[xmlsec] how to use a special Signature Algorithm (rsa-sha512) or DigestMethod (sha512)

Aleksey Sanin aleksey at aleksey.com
Mon Feb 4 10:17:26 PST 2019 

You should probably start here:

https://www.w3.org/TR/xmldsig-core1/

 > I cannot believe that it is enough to set other URL’s in the
 > XML-Template..??

Yes that's the whole purpose of the templates.


Aleksey

On 2/2/19 5:30 AM, Lars Walther wrote:
> Hi, unfortunately I’m a newbie in signature and cryptograhical staff. Im 
> not sure about the used signature algorithm..
> 
> At first I read the documenation of xmlsec and created a xml file to sign:
> 
> <?xml version="1.0" encoding="UTF-8"?>
> <Request xmlns="http://uvbus.dguv.de/datatypes/v1">
>          <SenderID>kuvb.de <http://kuvb.de></SenderID>
>          <TimeStamp>2019-02-02T13:49:14.005120+01:00</TimeStamp>
>          <Procedure>http://www.x-uv.de/fachverfahren/ozgua/v1</Procedure>
>          <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>            <SignedInfo>
>              <CanonicalizationMethod 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>              <SignatureMethod 
> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
>              <Reference>
>                <Transforms>
>                  <Transform 
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>                  <Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>                </Transforms>
>                <DigestMethod 
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
>                <DigestValue />
>              </Reference>
>            </SignedInfo>
>            <SignatureValue />
>            <KeyInfo>
>              <X509Data />
>            </KeyInfo>
>          </Signature>
> </Request>
> 
> After this I signed the file with the following command:
> 
> xmlsec1 --sign --privkey-pem 
> kuvbkey.pem,kuvbcert.pem,subca01.pem,interca01.pem,cnuvroot.pem --output 
> uvsigned.xml mytosign.xml
> 
> … and after this I verified the file successfully with the following 
> command:
> 
> xmlsec1 --verify --trusted-pem cnuvroot.pem uvsigned.xml
> OK
> SignedInfo References (ok/all): 1/1
> Manifests References (ok/all): 0/0
> 
> 
> Now my Question: If I send the file in payload of an Webservice-Call I 
> get an error from Server-side that the server isn’t able to verify my 
> signature. All hints I got was:
> 
> Are you sure, that you use the correct Algorithm for sign the XML?? - no 
> I’m not! Therfore my Questions:
> 
> How can I check which SignatureAlgorithm or DigestMethod was used to 
> sign my XML-File?
> 
> All Example Files I found had SHA1 as SignatureAlgorithm...
> 
>   * What I have to do if I want to use explizit another
>     SignatureAlgorithm then sha1. In my case I have to use rsa-sha512?
>   * ...and what I have to do if I want to use another DigestMethod - in
>     my case sha512?
> 
> I cannot believe that it is enough to set other URL’s in the 
> XML-Template..?? Or its determined through the Key-File that I use to 
> sign the XML??
> 
> Thanks for any Hint
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>

More information about the xmlsec mailing list