XML validation with XMLDSIG using XadES-BES algorithm

心不动则不痛 提交于 2019-12-22 17:05:31

问题


Some information a program is using uses input files in xml format. The files have the following structure.

<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="urn:envelope">
 <MyData Id="MyDataId">
  <!-- some data -->
 </MyData>
 <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
   <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
   <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig-more#rsa-sha256" />
   <Reference URI="#MyDataId">
    <Transforms>
     <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
    <DigestValue>
     <!-- digest for MyData -->
    </DigestValue>
   </Reference>
   <Reference URI="#KeyInfoId">
    <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
    <DigestValue>
     <!-- digest for KeyInfo -->
    </DigestValue>
   </Reference>
  </SignedInfo>
  <SignatureValue>
   <!-- signature from SignedInfo data -->
  </SignatureValue>
  <KeyInfo id="KeyInfoId">
   <X509Data>
    <X509Certificate>
     <!-- some certificate -->
    </X509Certificate>
   </X509Data>
  </KeyInfo>
 </Signature>
</Envelope>

I found some examples with only one reference tag, but not with muliple or only refereces which where already in the rest of the xml file. I know that the encoding is XADES-BES. Does anyone knows a .NET 1.1 component which is capable of validating this kind of XML files? Thanks in advance.

Regards,

René


回答1:


The XML you are showing is not really a XAdES signature, but a XMLDSIG. You can tell that because there is not a QualifyingProperties node (XAdES adds this node, that have to be inside an Object tag, as a child of Signature node).

As Ricardo said before, the project I am working in (XAdES .Net Project) should be able to verify the xml you provide. If not, please, feel free to add an issue at our issue tracker (you may need to register at codeplex, but it is free).

At this point, we are still building the skeleton of our library (what really aims to implement is XAdES in .NET), so you may find bugs or lack of features. If so, again, feel free to add any issue you need.

Also, we developed the library using .NET Framework 3.5 so, if you really can only use 1.1 it won't work :( Security layer after Framework 1.1 changed, so it is not backwards-compatible. I think it will work using 2.0 and above.

I hope it helps.

Regards,

Luis M. Villa




回答2:


See Microsoft's SignedXml class




回答3:


Try this project:

http://xadesnet.codeplex.com/




回答4:


Our SecureBlackbox product provides support for XMLDSig, XMLEnc and XAdES standards in .NET (including Mono, .NET CF and Silverlight).




回答5:


In case you still need to generate XAdES signatures, we've released 1.0 alpha version of XAdES .NET Project. This version adds support to XAdES-BES signatures, and some code fragments have been rewritten to be compatible with .NET 2.0 Framework.

You can download the release here: XAdES .NET Project

Hope it helps,

Luis M. Villa



来源:https://stackoverflow.com/questions/4215343/xml-validation-with-xmldsig-using-xades-bes-algorithm

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!