XML validation with XMLDSIG using XadES-BES algorithm_问答_开发者

XML validation with XMLDSIG using XadES-BES algorithm

开发者 https://www.devze.com 2023-01-25 22:47 出处：网络

Some information a program is using uses input files in xml format. The files have the following structure.

<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="urn:envelope">
 <MyData Id="MyDataId">
  <!-- some data -->
 </MyData>
 <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
   <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
   <开发者_如何学C;SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig-more#rsa-sha256" />
   <Reference URI="#MyDataId">
    <Transforms>
     <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
    <DigestValue>
     <!-- digest for MyData -->
    </DigestValue>
   </Reference>
   <Reference URI="#KeyInfoId">
    <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
    <DigestValue>
     <!-- digest for KeyInfo -->
    </DigestValue>
   </Reference>
  </SignedInfo>
  <SignatureValue>
   <!-- signature from SignedInfo data -->
  </SignatureValue>
  <KeyInfo id="KeyInfoId">
   <X509Data>
    <X509Certificate>
     <!-- some certificate -->
    </X509Certificate>
   </X509Data>
  </KeyInfo>
 </Signature>
</Envelope>

I found some examples with only one reference tag, but not with muliple or only refereces which where already in the rest of the xml file. I know that the encoding is XADES-BES. Does anyone knows a .NET 1.1 component which is capable of validating this kind of XML files? Thanks in advance.

Regards,

René

The XML you are showing is not really a XAdES signature, but a XMLDSIG. You can tell that because there is not a QualifyingProperties node (XAdES adds this node, that have to be inside an Object tag, as a child of Signature node).

As Ricardo said before, the project I am working in (XAdES .Net Project) should be able to verify the xml you provide. If not, please, feel free to add an issue at our issue tracker (you may need to register at codeplex, but it is free).

At this point, we are still building the skeleton of our library (what really aims to implement is XAdES in .NET), so you may find bugs or lack of features. If so, again, feel free to add any issue you need.

Also, we developed the library using .NET Framework 3.5 so, if you really can only use 1.1 it won't work :( Security layer after Framework 1.1 changed, so it is not backwards-compatible. I think it will work using 2.0 and above.

I hope it helps.

Regards,

Luis M. Villa

See Microsoft's SignedXml class

Try this project:

http://xadesnet.codeplex.com/

Our SecureBlackbox product provides support for XMLDSig, XMLEnc and XAdES standards in .NET (including Mono, .NET CF and Silverlight).

In case you still need to generate XAdES signatures, we've released 1.0 alpha version of XAdES .NET Project. This version adds support to XAdES-BES signatures, and some code fragments have been rewritten to be compatible with .NET 2.0 Framework.

You can download the release here: XAdES .NET Project

Hope it helps,

Luis M. Villa