我正在分析XML-DSIG文件,以便了解如何编写生成XML-DSIGnatures的软件代码。我有这个麻烦,迫切需要帮助...... 我试图从signatures0.xml(在此位之后引用)中理解这一点:
<Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#SignedPropertiesElem_0" xmlns="http://www.w3.org/2000/09/xmldsig#">
<Transforms xmlns="http://www.w3.org/2000/09/xmldsig#">
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>kOlNXyBs6oSP9hbh+4niZMNQ9OsOCzYhkSYYG4YdHQU=</DigestValue>
</Reference>
signatures0.xml:
<?xml version="1.0" encoding="UTF-8"?>
<document-signatures xmlns="urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0">
<Signature Id="SignatureElem_0" xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="metadata/signableMetadata0.xml" xmlns="http://www.w3.org/2000/09/xmldsig#">
<Transforms xmlns="http://www.w3.org/2000/09/xmldsig#">
<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath>ancestor-or-self::*[@ID='signature_0']</XPath>
</Transform>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>XIrOvoOM33rWvV5Fdckax/bNLOpR9RNIonkVQ22fczM=</DigestValue>
</Reference>
<Reference URI="1.docx" xmlns="http://www.w3.org/2000/09/xmldsig#">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>LtTwOA0L3mL4mswjGL3JwkumufovE/A75M4MGSUm6PQ=</DigestValue>
</Reference>
<Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#SignedPropertiesElem_0" xmlns="http://www.w3.org/2000/09/xmldsig#">
<Transforms xmlns="http://www.w3.org/2000/09/xmldsig#">
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>kOlNXyBs6oSP9hbh+4niZMNQ9OsOCzYhkSYYG4YdHQU=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
EPuWjb6IeuYg32FT1tInmO7FPL1ISuluFvrPqzHdHyJ0ymgMFitaWPJQk0MV6ckgmvFwif6zpg5C
XLVJl4U+e/+AmS1AkwMf2TmnuIONuB8oLeYcDUCr+0xxlwgKSZoopzapD7ylZxIwCPTMr6BT3lx9
8EFHHVskC4wVihR0JsJWBl2YzGnBevCWpknGofa8t8vOHpTA2y9VSAu5ETXnKYF5Ms04kTy5NQ7G
kHcslw+HSAuaJolvfUd4EeqAXVFz9V7sE+akQ20fciw9QQH8gttF8bIous8dsv3/6Zmtclvbk17Q
79pI+2o7JKhZIh9ct0PHTMpU5KV6GEXxIrCb4g==
</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>
MIIKVTCCCT2gAwIBAgIOQNXCrd79knQAAAALm2IwDQYJKoZIhvcNAQEFBQAwgb0xCzAJBgNVBAYT
AkxUMUAwPgYDVQQKEzdHeXZlbnRvanUgcmVnaXN0cm8gdGFybnliYSBwcmllIExSIFZSTSAtIGku
ay4gMTg4NzU2NzY3MTEwLwYDVQQLEyhOYWNpb25hbGluaXMgc2VydGlmaWthdmltbyBjZW50cmFz
IChOU0MpMTkwNwYDVQQDEzBOYWNpb25hbGluaXMgc2VydGlmaWthdmltbyBjZW50cmFzIChJc3N1
aW5nQ0EtQikwHhcNMTQwMjA0MTM1NTUwWhcNMTcwMjAzMTM1NTUwWjBjMQswCQYDVQQGEwJMVDEZ
MBcGA1UEAwwQU0lHSVRBIFBVVFJJRU7EljESMBAGA1UEBAwJUFVUUklFTsSWMQ8wDQYDVQQqEwZT
SUdJVEExFDASBgNVBAUTCzQ4MjA5MjkwOTI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAlsxbvBk8SKnC8MX9mJ01dsnVhdsaX/8RiSq9nxosZ5B/gtBEOPr+3WIZ6F5+RK9IN59ONip7
rOXVJLXZI5GbbCFtGYMy24KfBuoTvnqvLCKw9p2A5o3WVeM2LuEnT4X09UPZPcNrPyPs+z2IafTE
7eltUfP4EcdFqh4nCnGoj6iFiUiHHAB2VjF+b8R8e8y7+KenanhR7p8Fo1waBfY4h9dAm0ZcCxDQ
DEcQzsXY06yi0Im/G0496hOonOqi+HHX1tgWENIzsyIgMH0h+aI6dN26JxUkQ6z0Q47gvTcAs1lC
Pc/6lHm9nM/6nZhn9URbxg6vxFgr5m5yf9gfXqcvYQIDAQABo4IGqjCCBqYwDgYDVR0PAQH/BAQD
AgbAMB0GA1UdDgQWBBRTpqDcAOtayHSkdGcl+OUu+wYPMjBLBgNVHQkERDBCMA8GCCsGAQUFBwkD
MQMTAUYwHQYIKwYBBQUHCQExERgPMTk4MjA5MjkxMjAwMDBaMBAGCCsGAQUFBwkEMQQTAkxUMB8G
A1UdIwQYMBaAFHOCCdqDj7IH/YtgeHa+2t6EqsudMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9u
c2MudnJtLmx0L2NkcC9Jc3N1aW5nQ0EtQi5jcmwwdwYIKwYBBQUHAQEEazBpMDQGCCsGAQUFBzAB
hihodHRwOi8vbnNjLnZybS5sdC9PQ1NQL29jc3ByZXNwb25kZXIubnNjMDEGCCsGAQUFBzAChiVo
dHRwOi8vbnNjLnZybS5sdC9haWEvSXNzdWluZ0NBLUIuY3J0MDwGCSsGAQQBgjcVBwQvMC0GJSsG
AQQBgjcVCIHOw3SEvLhBg8GdP8SQT5vla4EigZL6KIPyqCsCAWQCAQQwFQYDVR0lBA4wDAYKKwYB
BAGCNwoDDDCCBLwGA1UdIASCBLMwggSvMIIEqwYLKwYBBAGB+SgBAQEwggSaMIIEbAYIKwYBBQUH
AgIwggReHoIEWgBUAGgAaQBzACAAcwB0AGEAdABlAG0AZQBuAHQAIABpAHMAIABhACAAcwB0AGEA
dABlAG0AZQBuAHQAIABiAHkAIAB0AGgAZQAgAGkAcwBzAHUAZQByACAAdABoAGEAdAAgAHQAaABp
AHMAIABjAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABpAHMAIABpAHMAcwB1AGUAZAAgAGEAcwAgAGEA
IABRAHUAYQBsAGkAZgBpAGUAZAAgAGMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAGEAYwBjAG8AcgBk
AGkAbgBnACAAQQBuAG4AZQB4ACAASQAgAGEAbgBkACAASQBJACAAbwBmACAAdABoAGUAIABEAGkA
cgBlAGMAdABpAHYAZQAgADEAOQA5ADkALwA5ADMALwBFAEMAIABvAGYAIAB0AGgAZQAgAEUAdQBy
AG8AcABlAGEAbgAgAFAAYQByAGwAaQBhAG0AZQBuAHQAIABhAG4AZAAgAG8AZgAgAHQAaABlACAA
QwBvAHUAbgBjAGkAbAAgAG8AZgAgADEAMwAgAEQAZQBjAGUAbQBiAGUAcgAgADEAOQA5ADkAIABv
AG4AIABhACAAQwBvAG0AbQB1AG4AaQB0AHkAIABmAHIAYQBtAGUAdwBvAHIAawAgAGYAbwByACAA
ZQBsAGUAYwB0AHIAbwBuAGkAYwAgAHMAaQBnAG4AYQB0AHUAcgBlAHMALAAgAGEAcwAgAGkAbQBw
AGwAZQBtAGUAbgB0AGUAZAAgAGkAbgAgAHQAaABlACAAbABhAHcAIABvAGYAIAB0AGgAZQAgAGMA
bwB1AG4AdAByAHkAIABzAHAAZQBjAGkAZgBpAGUAZAAgAGkAbgAgAHQAaABlACAAaQBzAHMAdQBl
AHIAIABmAGkAZQBsAGQAIABvAGYAIAB0AGgAaQBzACAAYwBlAHIAdABpAGYAaQBjAGEAdABlAC4A
IAFgAGkAcwAgAHMAZQByAHQAaQBmAGkAawBhAHQAYQBzACAAeQByAGEAIABrAHYAYQBsAGkAZgBp
AGsAdQBvAHQAYQBzACAAcwBlAHIAdABpAGYAaQBrAGEAdABhAHMAIABwAGEAZwBhAGwAIABFAFMA
IABkAGkAcgBlAGsAdAB5AHYAbwBzACAAMQA5ADkAOQAvADkAMwAvAEUAQwAgAGQBFwBsACAAQgBl
AG4AZAByAGkAagBvAHMAIABlAGwAZQBrAHQAcgBvAG4AaQBuAGkAbwAgAHAAYQByAGEBYQBvACAA
cABhAGcAcgBpAG4AZABpAG4AaQFzACAAbgB1AG8AcwB0AGEAdAFzACAASQAgAGkAcgAgAEkASQAg
AHAAcgBpAGUAZAB1AHMAIABpAHIAIABMAGkAZQB0AHUAdgBvAHMAIABlAGwAZQBrAHQAcgBvAG4A
aQBuAGkAbwAgAHAAYQByAGEBYQBvACABLwBzAHQAYQB0AHkAbQEFAC4wKAYIKwYBBQUHAgEWHGh0
dHA6Ly9uc2MudnJtLmx0L3JlcG9zaXRvcnkwHQYJKwYBBAGCNxUKBBAwDjAMBgorBgEEAYI3CgMM
MCIGCCsGAQUFBwEDBBYwFDAIBgYEAI5GAQEwCAYGBACORgEEMA0GCSqGSIb3DQEBBQUAA4IBAQAf
PXZj6QagEgswUy+wit1MdCPMbKnF5LYszPtLG/PYbtuqXstBZljRR1tZVo8DRzoVRKwM7gpNNnWF
UEtZoaafJ4uWmWWZLNSVAyaZUAJ67s2rkDPTtNtb7W9QCZJNIU2klegoY3JvDqAQzheE+Mj9HXnh
0h21Qb8MWq4lHaL99/Vk9OXSlR9WYQfbEB5zbI5kp6nVePM2cf9uOZbhZRLdDAKbL/NrSGca3S40
WZevQ1m9sdMgmobSTyuqniDXYIa7sO+QOzbMPIFuTn/izO13IK63uUBFnTImW+99PAyDx3s4Y03t
EWpXA25hWn/NXH5xWC7ohKKeXzVUhnMN4WxT
</X509Certificate>
</X509Data>
</KeyInfo>
<Object>
<QualifyingProperties Target="#SignatureElem_0" xmlns="http://uri.etsi.org/01903/v1.3.2#">
<SignedProperties Id="SignedPropertiesElem_0">
<SignedSignatureProperties>
<SigningTime>2014-08-21T06:09:55Z</SigningTime>
<SigningCertificate>
<Cert>
<CertDigest>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">JQ0kZvd0mtXQPA/RTuYV9iuc346tznvN9MoAd/0jNyM=</DigestValue>
</CertDigest>
<IssuerSerial>
<X509IssuerName xmlns="http://www.w3.org/2000/09/xmldsig#">CN=Nacionalinis sertifikavimo centras (IssuingCA-B),OU=Nacionalinis sertifikavimo centras (NSC),O=Gyventoju registro tarnyba prie LR VRM - i.k. 188756767,C=LT</X509IssuerName>
<X509SerialNumber xmlns="http://www.w3.org/2000/09/xmldsig#">1315010063538360283821765366094690</X509SerialNumber>
</IssuerSerial>
</Cert>
</SigningCertificate>
<SignaturePolicyIdentifier>
<SignaturePolicyImplied/>
</SignaturePolicyIdentifier>
</SignedSignatureProperties>
</SignedProperties>
</QualifyingProperties>
</Object>
</Signature></document-signatures>
据我所知,第一个引用位指的是同一文件中的 SignedPropertiesElem_0 元素。我正在尝试确切地确定它所引用的内容 - 应该选择哪些代码并稍后用于规范化然后计算摘要值。是这样的:
<SignedProperties Id="SignedPropertiesElem_0">
<SignedSignatureProperties>
<SigningTime>2014-08-21T06:09:55Z</SigningTime>
<SigningCertificate>
<Cert>
<CertDigest>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">JQ0kZvd0mtXQPA/RTuYV9iuc346tznvN9MoAd/0jNyM=</DigestValue>
</CertDigest>
<IssuerSerial>
<X509IssuerName xmlns="http://www.w3.org/2000/09/xmldsig#">CN=Nacionalinis sertifikavimo centras (IssuingCA-B),OU=Nacionalinis sertifikavimo centras (NSC),O=Gyventoju registro tarnyba prie LR VRM - i.k. 188756767,C=LT</X509IssuerName>
<X509SerialNumber xmlns="http://www.w3.org/2000/09/xmldsig#">1315010063538360283821765366094690</X509SerialNumber>
</IssuerSerial>
</Cert>
</SigningCertificate>
<SignaturePolicyIdentifier>
<SignaturePolicyImplied/>
</SignaturePolicyIdentifier>
</SignedSignatureProperties>
</SignedProperties>
或者这个:
<SignedSignatureProperties>
<SigningTime>2014-08-21T06:09:55Z</SigningTime>
<SigningCertificate>
<Cert>
<CertDigest>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">JQ0kZvd0mtXQPA/RTuYV9iuc346tznvN9MoAd/0jNyM=</DigestValue>
</CertDigest>
<IssuerSerial>
<X509IssuerName xmlns="http://www.w3.org/2000/09/xmldsig#">CN=Nacionalinis sertifikavimo centras (IssuingCA-B),OU=Nacionalinis sertifikavimo centras (NSC),O=Gyventoju registro tarnyba prie LR VRM - i.k. 188756767,C=LT</X509IssuerName>
<X509SerialNumber xmlns="http://www.w3.org/2000/09/xmldsig#">1315010063538360283821765366094690</X509SerialNumber>
</IssuerSerial>
</Cert>
</SigningCertificate>
<SignaturePolicyIdentifier>
<SignaturePolicyImplied/>
</SignaturePolicyIdentifier>
</SignedSignatureProperties>
或者这个:
<SigningTime>2014-08-21T06:09:55Z</SigningTime>
<SigningCertificate>
<Cert>
<CertDigest>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">JQ0kZvd0mtXQPA/RTuYV9iuc346tznvN9MoAd/0jNyM=</DigestValue>
</CertDigest>
<IssuerSerial>
<X509IssuerName xmlns="http://www.w3.org/2000/09/xmldsig#">CN=Nacionalinis sertifikavimo centras (IssuingCA-B),OU=Nacionalinis sertifikavimo centras (NSC),O=Gyventoju registro tarnyba prie LR VRM - i.k. 188756767,C=LT</X509IssuerName>
<X509SerialNumber xmlns="http://www.w3.org/2000/09/xmldsig#">1315010063538360283821765366094690</X509SerialNumber>
</IssuerSerial>
</Cert>
</SigningCertificate>
<SignaturePolicyIdentifier>
<SignaturePolicyImplied/>
</SignaturePolicyIdentifier>
或其他一些部分?
我尝试了第一个,然后让它通过StylusStudio规范化或http://www.soapclient.com/xmlcanon.html(两者似乎都返回相同的结果),结果如下:
<SignedProperties Id="SignedPropertiesElem_0">
<SignedSignatureProperties>
<SigningTime>2014-08-21T06:09:55Z</SigningTime>
<SigningCertificate>
<Cert>
<CertDigest>
<DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod>
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">JQ0kZvd0mtXQPA/RTuYV9iuc346tznvN9MoAd/0jNyM=</DigestValue>
</CertDigest>
<IssuerSerial>
<X509IssuerName xmlns="http://www.w3.org/2000/09/xmldsig#">CN=Nacionalinis sertifikavimo centras (IssuingCA-B),OU=Nacionalinis sertifikavimo centras (NSC),O=Gyventoju registro tarnyba prie LR VRM - i.k. 188756767,C=LT</X509IssuerName>
<X509SerialNumber xmlns="http://www.w3.org/2000/09/xmldsig#">1315010063538360283821765366094690</X509SerialNumber>
</IssuerSerial>
</Cert>
</SigningCertificate>
<SignaturePolicyIdentifier>
<SignaturePolicyImplied></SignaturePolicyImplied>
</SignaturePolicyIdentifier>
</SignedSignatureProperties>
</SignedProperties>
然后使用这些工具计算摘要值: http://www.webutils.pl/index.php?idx=sha1 hash.online-convert.com/sha256-generator www.freeformatter.com/message-digest.html#ad-output
它们都返回相同的结果,但结果与xml文件中的结果不同: kOlNXyBs6oSP9hbh + 4niZMNQ9OsOCzYhkSYYG4YdHQU =
我做错了什么?我应该将xml文档的哪一部分复制并粘贴到规范化器中,然后复制到摘要计算器中?我花了几天时间尝试不同的事情,寻找答案而没有得到任何东西......我确信我错过了一些东西,因此我在寻求你的帮助。
答案 0 :(得分:0)
我发现结果应该是:
<SignedProperties Id="SignedPropertiesElem_0">
<SignedSignatureProperties>
<SigningTime>2014-08-21T06:09:55Z</SigningTime>
<SigningCertificate>
<Cert>
<CertDigest>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" xmlns="http://www.w3.org/2000/09/xmldsig#"/>
<DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">JQ0kZvd0mtXQPA/RTuYV9iuc346tznvN9MoAd/0jNyM=</DigestValue>
</CertDigest>
<IssuerSerial>
<X509IssuerName xmlns="http://www.w3.org/2000/09/xmldsig#">CN=Nacionalinis sertifikavimo centras (IssuingCA-B),OU=Nacionalinis sertifikavimo centras (NSC),O=Gyventoju registro tarnyba prie LR VRM - i.k. 188756767,C=LT</X509IssuerName>
<X509SerialNumber xmlns="http://www.w3.org/2000/09/xmldsig#">1315010063538360283821765366094690</X509SerialNumber>
</IssuerSerial>
</Cert>
</SigningCertificate>
<SignaturePolicyIdentifier>
<SignaturePolicyImplied/>
</SignaturePolicyIdentifier>
</SignedSignatureProperties>
</SignedProperties>
在规范化之后我无法获得正确的摘要值的原因是因为软件没有包含所有适用的命名空间声明,并且它也应该声明xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"。
Web哈希计算器的问题是在Windows中复制和粘贴文本时,LF换行符被CR + LF取代。