W3C XML Digital Signature Object Element Processing Issue

Hello There,

I am writing to you on the behalf of my company Infraware Inc. We are in
the business of making Web Runtime and Browsers for Smartphones and
other mobile devices. We are based in Seoul, Korea (South). I got your
email address from your webpage. Currently me and my team are involved
in the development of a Web Runtime and we are facing difficulties in
validating the XML Digital signatures. We thought and hope you could
help us in this regard.

 

We are able to successfully verify the <Reference> element in case it is
referencing to a URL of an external resource but we are unable to do so
if it is pointing to an <Object> identifier within the same document
(Same Document URI References). For Example ;- 

 

<Reference URI="#prop">

   <Transforms>

    <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>

   </Transforms>

   <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

 
<DigestValue>uMzc/pTgtDSq0iydCNGiIX/4Q68bAJrGl/1eohZoyUI=</DigestValue>

</Reference> 

 

<Object Id="prop">

  <SignatureProperties xmlns:dsp="
http://www.w3.org/2009/xmldsig-properties">

   <SignatureProperty Id="profile" Target="#DistributorSignature">

    <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/>

   </SignatureProperty>

   <SignatureProperty Id="role" Target="#DistributorSignature">

    <dsp:Role URI="
http://www.w3.org/ns/widgets-digsig#role-distributor"/>

   </SignatureProperty>

   <SignatureProperty Id="identifier" Target="#DistributorSignature">

    <dsp:Identifier>w3c-testsuite-id-ta-5-5a</dsp:Identifier>

   </SignatureProperty>

  </SignatureProperties>

</Object>

 

We performed the transformation based on the Canonicalization algorithm
mentioned in the transform element, but digest value that we obtain
after applying the digest algorithm does not match to the given digest
value. We suspect that we are not able to figure out the content to be
digested correctly. Should the content to be canonicalized start from
<Object Id = "prop"> and end at </Object> or should it start from
<SignatureProperties> and end </SignatureProperties>.

We would really appreciate if you could help us with this problem by
giving some explanation about the process.

Thank you for taking time to read this mail.

 

Best Regards,

 

________________________________

  <http://www.infraware.co.kr/> 

  Deepak Tyagi

  Mobile Business Div./ R&D Team 2 

  3,4,8F Bando B/D 48-1 Banpo-dong Seocho-gu,Korea

  T 82 2 6190 7936   F 82 2 535 0478   M 82 10 2642 9623   E 
deepak@infraware.co.kr <mailto:vsceo@infraware.co.kr>    H 
www.infraware.co.kr <http://www.infraware.co.kr>  

 

Received on Wednesday, 15 December 2010 08:56:18 UTC