XAdES.SignatureMethod

Hi 

How change default rsa-sha256 -> SHA-1 ?

--
Kazimierz Latwiec
Hi,
SHA-1 is not supported to sign with XAdES, only to verify the signature. We made this choice because SHA-1 is no longer trusted by cryptography community and we support only strong algorithms in TMS Cryptography Pack.
Best regards,
Marion
Hello,
Do you know how to do it type: Type="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
file xml:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">
<ds:SignedInfo Id="SignedInfo_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference Id="Reference_f5aeca07-e3f4-4bf6-9aec-8637f73a9918" Type="http://www.w3.org/2000/09/xmldsig#enveloped-signature" URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>E4PzNAXL9DOERi8iReyFM3hehmk=</ds:DigestValue>
</ds:Reference>
<ds:Reference Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties" URI="#SignedProperties_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>hcDLfkK7Q8hR6dsuptmw7FQXTLw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
.......
</ds:Signature>

Hello,
I am not sure to understand your issue. Do you want to verify this signature?
Best regards,
Marion

I have an XML file. I would like to sign it Xades .pfx file. 

Is it possible to receive such a signature?

Signature result:

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">

<ds:SignedInfo Id="SignedInfo_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

<ds:Reference Id="Reference_f5aeca07-e3f4-4bf6-9aec-8637f73a9918" Type="http://www.w3.org/2000/09/xmldsig#enveloped-signature" URI="">

<ds:Transforms>

<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>E4PzNAXL9DOERi8iReyFM3hehmk=</ds:DigestValue>

</ds:Reference>

<ds:Reference Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties" URI="#SignedProperties_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>hcDLfkK7Q8hR6dsuptmw7FQXTLw=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>


Is it possible to get such an xml file? SHA2 is OK


Best regards, Kaziu

Sorry is file:<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="id-da97dee7f632"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>5Lwi8kqkGVGzASlZz8dmySahR17QxMXII4uPi5kRrPE=</ds:DigestValue></ds:Reference><ds:Reference URI="#xades-id-da97dee7f632" Type="http://uri.etsi.org/01903#SignedProperties"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>1Iubybz/F49KgI0BetijHzOnPeBwogdXkkl8al2wtyg=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>daW4e/Hert2YfeXXBx8GGc76uHcytfjBPaVXfWlotnxHOlQzKavourdj0un3zaMI67wJDkSxDtfpdKAO96qK9spnx+WLDVsJxdeIpQ376ygIv4MYNVfA3YrqJJ/LrhWPJ80cxKjUZqVHP8BcZI2REQjKMxH8rNWaWhdsmoVFjBzIjYynDc8B5Yqs0j8M9zlmN1WdDUXEuLbLHr5yGT7smHuMf3v+BnjxsisF7qzGQRhXBIiVZN9EdzoYiiHGWGYn18rCad3GCmNLiSvK0EO39sH4mn9uSJ631BXNNeRbJ9PDEc8F3bHbau03+BiI4HjzEKzZ9+lUJPuoqpYIh0oMlQ==</ds:SignatureValue><ds:KeyInfo><ds:KeyValue><ds:RSAKeyValue><ds:Modulus>o2oIcnvjFBjf2y9NOFR8Z++UhCXA3A/48x8BwO+oazQFyjTQWtfeQxR3AVVybxJ28tNlL1ubY/RH1+rsv3iwFoSQQaDbDlHu34Soxoz+5xpqwUfxCUY4sgii7/PEOFOLfvNkfPajqVzDkV8TWLDbfp/EOEf26dRoFeemENZ+JZ9v7/647aKiyk9nQ9choo37Itn8rRUjfWaSS49LGRNiSUv7UkugJ9wX2/0+YMrSAH7GHINh2dIxImO9nnF3cNck2F/jK+RJnB/XOYwqOCVVROOl+ZesBguxAswrPArQsJT4oa65sfBOn+tA/sVACZ9M1nlsjJTsJzX952IMU9AouQ==</ds:Modulus><ds:Exponent>AQAB</ds:Exponent></ds:RSAKeyValue></ds:KeyValue><ds:X509Data><ds:X509Certificate>MIIFlTCCA32gAwIBAgITIwAGHXCTlI/6xl9mFAAAAAYdcDANBgkqhkiG9w0BAQsFADA2MQswCQYDVQQGEwJQTDEMMAoGA1UECgwDWlVTMRkwFwYDVQQDDBBlWkxBWlVTSXNzdWluZ0NBMB4XDTE4MDIxOTEzMjk0OVoXDTIwMDIxOTEzMjk0OVowRzEaMBgGA1UEBRMRUE5PUEwtOTAwMjA4MDY3NDYxCzAJBgNVBAYTAlBMMRwwGgYDVQQDDBNNQVJUQSDFgU9TWkFLSUVXSUNaMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2oIcnvjFBjf2y9NOFR8Z++UhCXA3A/48x8BwO+oazQFyjTQWtfeQxR3AVVybxJ28tNlL1ubY/RH1+rsv3iwFoSQQaDbDlHu34Soxoz+5xpqwUfxCUY4sgii7/PEOFOLfvNkfPajqVzDkV8TWLDbfp/EOEf26dRoFeemENZ+JZ9v7/647aKiyk9nQ9choo37Itn8rRUjfWaSS49LGRNiSUv7UkugJ9wX2/0+YMrSAH7GHINh2dIxImO9nnF3cNck2F/jK+RJnB/XOYwqOCVVROOl+ZesBguxAswrPArQsJT4oa65sfBOn+tA/sVACZ9M1nlsjJTsJzX952IMU9AouQIDAQABo4IBiTCCAYUwHQYDVR0OBBYEFDr6IUi56lN8MZ+51zDmtr/9deK/MB8GA1UdIwQYMBaAFGcVneJk+qmhGncW6Sd+PaNzne77MFkGA1UdHwRSMFAwTqBMoEqGSGh0dHA6Ly9vY3NwLWV6bGEubm9ydGhldXJvcGUuY2xvdWRhcHAuYXp1cmUuY29tL2NybC9lWkxBWlVTSXNzdWluZ0NBLmNybDCBqAYIKwYBBQUHAQEEgZswgZgwQAYIKwYBBQUHMAGGNGh0dHA6Ly9vY3NwLWV6bGEubm9ydGhldXJvcGUuY2xvdWRhcHAuYXp1cmUuY29tL29jc3AwVAYIKwYBBQUHMAKGSGh0dHA6Ly9vY3NwLWV6bGEubm9ydGhldXJvcGUuY2xvdWRhcHAuYXp1cmUuY29tL2FpYS9lWkxBWlVTSXNzdWluZ0NBLmNydDA9BgkrBgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiDj5Jugq/NAoLllwyH8JYLhu+/GW+DmLcogd3oOwIBZAIBKTANBgkqhkiG9w0BAQsFAAOCAgEAdslSkmXzxv1o+/+G+FfzzAHiUXaBjkD/MkTVbLmWubF2d4aOs+THwRcQi7b1Ph3T6xT7WDDIsmZom/octBp2U53SNskxErnBbJfIEDtB6V/zsvQGV+TrC/CiHKuguefo5T6CEFSU0fFKSBxJLGne6QVFi9i7nEooRi+fh3EDBcZRa8zDfyGbdxGG1j6IJvocfSOxVQvz1dEqbDhlduIRaZRVOo0FcqyVT37AKgWJSGsddeTHd7MSgjFCOTF5d4hpksIQjLJTsq2c6fl26nks5xo7KqUTrlmmWKYqT/rwKWZDS+bEeUISuHT1huAXuXzO4imK3VnLNPk5xw8lRH1Hju5S7TmQKN6IVPI/dSRgN4FyeWG41btDwK9e+lUBwrh+6zvf4KUZomtiCU6Q3ZbrcyJ3Pc3wTcMqDldw+8UVPb86QS5qQfp17hdsl6+819YQOsR6TGJUuYn/AiyFpnekoZN91TisbF5S9p/P9bidGbg3dRWE+XFVLRHhn7XbglTuv8wJ6CEKSsfY0KnUvoEhD+OZORF2Or7yDTSdTZ+qGJn6htJgxrBBwt9ycL9tP2xXdcuO8HQ9zvj8v1yJfh4EQ4DBqzROADF7KNtCYFYDJ/Flj+fAiWpAzb3hIWo06Gw3+MS/xEUUXHOlHWvyiDaKg4WqphWNtQkjlU0va1E/LK8=</ds:X509Certificate></ds:X509Data></ds:KeyInfo><ds:Object><xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Target="#id-da97dee7f632"><xades:SignedProperties Id="xades-id-da97dee7f632"><xades:SignedSignatureProperties><xades:SigningTime>2018-04-27T07:09:23.252Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>rtYXVRspoZ34mnrR+Zs6qsZ5yLHokKojPFDkhmuVnHw=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>C=PL, O=ZUS, CN=eZLAZUSIssuingCA</ds:X509IssuerName><ds:X509SerialNumber>780528162774915746042305482786243075648134512</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate>



My problem is:

<xades:IssuerSerial><ds:X509IssuerName>C=PL, O=ZUS, CN=eZLAZUSIssuingCA</ds:X509IssuerName><ds:X509SerialNumber>780528162774915746042305482786243075648134512</ds:X509SerialNumber></xades:IssuerSerial>

How createds:X509IssuerName ?

Hi,
Our implementation of XAdES does not include all options. We use <xades:IssuerSerialV2> instead of <xades:IssuerSerial>.
Best regards,
Marion

Hi, 

Do you have examples of files signed by these canonicalizations? It is easier to understand the gap between these and our supported canonicalization, instead of reading the documentation. 
Best regards,
Marion
Yes i have, tell me how can i send you.
Regards,
Giovanni

Thanks, you can send the files at marion@tmssoftware.com

Best regards,
Marion
File sent.
Best regards,
Giovanni