Re: [xmlsec] how to use a special Signature Algorithm (rsa-sha512) or DigestMethod (sha512)

Mon, 04 Feb 2019 10:17:55 -0800 

You should probably start here:

https://www.w3.org/TR/xmldsig-core1/

> I cannot believe that it is enough to set other URL’s in the
> XML-Template..??

Yes that's the whole purpose of the templates.


Aleksey

On 2/2/19 5:30 AM, Lars Walther wrote:
Hi, unfortunately I’m a newbie in signature and cryptograhical staff. Im not sure about the used signature algorithm.. 

At first I read the documenation of xmlsec and created a xml file to sign:

<?xml version="1.0" encoding="UTF-8"?>
<Request xmlns="http://uvbus.dguv.de/datatypes/v1";>
         <SenderID>kuvb.de <http://kuvb.de></SenderID>
         <TimeStamp>2019-02-02T13:49:14.005120+01:00</TimeStamp>
         <Procedure>http://www.x-uv.de/fachverfahren/ozgua/v1</Procedure>
         <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
           <SignedInfo>
            <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>             <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> 
             <Reference>
               <Transforms>
                <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>                 <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
               </Transforms>
              <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> 
               <DigestValue />
             </Reference>
           </SignedInfo>
           <SignatureValue />
           <KeyInfo>
             <X509Data />
           </KeyInfo>
         </Signature>
</Request>

After this I signed the file with the following command:
xmlsec1 --sign --privkey-pem kuvbkey.pem,kuvbcert.pem,subca01.pem,interca01.pem,cnuvroot.pem --output uvsigned.xml mytosign.xml
… and after this I verified the file successfully with the following command: 

xmlsec1 --verify --trusted-pem cnuvroot.pem uvsigned.xml
OK
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
Now my Question: If I send the file in payload of an Webservice-Call I get an error from Server-side that the server isn’t able to verify my signature. All hints I got was:
Are you sure, that you use the correct Algorithm for sign the XML?? - no I’m not! Therfore my Questions:
How can I check which SignatureAlgorithm or DigestMethod was used to sign my XML-File? 

All Example Files I found had SHA1 as SignatureAlgorithm...

  * What I have to do if I want to use explizit another
    SignatureAlgorithm then sha1. In my case I have to use rsa-sha512?
  * ...and what I have to do if I want to use another DigestMethod - in
    my case sha512?
I cannot believe that it is enough to set other URL’s in the XML-Template..?? Or its determined through the Key-File that I use to sign the XML?? 

Thanks for any Hint


_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec


_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to