Web forum is in read-only mode. Login as active registered customer for write access
  Forum Search   New Posts New Posts

XAdES.SignatureMethod

 Post Reply Post Reply
Author
Latawiec Kazimierz View Drop Down
New Member
New Member
Avatar

Joined: 19 Dec 2018
Posts: 9
Post Options Post Options   Quote Latawiec Kazimierz Quote  Post ReplyReply Direct Link To This Post Topic: XAdES.SignatureMethod
    Posted: 21 Dec 2018 at 11:04am
Hi 
How change default rsa-sha256 -> SHA-1 ?

--
Kazimierz Latwiec
Back to Top
Marion Candau View Drop Down
Member
Member
Avatar

Joined: 12 Aug 2016
Posts: 83
Post Options Post Options   Quote Marion Candau Quote  Post ReplyReply Direct Link To This Post Posted: 21 Dec 2018 at 11:11am
Hi,
SHA-1 is not supported to sign with XAdES, only to verify the signature. We made this choice because SHA-1 is no longer trusted by cryptography community and we support only strong algorithms in TMS Cryptography Pack.
Best regards,
Marion
Back to Top
Latawiec Kazimierz View Drop Down
New Member
New Member
Avatar

Joined: 19 Dec 2018
Posts: 9
Post Options Post Options   Quote Latawiec Kazimierz Quote  Post ReplyReply Direct Link To This Post Posted: 29 Dec 2018 at 1:06pm
Hello,
Do you know how to do it type: Type="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
file xml:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">
<ds:SignedInfo Id="SignedInfo_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference Id="Reference_f5aeca07-e3f4-4bf6-9aec-8637f73a9918" Type="http://www.w3.org/2000/09/xmldsig#enveloped-signature" URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>E4PzNAXL9DOERi8iReyFM3hehmk=</ds:DigestValue>
</ds:Reference>
<ds:Reference Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties" URI="#SignedProperties_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>hcDLfkK7Q8hR6dsuptmw7FQXTLw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
.......
</ds:Signature>

Back to Top
Marion Candau View Drop Down
Member
Member
Avatar

Joined: 12 Aug 2016
Posts: 83
Post Options Post Options   Quote Marion Candau Quote  Post ReplyReply Direct Link To This Post Posted: 03 Jan 2019 at 8:58am
Hello,
I am not sure to understand your issue. Do you want to verify this signature?
Best regards,
Marion
Back to Top
Latawiec Kazimierz View Drop Down
New Member
New Member
Avatar

Joined: 19 Dec 2018
Posts: 9
Post Options Post Options   Quote Latawiec Kazimierz Quote  Post ReplyReply Direct Link To This Post Posted: 07 Jan 2019 at 2:48pm

I have an XML file. I would like to sign it Xades .pfx file. 

Is it possible to receive such a signature?

Signature result:

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">

<ds:SignedInfo Id="SignedInfo_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

<ds:Reference Id="Reference_f5aeca07-e3f4-4bf6-9aec-8637f73a9918" Type="http://www.w3.org/2000/09/xmldsig#enveloped-signature" URI="">

<ds:Transforms>

<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>E4PzNAXL9DOERi8iReyFM3hehmk=</ds:DigestValue>

</ds:Reference>

<ds:Reference Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties" URI="#SignedProperties_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>hcDLfkK7Q8hR6dsuptmw7FQXTLw=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>


Is it possible to get such an xml file? SHA2 is OK


Best regards, Kaziu

Back to Top
Latawiec Kazimierz View Drop Down
New Member
New Member
Avatar

Joined: 19 Dec 2018
Posts: 9
Post Options Post Options   Quote Latawiec Kazimierz Quote  Post ReplyReply Direct Link To This Post Posted: 07 Jan 2019 at 3:14pm
Sorry is file:<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="id-da97dee7f632"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>5Lwi8kqkGVGzASlZz8dmySahR17QxMXII4uPi5kRrPE=</ds:DigestValue></ds:Reference><ds:Reference URI="#xades-id-da97dee7f632" Type="http://uri.etsi.org/01903#SignedProperties"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>1Iubybz/F49KgI0BetijHzOnPeBwogdXkkl8al2wtyg=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>daW4e/Hert2YfeXXBx8GGc76uHcytfjBPaVXfWlotnxHOlQzKavourdj0un3zaMI67wJDkSxDtfpdKAO96qK9spnx+WLDVsJxdeIpQ376ygIv4MYNVfA3YrqJJ/LrhWPJ80cxKjUZqVHP8BcZI2REQjKMxH8rNWaWhdsmoVFjBzIjYynDc8B5Yqs0j8M9zlmN1WdDUXEuLbLHr5yGT7smHuMf3v+BnjxsisF7qzGQRhXBIiVZN9EdzoYiiHGWGYn18rCad3GCmNLiSvK0EO39sH4mn9uSJ631BXNNeRbJ9PDEc8F3bHbau03+BiI4HjzEKzZ9+lUJPuoqpYIh0oMlQ==</ds:SignatureValue><ds:KeyInfo><ds:KeyValue><ds:RSAKeyValue><ds:Modulus>o2oIcnvjFBjf2y9NOFR8Z++UhCXA3A/48x8BwO+oazQFyjTQWtfeQxR3AVVybxJ28tNlL1ubY/RH1+rsv3iwFoSQQaDbDlHu34Soxoz+5xpqwUfxCUY4sgii7/PEOFOLfvNkfPajqVzDkV8TWLDbfp/EOEf26dRoFeemENZ+JZ9v7/647aKiyk9nQ9choo37Itn8rRUjfWaSS49LGRNiSUv7UkugJ9wX2/0+YMrSAH7GHINh2dIxImO9nnF3cNck2F/jK+RJnB/XOYwqOCVVROOl+ZesBguxAswrPArQsJT4oa65sfBOn+tA/sVACZ9M1nlsjJTsJzX952IMU9AouQ==</ds:Modulus><ds:Exponent>AQAB</ds:Exponent></ds:RSAKeyValue></ds:KeyValue><ds:X509Data><ds:X509Certificate>MIIFlTCCA32gAwIBAgITIwAGHXCTlI/6xl9mFAAAAAYdcDANBgkqhkiG9w0BAQsFADA2MQswCQYDVQQGEwJQTDEMMAoGA1UECgwDWlVTMRkwFwYDVQQDDBBlWkxBWlVTSXNzdWluZ0NBMB4XDTE4MDIxOTEzMjk0OVoXDTIwMDIxOTEzMjk0OVowRzEaMBgGA1UEBRMRUE5PUEwtOTAwMjA4MDY3NDYxCzAJBgNVBAYTAlBMMRwwGgYDVQQDDBNNQVJUQSDFgU9TWkFLSUVXSUNaMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2oIcnvjFBjf2y9NOFR8Z++UhCXA3A/48x8BwO+oazQFyjTQWtfeQxR3AVVybxJ28tNlL1ubY/RH1+rsv3iwFoSQQaDbDlHu34Soxoz+5xpqwUfxCUY4sgii7/PEOFOLfvNkfPajqVzDkV8TWLDbfp/EOEf26dRoFeemENZ+JZ9v7/647aKiyk9nQ9choo37Itn8rRUjfWaSS49LGRNiSUv7UkugJ9wX2/0+YMrSAH7GHINh2dIxImO9nnF3cNck2F/jK+RJnB/XOYwqOCVVROOl+ZesBguxAswrPArQsJT4oa65sfBOn+tA/sVACZ9M1nlsjJTsJzX952IMU9AouQIDAQABo4IBiTCCAYUwHQYDVR0OBBYEFDr6IUi56lN8MZ+51zDmtr/9deK/MB8GA1UdIwQYMBaAFGcVneJk+qmhGncW6Sd+PaNzne77MFkGA1UdHwRSMFAwTqBMoEqGSGh0dHA6Ly9vY3NwLWV6bGEubm9ydGhldXJvcGUuY2xvdWRhcHAuYXp1cmUuY29tL2NybC9lWkxBWlVTSXNzdWluZ0NBLmNybDCBqAYIKwYBBQUHAQEEgZswgZgwQAYIKwYBBQUHMAGGNGh0dHA6Ly9vY3NwLWV6bGEubm9ydGhldXJvcGUuY2xvdWRhcHAuYXp1cmUuY29tL29jc3AwVAYIKwYBBQUHMAKGSGh0dHA6Ly9vY3NwLWV6bGEubm9ydGhldXJvcGUuY2xvdWRhcHAuYXp1cmUuY29tL2FpYS9lWkxBWlVTSXNzdWluZ0NBLmNydDA9BgkrBgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiDj5Jugq/NAoLllwyH8JYLhu+/GW+DmLcogd3oOwIBZAIBKTANBgkqhkiG9w0BAQsFAAOCAgEAdslSkmXzxv1o+/+G+FfzzAHiUXaBjkD/MkTVbLmWubF2d4aOs+THwRcQi7b1Ph3T6xT7WDDIsmZom/octBp2U53SNskxErnBbJfIEDtB6V/zsvQGV+TrC/CiHKuguefo5T6CEFSU0fFKSBxJLGne6QVFi9i7nEooRi+fh3EDBcZRa8zDfyGbdxGG1j6IJvocfSOxVQvz1dEqbDhlduIRaZRVOo0FcqyVT37AKgWJSGsddeTHd7MSgjFCOTF5d4hpksIQjLJTsq2c6fl26nks5xo7KqUTrlmmWKYqT/rwKWZDS+bEeUISuHT1huAXuXzO4imK3VnLNPk5xw8lRH1Hju5S7TmQKN6IVPI/dSRgN4FyeWG41btDwK9e+lUBwrh+6zvf4KUZomtiCU6Q3ZbrcyJ3Pc3wTcMqDldw+8UVPb86QS5qQfp17hdsl6+819YQOsR6TGJUuYn/AiyFpnekoZN91TisbF5S9p/P9bidGbg3dRWE+XFVLRHhn7XbglTuv8wJ6CEKSsfY0KnUvoEhD+OZORF2Or7yDTSdTZ+qGJn6htJgxrBBwt9ycL9tP2xXdcuO8HQ9zvj8v1yJfh4EQ4DBqzROADF7KNtCYFYDJ/Flj+fAiWpAzb3hIWo06Gw3+MS/xEUUXHOlHWvyiDaKg4WqphWNtQkjlU0va1E/LK8=</ds:X509Certificate></ds:X509Data></ds:KeyInfo><ds:Object><xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Target="#id-da97dee7f632"><xades:SignedProperties Id="xades-id-da97dee7f632"><xades:SignedSignatureProperties><xades:SigningTime>2018-04-27T07:09:23.252Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>rtYXVRspoZ34mnrR+Zs6qsZ5yLHokKojPFDkhmuVnHw=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>C=PL, O=ZUS, CN=eZLAZUSIssuingCA</ds:X509IssuerName><ds:X509SerialNumber>780528162774915746042305482786243075648134512</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate>


My problem is:

<xades:IssuerSerial><ds:X509IssuerName>C=PL, O=ZUS, CN=eZLAZUSIssuingCA</ds:X509IssuerName><ds:X509SerialNumber>780528162774915746042305482786243075648134512</ds:X509SerialNumber></xades:IssuerSerial>

How createds:X509IssuerName ?

Back to Top
Marion Candau View Drop Down
Member
Member
Avatar

Joined: 12 Aug 2016
Posts: 83
Post Options Post Options   Quote Marion Candau Quote  Post ReplyReply Direct Link To This Post Posted: 07 Jan 2019 at 5:17pm
Hi,
Our implementation of XAdES does not include all options. We use <xades:IssuerSerialV2> instead of <xades:IssuerSerial>.
Best regards,
Marion
Back to Top
Piccinni Giovanni View Drop Down
New Member
New Member
Avatar

Joined: 18 Jul 2018
Posts: 19
Post Options Post Options   Quote Piccinni Giovanni Quote  Post ReplyReply Direct Link To This Post Posted: 04 Jan 2020 at 8:36am
Are you planning a further implementation of the hashing and signature algorithms?
The Italian tax system uses these canonicalization, hashing and signature algorithms:
https://www.w3.org/TR/xml-c14n/
https://www.w3.org/TR/xmldsig-core/
https://www.w3.org/TR/xmlenc-core/
Supportin supporting these ones your product would become an alternative to much more expensive products.
Best Regards,
Giovanni


Back to Top
Marion Candau View Drop Down
Member
Member
Avatar

Joined: 12 Aug 2016
Posts: 83
Post Options Post Options   Quote Marion Candau Quote  Post ReplyReply Direct Link To This Post Posted: 06 Jan 2020 at 8:59am
Hi, 
Do you have examples of files signed by these canonicalizations? It is easier to understand the gap between these and our supported canonicalization, instead of reading the documentation. 
Best regards,
Marion
Back to Top
Piccinni Giovanni View Drop Down
New Member
New Member
Avatar

Joined: 18 Jul 2018
Posts: 19
Post Options Post Options   Quote Piccinni Giovanni Quote  Post ReplyReply Direct Link To This Post Posted: 06 Jan 2020 at 11:11am
Yes i have, tell me how can i send you.
Regards,
Giovanni
Back to Top
Marion Candau View Drop Down
Member
Member
Avatar

Joined: 12 Aug 2016
Posts: 83
Post Options Post Options   Quote Marion Candau Quote  Post ReplyReply Direct Link To This Post Posted: 06 Jan 2020 at 11:14am
Thanks, you can send the files at marion@tmssoftware.com
Best regards,
Marion
Back to Top
Piccinni Giovanni View Drop Down
New Member
New Member
Avatar

Joined: 18 Jul 2018
Posts: 19
Post Options Post Options   Quote Piccinni Giovanni Quote  Post ReplyReply Direct Link To This Post Posted: 06 Jan 2020 at 6:49pm
File sent.
Best regards,
Giovanni
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down