使用 XadES-BES 算法通过 XMLDSIG 进行 XML 验证
程序使用的某些信息使用 xml 格式的输入文件。这些文件具有以下结构。
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="urn:envelope">
<MyData Id="MyDataId">
<!-- some data -->
</MyData>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig-more#rsa-sha256" />
<Reference URI="#MyDataId">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>
<!-- digest for MyData -->
</DigestValue>
</Reference>
<Reference URI="#KeyInfoId">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>
<!-- digest for KeyInfo -->
</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
<!-- signature from SignedInfo data -->
</SignatureValue>
<KeyInfo id="KeyInfoId">
<X509Data>
<X509Certificate>
<!-- some certificate -->
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Envelope>
我发现一些示例只有一个引用标记,但没有多个或仅引用,这些引用已经存在于 xml 文件的其余部分中。我知道编码是XADES-BES。有谁知道能够验证此类 XML 文件的 .NET 1.1 组件吗?提前致谢。
问候,
雷内
Some information a program is using uses input files in xml format. The files have the following structure.
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="urn:envelope">
<MyData Id="MyDataId">
<!-- some data -->
</MyData>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig-more#rsa-sha256" />
<Reference URI="#MyDataId">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>
<!-- digest for MyData -->
</DigestValue>
</Reference>
<Reference URI="#KeyInfoId">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<DigestValue>
<!-- digest for KeyInfo -->
</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
<!-- signature from SignedInfo data -->
</SignatureValue>
<KeyInfo id="KeyInfoId">
<X509Data>
<X509Certificate>
<!-- some certificate -->
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Envelope>
I found some examples with only one reference tag, but not with muliple or only refereces which where already in the rest of the xml file. I know that the encoding is XADES-BES. Does anyone knows a .NET 1.1 component which is capable of validating this kind of XML files? Thanks in advance.
Regards,
René
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
您显示的 XML 并不是真正的 XAdES 签名,而是 XMLDSIG。您可以看出,因为没有 QualifyingProperties 节点(XAdES 添加此节点,该节点必须位于 Object 标记内,作为 Signature 的子级em> 节点)。
正如 Ricardo 之前所说,我正在从事的项目(XAdES .Net 项目)应该能够验证您的 xml提供。如果没有,请随时在我们的问题跟踪器中添加问题(您可能需要在 codeplex 上注册,但它是免费的)。
此时,我们仍在构建库的骨架(真正的目标是在.NET 中实现 XAdES),因此您可能会发现错误或缺少功能。如果是这样,请再次随时添加您需要的任何问题。
另外,我们使用 .NET Framework 3.5 开发了该库,因此,如果您真的只能使用 1.1,它将无法工作:( Framework 1.1 更改后的安全层,因此它不向后兼容。我认为使用 2.0 和 ,
我希望它能有所帮助
路易斯
·M·维拉。
The XML you are showing is not really a XAdES signature, but a XMLDSIG. You can tell that because there is not a QualifyingProperties node (XAdES adds this node, that have to be inside an Object tag, as a child of Signature node).
As Ricardo said before, the project I am working in (XAdES .Net Project) should be able to verify the xml you provide. If not, please, feel free to add an issue at our issue tracker (you may need to register at codeplex, but it is free).
At this point, we are still building the skeleton of our library (what really aims to implement is XAdES in .NET), so you may find bugs or lack of features. If so, again, feel free to add any issue you need.
Also, we developed the library using .NET Framework 3.5 so, if you really can only use 1.1 it won't work :( Security layer after Framework 1.1 changed, so it is not backwards-compatible. I think it will work using 2.0 and above.
I hope it helps.
Regards,
Luis M. Villa
请参阅Microsoft 的 SignedXml 类
See Microsoft's SignedXml class
尝试这个项目:
http://xadesnet.codeplex.com/
Try this project:
http://xadesnet.codeplex.com/
我们的 SecureBlackbox 产品支持 .NET 中的 XMLDSig、XMLEnc 和 XAdES 标准(包括Mono、.NET CF 和 Silverlight)。
Our SecureBlackbox product provides support for XMLDSig, XMLEnc and XAdES standards in .NET (including Mono, .NET CF and Silverlight).
如果您仍然需要生成 XAdES 签名,我们已经发布了 XAdES .NET 项目的 1.0 alpha 版本。该版本增加了对XAdES-BES签名的支持,并且重写了一些代码片段以兼容.NET 2.0 Framework。
您可以在此处下载该版本:
XAdES .NET 项目
希望有帮助,
Luis M. Villa
In case you still need to generate XAdES signatures, we've released 1.0 alpha version of XAdES .NET Project. This version adds support to XAdES-BES signatures, and some code fragments have been rewritten to be compatible with .NET 2.0 Framework.
You can download the release here:
XAdES .NET Project
Hope it helps,
Luis M. Villa