[xmlsec] Digital signature

Aleksey Sanin aleksey at aleksey.com
Wed Dec 12 13:26:46 PST 2012


Section 3.2

Aleksey

On 12/12/12 11:35 AM, Milan Tribuson wrote:
> I did and didn't find an answer...
> 
> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
> Sent: Wednesday, December 12, 2012 5:22 PM
> To: Milan Tribuson; xmlsec at aleksey.com
> Subject: Re: Digital signature
> 
> Please read FAQ
> 
> http://www.aleksey.com/xmlsec/faq.html
> 
> Aleksey
> 
> On 12/12/12 7:25 AM, Milan Tribuson wrote:
>> Hi Aleksey,
>>
>>  
>>
>> we are trying to create a digital signature for xml invoice in Croatia 
>> and we can't make it work and we can't get the correct value.
>>
>> I've tried using your sign3.py in original and with changes (adding
>> refNode.addTransform(xmlsec.transformExclC14NId()) and referencing to 
>> URI which I can't get to work.
>>
>> I can reference to id but URI doesn't work (refNode = 
>> signNode.addReference(xmlsec.transformSha1Id(), None, "#RacunZahtjev", 
>> None)), even when I add dsig_ctx.enabledReferenceUris = 
>> xmlsec.TransformUriTypeAny and 
>> dsig_ctx.keyInfoReadCtx.retrievalMethodCtx.enabledUris = 
>> xmlsec.TransformUriTypeAny, I always get an error:
>>
>>  
>>
>> func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xml
>> XPtrEval:error=5:libxml2 library function 
>> failed:expr=xpointer(id('RacunZahtjev'))
>>
>> func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj
>> =xmlSecXPathDataExecute:error=1:xmlsec
>> library function failed:
>>
>> func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:su
>> bj=xmlSecXPathDataExecute:error=1:xmlsec
>> library function failed:
>>
>> func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2395:obj=xpo
>> inter:subj=xmlSecTransformExecute:error=1:xmlsec
>> library function failed:
>>
>> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1226:obj=unkn
>> own:subj=xmlSecTransformPushXml:error=1:xmlsec
>> library function failed:transform=xpointer
>>
>> func=xmlSecTransformCtxExecute:file=transforms.c:line=1286:obj=unknown
>> :subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
>> library function failed:
>>
>> func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=un
>> known:subj=xmlSecTransformCtxExecute:error=1:xmlsec
>> library function failed:
>>
>> func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=un
>> known:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
>> library function failed:node=Reference
>>
>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unk
>> nown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
>> library function failed:
>>
>> func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSec
>> DSigCtxSigantureProcessNode:error=1:xmlsec
>> library function failed:
>>
>> Error: signature failed
>>
>>  
>>
>>  
>>
>> My XML looks like:
>>
>> <tns:RacunZahtjev Id="RacunZahtjev"
>> xmlns:tns="http://www.apis-it.hr/fin/2012/types/f73"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>>
>>                 <tns:Zaglavlje>
>>
>>                               
>> <tns:IdPoruke>4ddfcb83-df33-413b-974c-ab90bdb69022</tns:IdPoruke>
>>
>>                               
>> <tns:DatumVrijeme>12.12.2012T09:56:35</tns:DatumVrijeme>
>>
>>                 </tns:Zaglavlje>
>>
>>                 <tns:Racun>
>>
>>                                <tns:Oib>68111664044</tns:Oib>
>>
>>                                <tns:USustPdv>true</tns:USustPdv>
>>
>>                               
>> <tns:DatVrijeme>12.12.2012T09:56:35</tns:DatVrijeme>
>>
>>                                <tns:OznSlijed>P</tns:OznSlijed>
>>
>>                                <tns:BrRac>
>>
>>                                               
>> <tns:BrOznRac>37</tns:BrOznRac>
>>
>>                                               
>> <tns:OznPosPr>S1</tns:OznPosPr>
>>
>>                                               
>> <tns:OznNapUr>31</tns:OznNapUr>
>>
>>                                </tns:BrRac>
>>
>>                                <tns:Pdv>
>>
>>                                                <tns:Porez>
>>
>>                                                               
>> <tns:Stopa>25.00</tns:Stopa>
>>
>>                                                               
>> <tns:Osnovica>0.64</tns:Osnovica>
>>
>>                                                               
>> <tns:Iznos>0.16</tns:Iznos>
>>
>>                                                </tns:Porez>
>>
>>                                </tns:Pdv>
>>
>>                                <tns:Pnp/>
>>
>>                                <tns:OstaliPor>
>>
>>                                                <tns:Porez>
>>
>>                                                               
>> <tns:Naziv>PNV</tns:Naziv>
>>
>>                                                               
>> <tns:Stopa>10.00</tns:Stopa>
>>
>>                                                               
>> <tns:Osnovica>0.64</tns:Osnovica>
>>
>>                                                               
>> <tns:Iznos>0.06</tns:Iznos>
>>
>>                                                </tns:Porez>
>>
>>                                </tns:OstaliPor>
>>
>>                                <tns:IznosUkupno>0.86</tns:IznosUkupno>
>>
>>                                <tns:NacinPlac>G</tns:NacinPlac>
>>
>>                                <tns:OibOper>66666666666</tns:OibOper>
>>
>>                               
>> <tns:ZastKod>57da4ce965fa09fe81070918b016422d</tns:ZastKod>
>>
>>                                <tns:NakDost>false</tns:NakDost>
>>
>>                 </tns:Racun>
>>
>> </tns:RacunZahtjev>
>>
>>  
>>
>>  
>>
>> Then I've tried using xmlsec1 but that doesn't work either. It 
>> calculates a wrong digital signature. I've tried with (like you've 
>> said in http://www.mail-archive.com/xmlsec@aleksey.com/msg05017.html):
>>
>> xmlsec1 --sign --id-attr:Id
>> http://www.apis-it.hr/fin/2012/types/f73:RacunZahtjev --output 
>> test.xml
>> --pkcs12 fiskal1.pfx --pwd password  racun_nepotpisani2.xml
>>
>>  
>>
>> Please help me if you can, I can give you more details if you need them.
>>
>>  
>>
>> Thank you in advance!
>>
>>                 Milan
>>
>>
>>
>> __________ Information from ESET NOD32 Antivirus, version of virus 
>> signature database 7793 (20121212) __________
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
> 
> 
> __________ Information from ESET NOD32 Antivirus, version of virus signature
> database 7793 (20121212) __________
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com
> 
> 
>  
> 
> __________ Information from ESET NOD32 Antivirus, version of virus signature
> database 7793 (20121212) __________
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com
>  
> 
> 


More information about the xmlsec mailing list