Print Page | Close Window

XAdES.SignatureMethod

Printed From: TMS Software
Category: VCL Components
Forum Name: VCL / FMX Cryptography Pack
Forum Discription:
URL: http://www.tmssoftware.com/site/forum/forum_posts.asp?TID=12748
Printed Date: 17 Oct 2019 at 5:29pm


Topic: XAdES.SignatureMethod
Posted By: Latawiec Kazimierz
Subject: XAdES.SignatureMethod
Date Posted: 21 Dec 2018 at 11:04am
Hi 
How change default rsa-sha256 -> SHA-1 ?

--
Kazimierz Latwiec



Replies:
Posted By: Marion Candau
Date Posted: 21 Dec 2018 at 11:11am
Hi,
SHA-1 is not supported to sign with XAdES, only to verify the signature. We made this choice because SHA-1 is no longer trusted by cryptography community and we support only strong algorithms in TMS Cryptography Pack.
Best regards,
Marion


Posted By: Latawiec Kazimierz
Date Posted: 29 Dec 2018 at 1:06pm
Hello,
Do you know how to do it type: Type="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
file xml:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">
<ds:SignedInfo Id="SignedInfo_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference Id="Reference_f5aeca07-e3f4-4bf6-9aec-8637f73a9918" Type="http://www.w3.org/2000/09/xmldsig#enveloped-signature" URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>E4PzNAXL9DOERi8iReyFM3hehmk=</ds:DigestValue>
</ds:Reference>
<ds:Reference Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties" URI="#SignedProperties_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>hcDLfkK7Q8hR6dsuptmw7FQXTLw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
.......
</ds:Signature>



Posted By: Marion Candau
Date Posted: 03 Jan 2019 at 8:58am
Hello,
I am not sure to understand your issue. Do you want to verify this signature?
Best regards,
Marion


Posted By: Latawiec Kazimierz
Date Posted: 07 Jan 2019 at 2:48pm

I have an XML file. I would like to sign it Xades .pfx file. 

Is it possible to receive such a signature?

Signature result:

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">

<ds:SignedInfo Id="SignedInfo_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

<ds:Reference Id="Reference_f5aeca07-e3f4-4bf6-9aec-8637f73a9918" Type="http://www.w3.org/2000/09/xmldsig#enveloped-signature" URI="">

<ds:Transforms>

<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>E4PzNAXL9DOERi8iReyFM3hehmk=</ds:DigestValue>

</ds:Reference>

<ds:Reference Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties" URI="#SignedProperties_f5aeca07-e3f4-4bf6-9aec-8637f73a9918">

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<ds:DigestValue>hcDLfkK7Q8hR6dsuptmw7FQXTLw=</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>


Is it possible to get such an xml file? SHA2 is OK


Best regards, Kaziu



Posted By: Latawiec Kazimierz
Date Posted: 07 Jan 2019 at 3:14pm
Sorry is file:<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="id-da97dee7f632"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>5Lwi8kqkGVGzASlZz8dmySahR17QxMXII4uPi5kRrPE=</ds:DigestValue></ds:Reference><ds:Reference URI="#xades-id-da97dee7f632" Type="http://uri.etsi.org/01903#SignedProperties"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>1Iubybz/F49KgI0BetijHzOnPeBwogdXkkl8al2wtyg=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>daW4e/Hert2YfeXXBx8GGc76uHcytfjBPaVXfWlotnxHOlQzKavourdj0un3zaMI67wJDkSxDtfpdKAO96qK9spnx+WLDVsJxdeIpQ376ygIv4MYNVfA3YrqJJ/LrhWPJ80cxKjUZqVHP8BcZI2REQjKMxH8rNWaWhdsmoVFjBzIjYynDc8B5Yqs0j8M9zlmN1WdDUXEuLbLHr5yGT7smHuMf3v+BnjxsisF7qzGQRhXBIiVZN9EdzoYiiHGWGYn18rCad3GCmNLiSvK0EO39sH4mn9uSJ631BXNNeRbJ9PDEc8F3bHbau03+BiI4HjzEKzZ9+lUJPuoqpYIh0oMlQ==</ds:SignatureValue><ds:KeyInfo><ds:KeyValue><ds:RSAKeyValue><ds:Modulus>o2oIcnvjFBjf2y9NOFR8Z++UhCXA3A/48x8BwO+oazQFyjTQWtfeQxR3AVVybxJ28tNlL1ubY/RH1+rsv3iwFoSQQaDbDlHu34Soxoz+5xpqwUfxCUY4sgii7/PEOFOLfvNkfPajqVzDkV8TWLDbfp/EOEf26dRoFeemENZ+JZ9v7/647aKiyk9nQ9choo37Itn8rRUjfWaSS49LGRNiSUv7UkugJ9wX2/0+YMrSAH7GHINh2dIxImO9nnF3cNck2F/jK+RJnB/XOYwqOCVVROOl+ZesBguxAswrPArQsJT4oa65sfBOn+tA/sVACZ9M1nlsjJTsJzX952IMU9AouQ==</ds:Modulus><ds:Exponent>AQAB</ds:Exponent></ds:RSAKeyValue></ds:KeyValue><ds:X509Data><ds:X509Certificate>MIIFlTCCA32gAwIBAgITIwAGHXCTlI/6xl9mFAAAAAYdcDANBgkqhkiG9w0BAQsFADA2MQswCQYDVQQGEwJQTDEMMAoGA1UECgwDWlVTMRkwFwYDVQQDDBBlWkxBWlVTSXNzdWluZ0NBMB4XDTE4MDIxOTEzMjk0OVoXDTIwMDIxOTEzMjk0OVowRzEaMBgGA1UEBRMRUE5PUEwtOTAwMjA4MDY3NDYxCzAJBgNVBAYTAlBMMRwwGgYDVQQDDBNNQVJUQSDFgU9TWkFLSUVXSUNaMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2oIcnvjFBjf2y9NOFR8Z++UhCXA3A/48x8BwO+oazQFyjTQWtfeQxR3AVVybxJ28tNlL1ubY/RH1+rsv3iwFoSQQaDbDlHu34Soxoz+5xpqwUfxCUY4sgii7/PEOFOLfvNkfPajqVzDkV8TWLDbfp/EOEf26dRoFeemENZ+JZ9v7/647aKiyk9nQ9choo37Itn8rRUjfWaSS49LGRNiSUv7UkugJ9wX2/0+YMrSAH7GHINh2dIxImO9nnF3cNck2F/jK+RJnB/XOYwqOCVVROOl+ZesBguxAswrPArQsJT4oa65sfBOn+tA/sVACZ9M1nlsjJTsJzX952IMU9AouQIDAQABo4IBiTCCAYUwHQYDVR0OBBYEFDr6IUi56lN8MZ+51zDmtr/9deK/MB8GA1UdIwQYMBaAFGcVneJk+qmhGncW6Sd+PaNzne77MFkGA1UdHwRSMFAwTqBMoEqGSGh0dHA6Ly9vY3NwLWV6bGEubm9ydGhldXJvcGUuY2xvdWRhcHAuYXp1cmUuY29tL2NybC9lWkxBWlVTSXNzdWluZ0NBLmNybDCBqAYIKwYBBQUHAQEEgZswgZgwQAYIKwYBBQUHMAGGNGh0dHA6Ly9vY3NwLWV6bGEubm9ydGhldXJvcGUuY2xvdWRhcHAuYXp1cmUuY29tL29jc3AwVAYIKwYBBQUHMAKGSGh0dHA6Ly9vY3NwLWV6bGEubm9ydGhldXJvcGUuY2xvdWRhcHAuYXp1cmUuY29tL2FpYS9lWkxBWlVTSXNzdWluZ0NBLmNydDA9BgkrBgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiDj5Jugq/NAoLllwyH8JYLhu+/GW+DmLcogd3oOwIBZAIBKTANBgkqhkiG9w0BAQsFAAOCAgEAdslSkmXzxv1o+/+G+FfzzAHiUXaBjkD/MkTVbLmWubF2d4aOs+THwRcQi7b1Ph3T6xT7WDDIsmZom/octBp2U53SNskxErnBbJfIEDtB6V/zsvQGV+TrC/CiHKuguefo5T6CEFSU0fFKSBxJLGne6QVFi9i7nEooRi+fh3EDBcZRa8zDfyGbdxGG1j6IJvocfSOxVQvz1dEqbDhlduIRaZRVOo0FcqyVT37AKgWJSGsddeTHd7MSgjFCOTF5d4hpksIQjLJTsq2c6fl26nks5xo7KqUTrlmmWKYqT/rwKWZDS+bEeUISuHT1huAXuXzO4imK3VnLNPk5xw8lRH1Hju5S7TmQKN6IVPI/dSRgN4FyeWG41btDwK9e+lUBwrh+6zvf4KUZomtiCU6Q3ZbrcyJ3Pc3wTcMqDldw+8UVPb86QS5qQfp17hdsl6+819YQOsR6TGJUuYn/AiyFpnekoZN91TisbF5S9p/P9bidGbg3dRWE+XFVLRHhn7XbglTuv8wJ6CEKSsfY0KnUvoEhD+OZORF2Or7yDTSdTZ+qGJn6htJgxrBBwt9ycL9tP2xXdcuO8HQ9zvj8v1yJfh4EQ4DBqzROADF7KNtCYFYDJ/Flj+fAiWpAzb3hIWo06Gw3+MS/xEUUXHOlHWvyiDaKg4WqphWNtQkjlU0va1E/LK8=</ds:X509Certificate></ds:X509Data></ds:KeyInfo><ds:Object><xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Target="#id-da97dee7f632"><xades:SignedProperties Id="xades-id-da97dee7f632"><xades:SignedSignatureProperties><xades:SigningTime>2018-04-27T07:09:23.252Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>rtYXVRspoZ34mnrR+Zs6qsZ5yLHokKojPFDkhmuVnHw=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>C=PL, O=ZUS, CN=eZLAZUSIssuingCA</ds:X509IssuerName><ds:X509SerialNumber>780528162774915746042305482786243075648134512</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate>


My problem is:

<xades:IssuerSerial><ds:X509IssuerName>C=PL, O=ZUS, CN=eZLAZUSIssuingCA</ds:X509IssuerName><ds:X509SerialNumber>780528162774915746042305482786243075648134512</ds:X509SerialNumber></xades:IssuerSerial>

How createds:X509IssuerName ?



Posted By: Marion Candau
Date Posted: 07 Jan 2019 at 5:17pm
Hi,
Our implementation of XAdES does not include all options. We use <xades:IssuerSerialV2> instead of <xades:IssuerSerial>.
Best regards,
Marion



Print Page | Close Window