English 中文(简体)
正在以“ds”前缀生成xml 签名
原标题:Generating xml signature with "ds" prefix

I have generated an xml signature with signedxml ,, and validation is work well. My signaturexml is like below

<Signature Id="orderSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <SignedInfo>
                        <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
                        <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                        <Reference URI="">
                            <Transforms>
                                <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            </Transforms>
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                            <DigestValue>0r1BZecYgC4FzPIxuU9DYIbVqUE=</DigestValue>
                        </Reference>
                    </SignedInfo>
                    <SignatureValue>B+SreGOR7+QEnvo0zMgJsNgZ4gbA1leOifLGd09HG8lZD0ZxsBkcR0aauTgwRgeOefKSwah+KEqAlZvRNykgPjBmY9BJ2g6OfRdvm/mSj7ecDuq/Ic1vo5bHeFJHzr8qbS7IKS/hl/BOx+06yg5rFbVeQGYypznNLIKrjS5cfDbo11e6tpLWswZMxhly8c+FHuMKzAJKOw4spbebgVT4p/vGYsPekTRtvtLtqp1yVl1za8xWkqXmbPPxwio7rXFpKWAqdLQiHYW0cs8ARXUo2jSjete+m4+wQ3QpN4Wfj8Cs3+bYsh01r1XHUG48w3PGt11+trlIEABCaQrhgj9xzg==</SignatureValue>
                    <KeyInfo>
                        <KeyValue>
                            <RSAKeyValue>
                                <Modulus>z9KDoRUO4alAwhL2Nq2fIAwsbecLuWYnzwKEX2WsUOWmhXksD+uYqjRqrKpV9j2tWFf6Ba87zEEa5xPOgD9Jj5naq6tDuH9q48u2gosC3vohPTNXL1I1sj9NTYIFNN+xcf/hi7fPQa/yq5lPOwN45kblee8Z6MqVt6Jk5ytQ+jMT6ZMStL6dOASKbwROfb0uhdmOieX60CGNAbdrn/ei2Vr2EOVmHSB1ZqZ0EhaFTKK5PPuiDlptl+bH0KBqkYEcMgzGMgxNJbDM/MlHgXWh9IWTS/A64awy8xUEQwq9QCibYzI5WCDceyTiNSAVhBQDMEX4YyWDj52sceKEK/q9NQ==</Modulus>
                                <Exponent>AQAB</Exponent>
                            </RSAKeyValue>
                        </KeyValue>
                        <X509Data>
                            <X509IssuerSerial>
                                <X509IssuerName>CN=Mali Mühür Elektronik Sertifika Hizmet Sağlayıcısı - Sürüm 1, C=TR</X509IssuerName>
                                <X509SerialNumber>97806797770378</X509SerialNumber>
                            </X509IssuerSerial>
                            <X509SubjectName>CN=Bimtel İletişim Ve Bilişim Ticaret Limited Şirketi, SERIALNUMBER=1750422091</X509SubjectName>
                            <X509Certificate>MIIFrTCCBJWgAwIBAgIGWPRrcA6KMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNVBAYTAlRSMU0wSwYDVQQDDERNYWxpIE3DvGjDvHIgRWxla3Ryb25payBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSAtIFPDvHLDvG0gMTAeFw0xMTEwMTkxMjQ1NDVaFw0xNjEwMTcxMjQ1NDVaMFYxEzARBgNVBAUTCjE3NTA0MjIwOTExPzA9BgNVBAMMNkJpbXRlbCDEsGxldGnFn2ltIFZlIEJpbGnFn2ltIFRpY2FyZXQgTGltaXRlZCDFnmlya2V0aTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM/Sg6EVDuGpQMIS9jatnyAMLG3nC7lmJ88ChF9lrFDlpoV5LA/rmKo0aqyqVfY9rVhX+gWvO8xBGucTzoA/SY+Z2qurQ7h/auPLtoKLAt76IT0zVy9SNbI/TU2CBTTfsXH/4Yu3z0Gv8quZTzsDeOZG5XnvGejKlbeiZOcrUPozE+mTErS+nTgEim8ETn29LoXZjonl+tAhjQG3a5/3otla9hDlZh0gdWamdBIWhUyiuTz7og5abZfmx9CgapGBHDIMxjIMTSWwzPzJR4F1ofSFk0vwOuGsMvMVBEMKvUAom2MyOVgg3Hsk4jUgFYQUAzBF+GMlg4+drHHihCv6vTUCAwEAAaOCAnkwggJ1MB8GA1UdIwQYMBaAFEYgqVMbKAwcrvIoUYOzHr7yUxR8MB0GA1UdDgQWBBRv135w613ZEQPsNPW+8TDIFkKEDzAOBgNVHQ8BAf8EBAMCB4AwggEzBgNVHSAEggEqMIIBJjCCASIGC2CGGAECAQEFBwQBMIIBETAqBggrBgEFBQcCARYeaHR0cDovL2RlcG8ua2FtdXNtLmdvdi50ci9pbGtlMIHiBggrBgEFBQcCAjCB1R6B0gBCAHUAIABzAGUAcgB0AGkAZgBpAGsAYQAgAGkAbABlACAAaQBsAGcAaQBsAGkAIABzAGUAcgB0AGkAZgBpAGsAYQAgAHUAeQBnAHUAbABhAG0AYQAgAGUAcwBhAHMAbABhAHIBMQBuATEAIABvAGsAdQBtAGEAawAgAGkA5wBpAG4AIABiAGUAbABpAHIAdABpAGwAZQBuACAAdwBlAGIAIABzAGkAdABlAHMAaQBuAGkAIAB6AGkAeQBhAHIAZQB0ACAAZQBkAGkAbgBpAHoALjAMBgNVHRMBAf8EAjAAMBYGA1UdJQQPMA0GC2CGGAECAQEFBzIBMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9kZXBvLmthbXVzbS5nb3YudHIva3VydW1zYWwvbW1lc2hzLXMxLmNybDCBggYIKwYBBQUHAQEEdjB0MDwGCCsGAQUFBzAChjBodHRwOi8vZGVwby5rYW11c20uZ292LnRyL2t1cnVtc2FsL21tZXNocy1zMS5jcnQwNAYIKwYBBQUHMAGGKGh0dHA6Ly9jaXNkdXBtbXMxLmt1cnVtc2FsLmthbXVzbS5nb3YudHIwDQYJKoZIhvcNAQELBQADggEBAFX0arwcDDLRbYHOkxb3Os4t3kMxPG7VzBAcgiPCV/ph1xda1S7IyXTk54L6OsXtsW/JBvf9+mjufAQXPwUl1AoqndBOkzYuOYv5ZXpK0Uzb1yV+XiLZtKp44wv2FeaEN5D/nyMAwi6ckGE959/JnXV5AAURBwgrnuOcksryJwOyRV78JAu28UL0fflDdmLR8qZKUUDdDzAhHTZzXBjF1GtHyEGtg3nJKO13ZZba6HXbv6dP2J7ZgFTTeyobTh5MsnBIedSItxfAxUhls7M8L3h0X42Dkx28nZw7zG1n55TIPrahihjR99qYGVnf5lnfYOt5/dhkeOazxam+QookoBI=</X509Certificate>
                        </X509Data>
                    </KeyInfo>
                </Signature>

但我需要生成 Xml 签名, 使用“ ds: ” 前缀 。

我找不到这个问题的解决之道。

How to get xml signature with prefix ? Is it possible with signedxml (System.Security.Cryptography.Xml) library ,,

或有什么图书馆 我可以产生?

谢谢你的忠告

问题回答

我不明白为什么您要在命名空间中添加 ds 前缀 。

兹规定如下:

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature">
  <ds:SignedInfo Id="SignedInfo">
 <ds:CanonicalizationMethod ...

完全等于:

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="Signature">
   <SignedInfo Id="SignedInfo">
 <CanonicalizationMethod ...

在第一种情况下,您必须指定中元素的 ds,“http://www.w3.org/2000/09/xmldsig#” rel=“nofollow” >http://www.w3.org/2000/09/xmldsig/a>命名空间,在第二种情况下,这个命名空间是默认的命名空间,因此xml中未声明前缀的每个元素都来自这个命名空间。

您还要说, 您需要添加 ds 前缀以获得 XAdES- BES 的 XAdls, 您需要就 xmldsig 和 xades 签名之间的差别发表一些评论。 您必须知道 XAdES 仅仅是一个说明 XMLDSIG 签名需要什么属性才能成为 XAdES 签名的规格。 大致上 XAdES 是一个 XMLDSIG 签名, 它包含 : < code\\ lt; http:// uri.etsi. org/01903/ vmldsig@gt; 中将包含整个资格属性的包, 其中一些( 签名的属性) 和一些未签名的包( 未签名的属性) 。 对于 XAdES- BES 案例, 您必须添加 < code{lt: SigningCertificaate xaindes: dexades=" http:// uri.etsi. org/01903/ v1.3# & gt; 内 < Codelt; dexates: propertypets> <

这里我举一个 XAdES-BES 签名“ 不带” ds 前缀的例子。

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="Signature">
<SignedInfo Id="SignedInfo">
    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    <Reference Id="SignedProperties-Reference" Type="http://uri.etsi.org/01903/v1.2.2#SignedProperties" URI="#SignedProperties">
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>fiKTaqJzLSmC73cMXZSzjhd877w=</DigestValue>
    </Reference>
    <Reference Id="SignedDataObject-Reference-1" URI="DetachedObjectReference-1">
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>8ruIS/4MRp2wAwVX4/pTCYxTyWc=</DigestValue>
    </Reference>
</SignedInfo>
<SignatureValue Id="DocumentSignatureValue">
    R40YdEEEl0YIZVdl4pm3yyF7qGAG8ZN8PPf0aBRXbvRgdIcvJZtI5AS5NexaO5T4O0gMHWRIKjNb
    2QzlfwxlQ3/KqMW4W0QkMLpF4csBpXt9bJ3t+smEeTnxkBcQRXAw5v9kwf20mfz1LtIUhbsU/PMd
    YwaGCsItF2rzl3rtcq4=
</SignatureValue>
<KeyInfo Id="KeyInfo">
    <X509Data>
        <X509Certificate>
            MIIIUTCCBzmgAwI...
        </X509Certificate>
    </X509Data>
    <KeyValue>
        <RSAKeyValue>
            <Modulus>
              pb0cJiodddCDVe/t+7...
            </Modulus>
            <Exponent>AQAB</Exponent>
        </RSAKeyValue>
    </KeyValue>
</KeyInfo>
<Object>
    <xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="QualifyingProperties" Target="#Signature">
        <xades:SignedProperties Id="SignedProperties">
            <xades:SignedSignatureProperties>
                <xades:SigningCertificate>
                    <xades:Cert>
                        <xades:CertDigest>
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                            <DigestValue>UZq4NIL9eVVA7aJixPeiUTM3nOM=</DigestValue>
                        </xades:CertDigest>
                        <xades:IssuerSerial>
                            <X509IssuerName>XXXXXXXXXXXX....</X509IssuerName>
                            <X509SerialNumber>705964899...</X509SerialNumber>
                        </xades:IssuerSerial>
                    </xades:Cert>
                </xades:SigningCertificate>
            </xades:SignedSignatureProperties>
            <xades:SignedDataObjectProperties/>
        </xades:SignedProperties>
    </xades:QualifyingProperties>
</Object>

希望这能帮上忙

时间:2014-09-04 13:37:04

After a lot of research, I found this answer. Basically it s necessary modify the SignedXml class to add the prefix before getting the digest value of the SignedInfo node.

将修改计算符号方法以添加前缀参数

public void ComputeSignature(string prefix){...}

当该方法被称为它时,它通过消化签名Info节点的值来计算签名值,如果您在不使用“ds”前缀的情况下获得该值,然后添加前缀,您将获得无效的签名,所以您必须在获得签名的信息节点的摘要值之前添加前缀。

GetC14NDigest 方法生成了此摘要值, 因此此方法将会被修改, 添加前缀参数, 并在获取摘要值前添加前缀

private byte[] GetC14NDigest(HashAlgorithm hash, string prefix)
{
    XmlDocument document = new XmlDocument();
    document.PreserveWhitespace = false;
    XmlElement e = this.SignedInfo.GetXml(); //get the signedinfo nodes
    document.AppendChild(document.ImportNode(e, true));        
    Transform canonicalizationMethodObject = this.SignedInfo.CanonicalizationMethodObject;       
    SetPrefix(prefix, document.DocumentElement); /*Set the prefix before getting the HASH*/
    canonicalizationMethodObject.LoadInput(document);
    return canonicalizationMethodObject.GetDigestedOutput(hash);
}

Ok, so now you have the Signature Value of the SignedInfo nodes WITH the "ds" prefix, that being said you still DON T have the xml with the prefix yet, so if you just call the GetXml method you will not see the "ds" prefix and of course because the signature value was calculated considering the ds prefix you will have an invalid signature. To avoid that and get the xml structure with the prefix you have to modify the GetXml method, add the prefix parameter, and call the SetPrefix method wich will add the "ds" prefix to all the nodes in the Signature Xml

public XmlElement GetXml(string prefix)
{
    XmlElement e = this.GetXml();
    SetPrefix(prefix, e); //return the xml structure with the prefix
    return e;
}

换了这些修改,我就离开这班班班

< 坚固 > CUSTOM CLASS < /坚固 >

internal sealed class CustomSignedXml : SignedXml
{
    XmlElement obj = null;
    public CustomSignedXml (XmlDocument xml)
        : base(xml)
    {
    }

    public CustomSignedXml (XmlElement xmlElement)
        : base(xmlElement)
    {

    }

    public XmlElement GetXml(string prefix)
    {
        XmlElement e = this.GetXml();
        SetPrefix(prefix, e);
        return e;
    }

    public void ComputeSignature(string prefix)
    {
        this.BuildDigestedReferences();
        AsymmetricAlgorithm signingKey = this.SigningKey;
        if (signingKey == null)
        {
            throw new CryptographicException("Cryptography_Xml_LoadKeyFailed");
        }
        if (this.SignedInfo.SignatureMethod == null)
        {
            if (!(signingKey is DSA))
            {
                if (!(signingKey is RSA))
                {
                    throw new CryptographicException("Cryptography_Xml_CreatedKeyFailed");
                }
                if (this.SignedInfo.SignatureMethod == null)
                {
                    this.SignedInfo.SignatureMethod = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
                }
            }
            else
            {
                this.SignedInfo.SignatureMethod = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
            }
        }
        SignatureDescription description = CryptoConfig.CreateFromName(this.SignedInfo.SignatureMethod) as SignatureDescription;
        if (description == null)
        {
            throw new CryptographicException("Cryptography_Xml_SignatureDescriptionNotCreated");
        }
        HashAlgorithm hash = description.CreateDigest();
        if (hash == null)
        {
            throw new CryptographicException("Cryptography_Xml_CreateHashAlgorithmFailed");
        }
        this.GetC14NDigest(hash, prefix);
        this.m_signature.SignatureValue = description.CreateFormatter(signingKey).CreateSignature(hash);
    }         

    private byte[] GetC14NDigest(HashAlgorithm hash, string prefix)
    {

        XmlDocument document = new XmlDocument();
        document.PreserveWhitespace = false;
        XmlElement e = this.SignedInfo.GetXml();
        document.AppendChild(document.ImportNode(e, true));               

        Transform canonicalizationMethodObject = this.SignedInfo.CanonicalizationMethodObject;            
        SetPrefix(prefix, document.DocumentElement); //Set the prefix before getting the HASH
        canonicalizationMethodObject.LoadInput(document);
        return canonicalizationMethodObject.GetDigestedOutput(hash);
    }

    private void BuildDigestedReferences()
    {
        Type t = typeof(SignedXml);
        MethodInfo m = t.GetMethod("BuildDigestedReferences", BindingFlags.NonPublic | BindingFlags.Instance);
        m.Invoke(this, new object[] { });
    }

    private void SetPrefix(string prefix, XmlNode node)
    {
       foreach (XmlNode n in node.ChildNodes)
          SetPrefix(prefix, n);
       node.Prefix = prefix;
    }
}

< 坚固 > 以及使用它的方法 < / 坚固 >

CustomSignedXml signedXml = new CustomSignedXml();

//compute the signature with the "ds" prefix

signedXml.ComputeSignature("ds");

//get the xml of the signature with the "ds" prefix

XmlElement xmlDigitalSignature = signedXml.GetXml("ds");
时间:2017-03-15 23:17:24

尝试在您签名前将此属性 < strong> xmlns:ds=" http://www.w3. org/2000/09/xmldsig#" 添加到您 XML 文档的根标记上。 我的情况有助于封装签名, 但我使用加密API。 希望这能帮助您 。

时间:2015-07-08 08:51:59


上一篇:
下一篇:


相关问题
Signed executables under Linux

For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is How to sign executable code and run only trusted ...

时间:2009-11-14 01:34:19 回答:10 展示:1
MALICIOUS_CODE EI_EXPOSE_REP Medium

I run findbugs against all of my code and only tackle the top stuff. I finally got the top stuff resolved and now am looking at the details. I have a simple entity, say a user: public class User ...

时间:2009-11-14 00:40:10 回答:5 展示:1
XSS on jsbin.com

Anyone know if jsbin.com implements any protection for XSS or other javascript attacks? I see jsbin links used fairly regularly on sites like this one and I can t find any indication from the site ...

时间:2009-11-14 00:18:21 回答:1 展示:1
Make md5 strong

Im making a website that will intergrate with game that only support md5 hashing metod (atm). Which ofc is not especially safe anymore. But how could i make it stronger? Should I just generate long ...

时间:2009-11-13 18:59:37 回答:5 展示:1
Why running a service as Local System is bad on windows?

I am trying to find out the difference between difference service account types. I tumbled upon this question. The answer was because it has powerful access to local resources, and Network Service ...

时间:2009-11-13 16:51:19 回答:5 展示:1
Brute-force/DoS prevention in PHP [closed]

I am trying to write a script to prevent brute-force login attempts in a website I m building. The logic goes something like this: User sends login information. Check if username and password is ...

时间:2009-11-13 05:37:34 回答:5 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全