Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Object element #65

Open
gine opened this issue Feb 15, 2018 · 10 comments
Open

Object element #65

gine opened this issue Feb 15, 2018 · 10 comments

Comments

@gine
Copy link

gine commented Feb 15, 2018
edited
Loading

I don't understand how i can generate an enveloped-signature without the xades's reference and the element attached on the signature element.Ca you make me an example. Thanks.
@microshine
Copy link
Contributor

Here is example of XAdES-EPES signature creating. This is working code.

You can remove selected code for getting simple XAdES signature

@gine
Copy link
Author

gine commented Feb 16, 2018

i'm using the browser version of XAdES. I include:

'vendor/asmcrypto/index.js',
'vendor/webcrypto-liner.min/index.js',
'vendor/xades.js',

My code looks like your example but I continue to have the object element. Furthermore i have other 2 problems:

  1. Signature element must haven't the id attribute
  2. The Reference element must have the uri attribute setted to the root element (uri="")
SignXml(rcd, key, { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-256" } }, preparePem(certFabbricantePem))
.then(function(signedDocument){
  console.log(signedDocument);
});

function SignXml(xmlString, key, algorithm, cert) {
    var signedXml;
    return Promise.resolve()
        .then(() => {
            var xmlDoc = XAdES.Parse(xmlString);
            signedXml = new XAdES.SignedXml();

            return signedXml.Sign(               
                algorithm,      
                key,      
                xmlDoc,   
                {                                 
		    x509: [cert],
                    references: [{ uri: "", hash: "SHA-256", transforms: ["enveloped"] }],
                })
        })
        .then(() => signedXml.GetXml());
}

@microshine
Copy link
Contributor

@gine I'll create HTML example for you a bit later

@gine
Copy link
Author

gine commented Feb 16, 2018
edited
Loading

This is what i'm trying to do:

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
	<ds:SignedInfo>
		<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
		<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
		<ds:Reference URI="">
			<ds:Transforms>
				<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
			</ds:Transforms>
			<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
			<ds:DigestValue>zc=</ds:DigestValue>
		</ds:Reference>
	</ds:SignedInfo>
	<ds:SignatureValue>tA==</ds:SignatureValue>
	<ds:KeyInfo>
		<ds:X509Data>
			<ds:X509Certificate>tA==</ds:X509Certificate>
		</ds:X509Data>
	</ds:KeyInfo>
</ds:Signature>

And this is what i can create with xades and the code above (in a comment what i need and what i don't want):

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="id-fe0cee136f14"> <!-- i need to remove this id: Id="id-fe0cee136f14" -->
	<ds:SignedInfo>
		<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
		<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
		<ds:Reference > <!-- here i want URI="" -->
			<ds:Transforms>
				<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
			</ds:Transforms>
			<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
			<ds:DigestValue>zc=</ds:DigestValue>
		</ds:Reference>
               <!-- i don't want that part1 -->
	        <ds:Reference URI="#xades-id-fe0cee136f14" Type="http://uri.etsi.org/01903#SignedProperties">
		        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
		       <ds:DigestValue>4Ikh2diAjgrBVmZjLi1/gOVeR3wurnMrJhNol/I2CZc=</ds:DigestValue>
	       </ds:Reference>
               <!-- until here1 -->
	</ds:SignedInfo>
	<ds:SignatureValue>tA==</ds:SignatureValue>
        <!-- i don't want that part2 -->
	<ds:Object>
		<xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Target="#id-fe0cee136f14">
			<xades:SignedProperties Id="xades-id-fe0cee136f14">
				<xades:SignedSignatureProperties>
					<xades:SigningTime>2018-02-16T11:47:41.446Z</xades:SigningTime>
					<xades:SignaturePolicyIdentifier><xades:SignaturePolicyImplied/>
				</xades:SignaturePolicyIdentifier></xades:SignedSignatureProperties>
			</xades:SignedProperties>
		</xades:QualifyingProperties>
	</ds:Object>
         <!-- until here2 -->
	<ds:KeyInfo>
		<ds:X509Data>
			<ds:X509Certificate>tA==</ds:X509Certificate>
		</ds:X509Data>
	</ds:KeyInfo>
</ds:Signature>

@microshine
Copy link
Contributor

Do you need xmldsig?

@gine
Copy link
Author

gine commented Feb 16, 2018

@microshine what do you mean?

@microshine
Copy link
Contributor

xml signature without QualifyingProperties is xmldsig
xml signature with QualifyingProperties is xades

@gine
Copy link
Author

gine commented Feb 16, 2018

So i need xmldsig.

@microshine
Copy link
Contributor

just try to use xmldsigjs instead of xadesjs. It has the same API

@gine
Copy link
Author

gine commented Feb 16, 2018
edited
Loading

Yes it works well except for the URI empty attribute in the Reference element. If i set uri="" in the ReferenceOptions, the code produced doesn't have it. It's already present a similar issue. But i think that i am off topic here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gine @microshine