Web forum is in read-only mode. Login as active registered customer for write access
  Forum Search   New Posts New Posts

XAdES.SignatureMethod

 Post Reply Post Reply
Author
Marion Candau View Drop Down
Member
Member
Avatar

Joined: 12 Aug 2016
Posts: 70
Post Options Post Options   Quote Marion Candau Quote  Post ReplyReply Direct Link To This Post Topic: XAdES.SignatureMethod
    Posted: 07 Jan 2019 at 5:17pm
Hi,
Our implementation of XAdES does not include all options. We use <xades:IssuerSerialV2> instead of <xades:IssuerSerial>.
Best regards,
Marion
Back to Top
Latawiec Kazimierz View Drop Down
New Member
New Member
Avatar

Joined: 19 Dec 2018
Posts: 9
Post Options Post Options   Quote Latawiec Kazimierz Quote  Post ReplyReply Direct Link To This Post Posted: 07 Jan 2019 at 3:14pm
Sorry is file:<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="id-da97dee7f632"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>5Lwi8kqkGVGzASlZz8dmySahR17QxMXII4uPi5kRrPE=</ds:DigestValue></ds:Reference><ds:Reference URI="#xades-id-da97dee7f632" Type="http://uri.etsi.org/01903#SignedProperties"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>1Iubybz/F49KgI0BetijHzOnPeBwogdXkkl8al2wtyg=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>daW4e/Hert2YfeXXBx8GGc76uHcytfjBPaVXfWlotnxHOlQzKavourdj0un3zaMI67wJDkSxDtfpdKAO96qK9spnx+WLDVsJxdeIpQ376ygIv4MYNVfA3YrqJJ/LrhWPJ80cxKjUZqVHP8BcZI2REQjKMxH8rNWaWhdsmoVFjBzIjYynDc8B5Yqs0j8M9zlmN1WdDUXEuLbLHr5yGT7smHuMf3v+BnjxsisF7qzGQRhXBIiVZN9EdzoYiiHGWGYn18rCad3GCmNLiSvK0EO39sH4mn9uSJ631BXNNeRbJ9PDEc8F3bHbau03+BiI4HjzEKzZ9+lUJPuoqpYIh0oMlQ==</ds:SignatureValue><ds:KeyInfo><ds:KeyValue><ds:RSAKeyValue><ds:Modulus>o2oIcnvjFBjf2y9NOFR8Z++UhCXA3A/48x8BwO+oazQFyjTQWtfeQxR3AVVybxJ28tNlL1ubY/RH1+rsv3iwFoSQQaDbDlHu34Soxoz+5xpqwUfxCUY4sgii7/PEOFOLfvNkfPajqVzDkV8TWLDbfp/EOEf26dRoFeemENZ+JZ9v7/647aKiyk9nQ9choo37Itn8rRUjfWaSS49LGRNiSUv7UkugJ9wX2/0+YMrSAH7GHINh2dIxImO9nnF3cNck2F/jK+RJnB/XOYwqOCVVROOl+ZesBguxAswrPArQsJT4oa65sfBOn+tA/sVACZ9M1nlsjJTsJzX952IMU9AouQ==</ds:Modulus><ds:Exponent>AQAB</ds:Exponent></ds:RSAKeyValue></ds:KeyValue><ds:X509Data><ds:X509Certificate>MIIFlTCCA32gAwIBAgITIwAGHXCTlI/6xl9mFAAAAAYdcDANBgkqhkiG9w0BAQsFADA2MQswCQYDVQQGEwJQTDEMMAoGA1UECgwDWlVTMRkwFwYDVQQDDBBlWkxBWlVTSXNzdWluZ0NBMB4XDTE4MDIxOTEzMjk0OVoXDTIwMDIxOTEzMjk0OVowRzEaMBgGA1UEBRMRUE5PUEwtOTAwMjA4MDY3NDYxCzAJBgNVBAYTAlBMMRwwGgYDVQQDDBNNQVJUQSDFgU9TWkFLSUVXSUNaMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2oIcnvjFBjf2y9NOFR8Z++UhCXA3A/48x8BwO+oazQFyjTQWtfeQxR3AVVybxJ28tNlL1ubY/RH1+rsv3iwFoSQQaDbDlHu34Soxoz+5xpqwUfxCUY4sgii7/PEOFOLfvNkfPajqVzDkV8TWLDbfp/EOEf26dRoFeemENZ+JZ9v7/647aKiyk9nQ9choo37Itn8rRUjfWaSS49LGRNiSUv7UkugJ9wX2/0+YMrSAH7GHINh2dIxImO9nnF3cNck2F/jK+RJnB/XOYwqOCVVROOl+ZesBguxAswrPArQsJT4oa65sfBOn+tA/sVACZ9M1nlsjJTsJzX952IMU9AouQIDAQABo4IBiTCCAYUwHQYDVR0OBBYEFDr6IUi56lN8MZ+51zDmtr/9deK/MB8GA1UdIwQYMBaAFGcVneJk+qmhGncW6Sd+PaNzne77MFkGA1UdHwRSMFAwTqBMoEqGSGh0dHA6Ly9vY3NwLWV6bGEubm9ydGhldXJvcGUuY2xvdWRhcHAuYXp1cmUuY29tL2NybC9lWkxBWlVTSXNzdWluZ0NBLmNybDCBqAYIKwYBBQUHAQEEgZswgZgwQAYIKwYBBQUHMAGGNGh0dHA6Ly9vY3NwLWV6bGEubm9ydGhldXJvcGUuY2xvdWRhcHAuYXp1cmUuY29tL29jc3AwVAYIKwYBBQUHMAKGSGh0dHA6Ly9vY3NwLWV6bGEubm9ydGhldXJvcGUuY2xvdWRhcHAuYXp1cmUuY29tL2FpYS9lWkxBWlVTSXNzdWluZ0NBLmNydDA9BgkrBgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiDj5Jugq/NAoLllwyH8JYLhu+/GW+DmLcogd3oOwIBZAIBKTANBgkqhkiG9w0BAQsFAAOCAgEAdslSkmXzxv1o+/+G+FfzzAHiUXaBjkD/MkTVbLmWubF2d4aOs+THwRcQi7b1Ph3T6xT7WDDIsmZom/octBp2U53SNskxErnBbJfIEDtB6V/zsvQGV+TrC/CiHKuguefo5T6CEFSU0fFKSBxJLGne6QVFi9i7nEooRi+fh3EDBcZRa8zDfyGbdxGG1j6IJvocfSOxVQvz1dEqbDhlduIRaZRVOo0FcqyVT37AKgWJSGsddeTHd7MSgjFCOTF5d4hpksIQjLJTsq2c6fl26nks5xo7KqUTrlmmWKYqT/rwKWZDS+bEeUISuHT1huAXuXzO4imK3VnLNPk5xw8lRH1Hju5S7TmQKN6IVPI/dSRgN4FyeWG41btDwK9e+lUBwrh+6zvf4KUZomtiCU6Q3ZbrcyJ3Pc3wTcMqDldw+8UVPb86QS5qQfp17hdsl6+819YQOsR6TGJUuYn/AiyFpnekoZN91TisbF5S9p/P9bidGbg3dRWE+XFVLRHhn7XbglTuv8wJ6CEKSsfY0KnUvoEhD+OZORF2Or7yDTSdTZ+qGJn6htJgxrBBwt9ycL9tP2xXdcuO8HQ9zvj8v1yJfh4EQ4DBqzROADF7KNtCYFYDJ/Flj+fAiWpAzb3hIWo06Gw3+MS/xEUUXHOlHWvyiDaKg4WqphWNtQkjlU0va1E/LK8=</ds:X509Certificate></ds:X509Data></ds:KeyInfo><ds:Object><xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Target="#id-da97dee7f632"><xades:SignedProperties Id="xades-id-da97dee7f632"><xades:SignedSignatureProperties><xades:SigningTime>2018-04-27T07:09:23.252Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>rtYXVRspoZ34mnrR+Zs6qsZ5yLHokKojPFDkhmuVnHw=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>C=PL, O=ZUS, CN=eZLAZUSIssuingCA</ds:X509IssuerName><ds:X509SerialNumber>780528162774915746042305482786243075648134512</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate>


My problem is:

<xades:IssuerSerial><ds:X509IssuerName>C=PL, O=ZUS, CN=eZLAZUSIssuingCA</ds:X509IssuerName><ds:X509SerialNumber>780528162774915746042305482786243075648134512</ds:X509SerialNumber></xades:IssuerSerial>

How createds:X509IssuerName ?

Back to Top
Latawiec Kazimierz View Drop Down
New Member
New Member
Avatar

Joined: 19 Dec 2018
Posts: 9
Post Options Post Options   Quote Latawiec Kazimierz Quote  Post ReplyReply Direct Link To This Post Posted: 07 Jan 2019 at 2:48pm

I have an XML file. I would like to sign it Xades .pfx file. 

Is it possible to receive such a signature?

Signature result:

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">

<ds:SignedInfo Id="SignedInfo_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

<ds:Reference Id="Reference_f5aeca07-e3f4-4bf6-9aec-8637f73a9918" Type="http://www.w3.org/2000/09/xmldsig#enveloped-signature" URI="">

<ds:Transforms>

<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>E4PzNAXL9DOERi8iReyFM3hehmk=</ds:DigestValue>

</ds:Reference>

<ds:Reference Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties" URI="#SignedProperties_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>hcDLfkK7Q8hR6dsuptmw7FQXTLw=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>


Is it possible to get such an xml file? SHA2 is OK


Best regards, Kaziu

Back to Top
Marion Candau View Drop Down
Member
Member
Avatar

Joined: 12 Aug 2016
Posts: 70
Post Options Post Options   Quote Marion Candau Quote  Post ReplyReply Direct Link To This Post Posted: 03 Jan 2019 at 8:58am
Hello,
I am not sure to understand your issue. Do you want to verify this signature?
Best regards,
Marion
Back to Top
Latawiec Kazimierz View Drop Down
New Member
New Member
Avatar

Joined: 19 Dec 2018
Posts: 9
Post Options Post Options   Quote Latawiec Kazimierz Quote  Post ReplyReply Direct Link To This Post Posted: 29 Dec 2018 at 1:06pm
Hello,
Do you know how to do it type: Type="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
file xml:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">
<ds:SignedInfo Id="SignedInfo_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference Id="Reference_f5aeca07-e3f4-4bf6-9aec-8637f73a9918" Type="http://www.w3.org/2000/09/xmldsig#enveloped-signature" URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>E4PzNAXL9DOERi8iReyFM3hehmk=</ds:DigestValue>
</ds:Reference>
<ds:Reference Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties" URI="#SignedProperties_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>hcDLfkK7Q8hR6dsuptmw7FQXTLw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
.......
</ds:Signature>

Back to Top
Marion Candau View Drop Down
Member
Member
Avatar

Joined: 12 Aug 2016
Posts: 70
Post Options Post Options   Quote Marion Candau Quote  Post ReplyReply Direct Link To This Post Posted: 21 Dec 2018 at 11:11am
Hi,
SHA-1 is not supported to sign with XAdES, only to verify the signature. We made this choice because SHA-1 is no longer trusted by cryptography community and we support only strong algorithms in TMS Cryptography Pack.
Best regards,
Marion
Back to Top
Latawiec Kazimierz View Drop Down
New Member
New Member
Avatar

Joined: 19 Dec 2018
Posts: 9
Post Options Post Options   Quote Latawiec Kazimierz Quote  Post ReplyReply Direct Link To This Post Posted: 21 Dec 2018 at 11:04am
Hi 
How change default rsa-sha256 -> SHA-1 ?

--
Kazimierz Latwiec
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down