/VhU9qk=

I think the problem is in the canonization of <ds:KeyInfo>.

Canonized <ds:KeyInfo element>:
<ds:KeyInfo Id="Certificate1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>
MIID4DCCA0mgAwIBAgIBOjANBgkqhkiG9w0BAQUFADByMQswCQYDVQQGEwJFUzEPMA0GA1UECBMG
TWFkcmlkMQ8wDQYDVQQHEwZNYWRyaWQxDjAMBgNVBAoTBU1JVHlDMRswGQYDVQQLExJNSVR5QyBE
TkllIFBydWViYXMxFDASBgNVBAMTC0NBIHVzdWFyaW9zMB4XDTA3MTIxMTE2NDYyNVoXDTA4MTIx
MDE2NDYyNVowfzELMAkGA1UEBhMCRVMxDzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkcmlk
MQ4wDAYDVQQKEwVNSVR5QzEbMBkGA1UECxMSTUlUeUMgRE5JZSBQcnVlYmFzMSEwHwYDVQQDExhV
c3VhcmlvIGVqZW1wbG8gRmFjdHVyYUUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALiUcVbT
N077nqQ2H+NaoGoE27n9x2LArAfiQ+2J+O5xpX1j0SyqdUqcXNL4LK6/6GJWqj93mkHEf7c3SBXv
q68bvfaUUBQSOIbPqUGjA4kkK9gc/bx5NdkgfqZShNs7ErZFQDNho3Q2u2XBGWBerov6pOTmrzjE
+82vUYvIu+R9AgMBAAGjggF3MIIBczAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQU
3tDPGV3C+DRtihXUKstMKGFp5zwwgZgGA1UdIwSBkDCBjYAU9aFqqHdPW7EEjKd+SPEOn8V2jxuh
cqRwMG4xDzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkcmlkMQ4wDAYDVQQKEwVNSVR5QzEb
MBkGA1UECxMSTUlUeUMgRE5JZSBQcnVlYmFzMRAwDgYDVQQDEwdSb290IENBMQswCQYDVQQGEwJF
U4IBAzAJBgNVHREEAjAAMDYGA1UdEgQvMC2GK2h0dHA6Ly9taW5pc3Rlci04amd4eTkubWl0eWMu
YWdlL1BLSS9DQS5jcnQwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL21pbmlzdGVyLThqZ3h5OS5t
aXR5Yy5hZ2UvUEtJL2NybC5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqG
SIb3DQEBBQUAA4GBAES/a/gimvoEe168IQbWORPJLh1tuTrjzB549XF0kpGDIuUzBqgeZq1HjYjA
iPgErqxGdk2qVVfDjjiNS5J+S6j5MXTs7toij/qEtdZmQ9AUfYRNKsNVFkUUI9j1ies3wUEecfvt
wmAAN12LtrNeBRc4GfTOOAeupFufFDjmI4gB
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
uJRxVtM3TvuepDYf41qgagTbuf3HYsCsB+JD7Yn47nGlfWPRLKp1Spxc0vgsrr/oYlaqP3eaQcR/
tzdIFe+rrxu99pRQFBI4hs+pQaMDiSQr2Bz9vHk12SB+plKE2zsStkVAM2GjdDa7ZcEZYF6ui/qk
5OavOMT7za9Ri8i75H0=
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>

FULL Signature element:

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:etsi="http://uri.etsi.org/01903/v1.2.2#" Id="Signature">
<ds:SignedInfo Id="Signature-SignedInfo">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference Id="SignedPropertiesID" Type="http://uri.etsi.org/01903/v1.2.2#SignedProperties" URI="#Signature-SignedProperties">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>E70IIZJgM5B3rTwGJ5b4hEeJ8N0=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>q54/ZNHSjMWKMD4A5xI9qL2tBOA=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Certificate1">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>njihA04aMjUOyc0gnw6mfxjsfv8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="SignatureValue">
nfmak7CHtweDx/WkwizYHuNgL37d6QEyNkLIC99zK0Yar0fGtXzrKgKMSRQXdXX52ZtzdKKIB7+Q
dUA9zCWUQlwAofPtbFCNYr8Ju3KDekmqEE3oTN9T689jTzW9Mn9fsazBIaCVI/wgfv4PvS0Z+lNH
ZIjb2UlCaZeVfdeInNo=
</ds:SignatureValue>
<ds:KeyInfo Id="Certificate1">
<ds:X509Data>
<ds:X509Certificate>
MIID4DCCA0mgAwIBAgIBOjANBgkqhkiG9w0BAQUFADByMQswCQYDVQQGEwJFUzEPMA0GA1UECBMG
TWFkcmlkMQ8wDQYDVQQHEwZNYWRyaWQxDjAMBgNVBAoTBU1JVHlDMRswGQYDVQQLExJNSVR5QyBE
TkllIFBydWViYXMxFDASBgNVBAMTC0NBIHVzdWFyaW9zMB4XDTA3MTIxMTE2NDYyNVoXDTA4MTIx
MDE2NDYyNVowfzELMAkGA1UEBhMCRVMxDzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkcmlk
MQ4wDAYDVQQKEwVNSVR5QzEbMBkGA1UECxMSTUlUeUMgRE5JZSBQcnVlYmFzMSEwHwYDVQQDExhV
c3VhcmlvIGVqZW1wbG8gRmFjdHVyYUUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALiUcVbT
N077nqQ2H+NaoGoE27n9x2LArAfiQ+2J+O5xpX1j0SyqdUqcXNL4LK6/6GJWqj93mkHEf7c3SBXv
q68bvfaUUBQSOIbPqUGjA4kkK9gc/bx5NdkgfqZShNs7ErZFQDNho3Q2u2XBGWBerov6pOTmrzjE
+82vUYvIu+R9AgMBAAGjggF3MIIBczAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DAdBgNVHQ4EFgQU
3tDPGV3C+DRtihXUKstMKGFp5zwwgZgGA1UdIwSBkDCBjYAU9aFqqHdPW7EEjKd+SPEOn8V2jxuh
cqRwMG4xDzANBgNVBAgTBk1hZHJpZDEPMA0GA1UEBxMGTWFkcmlkMQ4wDAYDVQQKEwVNSVR5QzEb
MBkGA1UECxMSTUlUeUMgRE5JZSBQcnVlYmFzMRAwDgYDVQQDEwdSb290IENBMQswCQYDVQQGEwJF
U4IBAzAJBgNVHREEAjAAMDYGA1UdEgQvMC2GK2h0dHA6Ly9taW5pc3Rlci04amd4eTkubWl0eWMu
YWdlL1BLSS9DQS5jcnQwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL21pbmlzdGVyLThqZ3h5OS5t
aXR5Yy5hZ2UvUEtJL2NybC5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqG
SIb3DQEBBQUAA4GBAES/a/gimvoEe168IQbWORPJLh1tuTrjzB549XF0kpGDIuUzBqgeZq1HjYjA
iPgErqxGdk2qVVfDjjiNS5J+S6j5MXTs7toij/qEtdZmQ9AUfYRNKsNVFkUUI9j1ies3wUEecfvt
wmAAN12LtrNeBRc4GfTOOAeupFufFDjmI4gB
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
uJRxVtM3TvuepDYf41qgagTbuf3HYsCsB+JD7Yn47nGlfWPRLKp1Spxc0vgsrr/oYlaqP3eaQcR/
tzdIFe+rrxu99pRQFBI4hs+pQaMDiSQr2Bz9vHk12SB+plKE2zsStkVAM2GjdDa7ZcEZYF6ui/qk
5OavOMT7za9Ri8i75H0=
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
<ds:Object Id="Signature-Object"><etsi:QualifyingProperties Target="#Signature"><etsi:SignedProperties Id="Signature-SignedProperties"><etsi:SignedSignatureProperties><etsi:SigningTime>2007-12-11T19:21:28.229+01:00</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>dDucu0BjFAIFCeiJpfVJOqAnsNk=</ds:DigestValue></etsi:CertDigest><etsi:IssuerSerial><ds:X509IssuerName>CN=CA usuarios,OU=MITyC DNIe Pruebas,O=MITyC,L=Madrid,ST=Madrid,C=ES</ds:X509IssuerName><ds:X509SerialNumber>58</ds:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyId><etsi:SigPolicyId><etsi:Identifier>http://www.facturae.es/politica de firma formato facturae/politica de firma formato facturae v3_0.pdf</etsi:Identifier><etsi:Description>Política de firma electrónica para facturación electrónica con formato Facturae</etsi:Description></etsi:SigPolicyId><etsi:SigPolicyHash><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>HQvPemjDslVpcNmaJPpbHzhdZ50=</ds:DigestValue></etsi:SigPolicyHash></etsi:SignaturePolicyId></etsi:SignaturePolicyIdentifier><etsi:SignerRole><etsi:ClaimedRoles><etsi:ClaimedRole>emisor</etsi:ClaimedRole></etsi:ClaimedRoles></etsi:SignerRole></etsi:SignedSignatureProperties></etsi:SignedProperties></etsi:QualifyingProperties></ds:Object></ds:Signature>

Any idea?

Answers (1)

Next Recommended Forum

Forms Login, Cookie and IIS

Protection and security for Asp.net Web application

Leaderboard

Yesterday's leader

George Town (India)

C#, .NET

Chitrakoot (India)

13k

4.3k

Harshit Pandey

java, python, BigData

Kanpur (India)

Upcoming Events

Suggested For You

Forum Statistics

Please welcome our newest member maxicertpro .
2,380,547 users have contributed to 122,603 threads and 388,846
In the past 24 hours, we have 1 new threads, 1 new posts, and 7 new users.
In last week, the most popular thread is 'How to convert cast in varchar in sql server'.