使用XAdES-BES以base64格式签署ZIP文件

时间:2015-10-22 10:08:46

标签: c# digital-signature x509certificate xml-signature

根据规范,我必须:

  • 创建一个XML文件,
  • 将其放入ZIP文件中
  • 使用XAdES-BES封装格式的合格签名以base64格式签署ZIP文件

如何使用XAdES-BES签署ZIP文件?我知道C#中的所有库/方法都将XML文档作为输入。

示例输出:

<?xml version="1.0" encoding="UTF-8"?>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature_b8ef6db9-74e5-4e30-962e-
56502be99f1a_17"><ds:SignedInfo Id="SignedInfo_b8ef6db9-74e5-4e30-962e-56502be99f1a_4f"><ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsasha1"/><ds:Reference
Id="Reference1_b8ef6db9-74e5-4e30-962e-56502be99f1a_29" URI="#Object1_b8ef6db9-74e5-4e30-962e-
56502be99f1a"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-
20010315#WithComments"/></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>uzFss3E1BHPbYzamOJHpsZuXfKY=</ds:DigestValue></ds:Reference><ds:Refe
rence Id="SignedProperties-Reference_b8ef6db9-74e5-4e30-962e-56502be99f1a_26" Type="http://uri.etsi.org/01903#SignedProperties"
URI="#SignedProperties_b8ef6db9-74e5-4e30-962e-56502be99f1a_40"><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>Dy0BtBRJ2Bgd5TcH9/mO8aFha4M=</ds:DigestValue></ds:Reference></ds:Sig
nedInfo><ds:SignatureValue Id="SignatureValue_b8ef6db9-74e5-4e30-962e-
56502be99f1a_5c">VThbZP+62w6bkgZCeJaXUmzZI6j7ew/8cvk1ttpiisqnA75fm/j2xbHD7uFas5xo
UkSVPJYbq9lyc5S1NJ73q/AB77zsQsh8yhNDKhp+6B890ar+cPJ6W6u2fc9V5Xxw
6zvVkD0VEaGmkklrQBnyhUKd/mggDO7Kbmx9nyDF80cAjl87+q97zNgAM1yipqhH
zTs19ebGGj82WcPFmiMOU7q+UVx1cxZ2JpxdD4qjE2K4l9hplDdgGrQhBMnS9N6N
u0BsXtWZpBqGTk+UGdquo3ZVqKOxArQv176o04k25/g/6IRQWkfB6ltP9TkwzljX
d9KrYgBkfgA/MKBgIfHLug==</ds:SignatureValue><ds:KeyInfo Id="KeyInfo_b8ef6db9-74e5-4e30-962e-
56502be99f1a_2a"><ds:X509Data><ds:X509Certificate>MIIC8jCCAlugAwIBAgICAPIwDQYJKoZIhvcNAQEFBQAwejELMAkGA1UEBhMCUEwx
DTALBgNVBAgTBFRlc3QxDTALBgNVBAcTBFRlc3QxDTALBgNVBAoTBFRlc3QxDTAL
BgNVBAsTBFRlc3QxDTALBgNVBAMTBFRlc3QxIDAeBgkqhkiG9w0BCQEWEXRlc3RA
dGVzdHRlc3R0ZXN0MB4XDTE0MTAyMjE3MjQyN1oXDTIzMDMxNDE3MjQyN1owYzEW
MBQGA1UEAxMNSW1pZSBOYXp3aXNrbzELMAkGA1UEBhMCUEwxDTALBgNVBCoTBElt
aWUxETAPBgNVBAQTCE5hendpc2tvMRowGAYDVQQFExFQRVNFTDoxMTExMTExMTEx
MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKvqPz8HvNPT1fdswJTs
Aed5DPHmg6vTtkS9PfLAiIFhL/jpsBELhEI3Xt6cPP4dmMufNmUOtp9xRJ07bgsa
Berq3IOE2fHL+L3BCp7h64FNU3mkJKFE3OST5e0TryBrtKWQ5iC/8TgQEeqLqkxB
/2Hx0U8zu5g3AFk1o69wJb3sWq//xnaFbIj/pR92kykREBp5czRq6YwECaEykp9W
jmTO3TB36IsNRDskXw4RB+tkNs72ycPJQ5eO/H5qusdkt8stLCSZKskUClaoNu79
KpWRKfXfdT6iMVSE3/7E+dW3Kq40MR4RMdVU/5OockbVjbbGv+sRC+Ioq+fZYVu9
HO8CAwEAAaMaMBgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwDQYJKoZIhvcNAQEF
BQADgYEAp3/Ocqs7aRSQpItrSjwAEps0Z/JIEhkF2t6e2MYRHD2O6e+Kp2rXXmG3
IFIjkv2Wi4TClouWMpXbH3Poxa7Zj0HoRyBHT5DESMxRr8y+2vwZ2Gw5bRFc5hkY
S2sF1F/6vtoFAPCoIwZwXXZmx2lxTSA4zCnfbR9f6Akj75FYeM8=</ds:X509Certificate></ds:X509Data></ds:KeyInfo><ds:Object><xades:QualifyingProperti
es xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="QualifyingProperties_b8ef6db9-74e5-4e30-962e-56502be99f1a_4d"
Target="#Signature_b8ef6db9-74e5-4e30-962e-56502be99f1a_17"><xades:SignedProperties Id="SignedProperties_b8ef6db9-74e5-4e30-962e-
56502be99f1a_40"><xades:SignedSignatureProperties Id="SignedSignatureProperties_b8ef6db9-74e5-4e30-962e-
56502be99f1a_04"><xades:SigningTime>2015-01-
13T14:37:57</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>HmZuitMpvTKppcrmjJIVnuOauCY=</ds:DigestValue></xades:CertDigest><xad
es:IssuerSerial><ds:X509IssuerName>EMAIL=test@testtesttest,CN=Test,OU=Test,O=Test,L=Test,ST=Test,C=PL</ds:X509IssuerName><ds:X509SerialN
umber>242</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate></xades:SignedSignatureProperties><xades:Sig
nedDataObjectProperties Id="SignedDataObjectProperties_b8ef6db9-74e5-4e30-962e-56502be99f1a_45"><xades:DataObjectFormat
ObjectReference="#Reference1_b8ef6db9-74e5-4e30-962e-56502be99f1a_29"><xades:Description>MIME-Version: 1.0
Content-Type: application/zip
Content-Transfer-Encoding: binary
Content-Disposition: filename="PIT-11Z.zip"</xades:Description><xades:ObjectIdentifier><xades:Identifier
Qualifier="OIDAsURI">http://www.certum.pl/OIDAsURI/signedFile/1.2.616.1.113527.3.1.1.3.1</xades:Identifier><xades:Description>Opis
formatu dokumentu oraz jego pełna
nazwa</xades:Description><xades:DocumentationReferences><xades:DocumentationReference>http://www.certum.pl/OIDAsURI/signedFile.pdf</xade
s:DocumentationReference></xades:DocumentationReferences></xades:ObjectIdentifier><xades:MimeType>application/zip</xades:MimeType></xade
s:DataObjectFormat><xades:CommitmentTypeIndication><xades:CommitmentTypeId><xades:Identifier>http://uri.etsi.org/01903/v1.2.2#ProofOfApp
roval</xades:Identifier></xades:CommitmentTypeId><xades:AllSignedDataObjects/></xades:CommitmentTypeIndication></xades:SignedDataObjectP
roperties></xades:SignedProperties><xades:UnsignedProperties Id="UnsignedProperties_b8ef6db9-74e5-4e30-962e-
56502be99f1a_5b"/></xades:QualifyingProperties></ds:Object><ds:Object Encoding="http://www.w3.org/2000/09/xmldsig#base64"
Id="Object1_b8ef6db9-74e5-4e30-962e-
56502be99f1a">UEsDBBQAAAAIAIR8LUbQEyrgdQQAALMeAAALAAAAUElULTExWi54bWztmc9u00AQxs/wFJZPcGjXdkIhKDGqmhaFQmIlRRW5oK29tI7/bGQ7GPsIQjwEr0Pfi5
mNEzuZFglOIGy1+uL5zc6uP2edkdx/8SkKtY8iSX0ZD3Tz0NA1EbvS8+Prgf724uzgma6lGY89HspYDPRCpPoL+2F/KIKQJ9xdcA0qxOlAv8my5XPG3MQ7vJYfD5chy0uZMMswu8
y0mGUxs9ftMX2d/zxOrbvGAGSpeyMinhXMK30B/7HMBYs+YCmTGUfMMpkYsqH44Me+uxAXxbJolO38QVm1QkOVdUYXU6bbDzU4+mN+HUJWsD5VoXPpnckkWsHVl1wLpDcr0kxEMi
8GOow9ME3tkWU+1hE50uNZsFJA1xLplXwxl1cy93nJY58P9Lmu5WD+gs9wcVDCOjBOdXtdaN5nO7M1VnHJE5/HWYNZZp/VUTriRITzUJYCptWWsoQ1vT/SbRhUg2b6VAY2GtNn8G
n38t8mpfBWtgFHn23PK8fYrmV9sCDyZWbC1YccJr39zLPYD/RGSfgmPJ+k8oqPfbilZeGWcb2SOmU8cmxzc8C6NzGa6Ygw5mNe5tw+G03fHK9z6+gdQ6anLyfjqnw9RU3q1bK7l7
tmm6vdXjxg2CFZsRzoL/W7bHTsjmV0Gz5uL6g2z9rcMNM41isjATWNpGae7Szt125aWzfvyR5FvnB8keRpKWw8AXP24/cMRcf9NJD25sN65ObsnlFDnvG3sGHWX0uzZ5gH6g8G79
H9u8nud6Auf+wlIp1zWH1aBrgTq82p4rBfp8dDMPYBHHW6I0MIbWNww84TvljZzmucsw40ky7lQuRQOculfTk6fX0+cSavZ+ejUxiyi5ujHHxAZPb5dHIxmc3f3X6BETBgS5q5Ly
M/5tvUMaRtgs2scTKU0Qp3e33W5G98sUhdmcvUtd+MTl/NTiaXk9kJpO/CPQMc6ZYZPPngm3SgNsxevJmuYtx2JifzC9iRdajyme0YTe8pvWfNTbnZKVWs3nxiVrqluJb4TNqr6r
y3umgJKkVPbEOhJxQdVeiIoqcVekrRswo9o6hXoR5BHQMRKkVmhUyKrApZFHUq1KGoW6EuRcoNVIqUG6gUKTdQKVJuoFLUqxB1o6vcQKVIuYFKkXIDlSLlBipFyg1UipQbqBQpN1
ApUm6gUqTcQKWoVyHqxhPlBipFyg1UipQbqBQpN1ApUm6gUqTcQKVIuYFKkXIDlSLlBipFvQpRN46UG6gUKTdQKVJuoFKk3EClSLmBSpFyA5Ui5QYqRcoNVIqUG6gU9SpE3Xiq3E
ClSLmBSpGFz0PU3WcrfZA2Cf/Hup3Ob3c7VtvttN1O2+3sorbbaaK229kebbfTdjttt/O3dDvd3+52Om2303Y7bbezi9pup4nabmd7tN1O2+38D93OysVfZGHPubZyb4orH8809T
Lzx9cykJG2rN7tce06kaWvSW8JEN+08jCWt99/fNOW0AblPkZiruUa/JyIIIUyAU/iItJSUChYRIcw/3bGh31WvW1W6/kJUEsBAj8AFAAAAAgAhHwtRtATKuB1BAAAsx4AAAsAJA
AAAAAAAAAgAAAAAAAAAFBJVC0xMVoueG1sCgAgAAAAAAABABgAydA7RD4v0AFeAf/rt+7PAV4B/+u37s8BUEsFBgAAAAABAAEAXQAAAJ4EAAAAAA==</ds:Object>
</ds:Signature>

波兰语描述:

  

Przed podpisaniem deklaracja zbiorcza(PIT-11Z,PIT-8CZ,PIT-40Z,   PIT-RZ)音乐zostaćumieszczonaw archiwum ZIP。 W tym przypadku,   podpisywany jest plik archiwum ZIP,przyjmującywpodpisie XAdES-BES   formęzaakodowanąbase64。

Specification_PL

1 个答案:

答案 0 :(得分:0)

在我看来,你必须创建一个分离的签名(Content-Disposition),其中文件只是一个使用MIME传输的二进制.zip。然而,MIME本身将使用base 64进行编码。

<xades:DataObjectFormat ObjectReference="#Reference1_b8ef6db9-74e5-4e30-962e-56502be99f1a_29">
    <xades:Description>
         MIME-Version: 1.0
         Content-Type: application/zip
         Content-Transfer-Encoding: binary <-- *** binary, not base 64 ***
         Content-Disposition: filename="PIT-11Z.zip"
    </xades:Description>
    <xades:ObjectIdentifier>
        <xades:Identifier Qualifier="OIDAsURI">http://www.certum.pl/OIDAsURI/signedFile/1.2.616.1.113527.3.1.1.3.1</xades:Identifier>
        <xades:Description>Opis formatu dokumentu oraz jego pełna nazwa</xades:Description>
        <xades:DocumentationReferences>
            <xades:DocumentationReference>http://www.certum.pl/OIDAsURI/signedFile.pdf</xades:DocumentationReference>
        </xades:DocumentationReferences>
    </xades:ObjectIdentifier>
    <xades:MimeType>application/zip</xades:MimeType>
</xades:DataObjectFormat>

请注意,即使SignedXml.ComputeSignature sample code也会创建分离签名而不是嵌入式签名。