Hi all, To explain from my previous message below, I am trying to sign an SwA message where the attachment is compressed with GZip.
Therefore I am thinking I will need to compute digests for the XML elements to be signed and the compressed attachment. Then based on the digest values I will then compute the signature. Kind regards, From: Jean-Paul Berthelot Sent: Sunday, 7 July 2013 2:38 PM To: '[email protected]' Subject: Support for signature computation based on SignedInfo for WSSE in Bouncy Castle C# Importance: High Hi all, I have a question regarding computation of a signature for based on multiple digest values. Would you there be a way to approach this problem in Bouncy Castle. For example, say if I have multiple XML elements that I would like to calculate digest values for individually and then compute the signature based on the digest values for the whole XML document. Would this be possible with bouncy castle. To provide an example I am trying to produce a WSSE security token to with a signature based on the SignedInfo element as highlighted in yellow below. <wsse:Security> <wsse:BinarySecurityToken wsu:Id="Id-9dde0b830ffc4f82996d9b2bada06c56" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>MIIDKDCCAhSgAwIBAgIQrFS6uduwTI9G/PLSuVErxDAJBgUrDgMCHQUAMCYxJDAiBgNVBAMTG1N5bmNzb2Z0IEVudGVycHJpc2UgUm9vdCBDQTAeFw0xMzA1MTcyMjI0MjdaFw0zOTEyMzEyMzU5NTlaMCUxIzAhBgNVBAMTGmVudGVycHJpc2Uuc3luY3NvZnQuY29tLmF1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWUoI9/+tQSh5lX110sl1q4WG18dUpC758tvx+sg065q4zmBdDp14Keoay6hzqKPQWAH1eDk5LOyHxI3MwK2qkRYRPdOOVXNMUetKKOsh8h1rJAzj4kVMaeiAHigx7eRElBfv4zhycv1hl2BiSp+OT+Z88ukO1cCCz8Ehkim746ZPtQXYQAofgkTRf1x8RmUN4/MfOIwm7Rq9LVjQz2a4bmajDhn1BuGN10odfr9Q8fy7R7Zrtw31+5c4rkMtB7vZGp6kafxqbTKYgR5TXn3RY3bhHyhoKT+tRhSHQjHmVlF5+flQiAnxRysnjiTEBjoAEfjlMFSWj0uHlKaqlY/BQIDAQABo1swWTBXBgNVHQEEUDBOgBBlOH56UNr6Z/sT51gI9rTMoSgwJjEkMCIGA1UEAxMbU3luY3NvZnQgRW50ZXJwcmlzZSBSb290IENBghAP8+VIW7eqiUrhf3ayIowlMAkGBSsOAwIdBQADggEBAIXSUVBD0LytaWb1qp2cLz8CGQYvWojpjPDth7FObMOelTKj08eqRYseZJPP4KFQveibCuW5ChODwLupYrmC3MiYCNg+4LMFBhdsSe/md5k2ZwW7VD/fdu6ipHtgJF7fJHHVuHqOW09krBhPxDS5lGyNjaPlbfz5cTNZRDAKNxHgqNFRKoL6uDWB9m0WnpSbg/vHRqB2rwhjq4XamKyo0ronoZMAWZGgE/BW1YZh7yCw6vQ8D4aaRTA7loIKEfEiuJxgwhS7kZ1zBq2P7e10qOcPSmD1s0OKc+sI70wihHgk+LK/FJnYhhy+YvHZyboF216UP2gTxbhpglbH8+E6FrI=</wsse:BinarySecurityToken> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#<http://www.w3.org/2000/09/xmldsig>"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>"> </CanonicalizationMethod> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";> </SignatureMethod> <Reference URI="#Id-d54f5f1c1f9944d69bbc690bd24c6a5e"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>"> </Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";> </DigestMethod> <DigestValue>gVlvjh1yqrcorBrjTbbOxZOqUMA=</DigestValue> </Reference> <Reference URI="#ID0EID"> <Transforms> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>"> </Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";> </DigestMethod> <DigestValue>BtaRNTFAgjR1Baf65qUPSmV+vvc=</DigestValue> </Reference> </SignedInfo> <SignatureValue>oR6HveOl+G9IkrhaLOf51XLDuLQa8kBn/WTbyjM0/ERr0vGAdHgSwBIZr29LRckGuC5ybKbiRSACCjunOBs5WmllL3hmThYl0cWXvdRuxUuBBHgISxr+661pRoxoJdWyuI4axmlOBXAdzy0cMkLpv01NP7HBluFnft2maA6X6QMEbh2Ecnm/4lz4BdxpN38/n+MFChsSrZs/zMkOLnlgWIRtajswTFL+cCtztnHOUlMoPRa50BeaKJbVrFIJuAlsOHxsqmXdmedL6g80MSNQyuN8z3WAlzO8AcfTbJYD6puYcmiq0TYGP9CvV5bdHrlgbHZlvZSw27zMkudZsz7rPA==</SignatureValue> <KeyInfo> <wsse:SecurityTokenReference> <wsse:Reference URI="#Id-9dde0b830ffc4f82996d9b2bada06c56" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";> </wsse:Reference> </wsse:SecurityTokenReference> </KeyInfo> </Signature> </wsse:Security> Would there be any support or examples I could find to complete this task with Bouncy Castle? This is a standard requirement for SWA. Could any provide any insight here as it would be greatly appreciated. Cheers, Jean-Paul
