• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

xml signature interoperability issue between Java(apache) and .net

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I need to sign a xml file with RSA-SHA1 signing in enveloped mode in java. and check the signature in .net.

the signature is valid if sign and verification both done in java apache security package. it's also valid if both done in .net.

but verification failed if done in other side.

could some one have any clue on this?

Many thanks!

Jun

.net signature code:

public static void SignDocument(string xmlFilePath, string keyFilePath, string outputFilePath)
{
try
{
XmlDocument Doc = new XmlDocument();
Doc.Load(xmlFilePath);

X509Certificate2 cert = new X509Certificate2("abc.pfx", "0123456789");
RSACryptoServiceProvider key = (RSACryptoServiceProvider)cert.PrivateKey;

// Create a SignedXml object.
SignedXml signedXml = new SignedXml(Doc);

// Add the key to the SignedXml document.
signedXml.SigningKey = Key;

// Create a reference to be signed.
Reference reference = new Reference();
reference.Uri = "";

// Add an enveloped transformation to the reference.
XmlDsigEnvelopedSignatureTransform env = new XmlDsigEnvelopedSignatureTransform();
reference.AddTransform(env);

// Add the reference to the SignedXml object.
signedXml.AddReference(reference);

// Compute the signature.
signedXml.ComputeSignature();

// Get the XML representation of the signature and save
// it to an XmlElement object.
XmlElement xmlDigitalSignature = signedXml.GetXml();

// Append the element to the XML document.
Doc.DocumentElement.AppendChild(Doc.ImportNode(xmlDigitalSignature, true));

Doc.Save(outputFilePath);
}
catch (Exception err)
{
OutputWriter.WriteLine(string.Format("Error : {0}", err.Message));
}
}


//java signature code:

private static void rsaSign() throws Exception{

KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(new FileInputStream("abc.pfx"), "0123456789".toCharArray());
PrivateKey privKey = (PrivateKey)ks.getKey(“abc”, "0615166328".toCharArray());


DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
docFactory.setNamespaceAware(true);
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
Document doc = docBuilder.parse(new FileInputStream("tmp-encrpted.xml"));
Element element = doc.getDocumentElement();

File xmlFile = new File("signed.xml");


String baseURI = xmlFile.toURL().toString();
XMLSignature xmlSig = new XMLSignature(doc, baseURI, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);




Element sigElement = xmlSig.getElement();
element.appendChild(sigElement);

Transforms transforms = new Transforms(doc);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
//transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
xmlSig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);

xmlSig.sign(privKey);
FileOutputStream out = new FileOutputStream(xmlFile);
XMLUtils.outputDOMc14nWithComments(doc, out);
out.close();
}

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
did you find solution?
Maybe it's problem in improper canonicalization.
 
Junabc Li
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes. In the .Net verification code, there is a configuration parameter(may be related to canonicalization, I cann't remember which one) is not set properly.
 
Igor Delac
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Junabc Li wrote:Yes. In the .Net verification code, there is a configuration parameter(may be related to canonicalization, I cann't remember which one) is not set properly.


At the end you have same signature, both java application and .net application produce same values?
 
Igor Delac
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
just to add what I did to solve this problem:

So, before computing digest and signature, you need to strip whitespace and CRLF when loading xml from file. Otherwise, signature and digest compared to .Net soulution would be different.
 
Junabc Li
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks! I tried transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS); or similar things which should do same.
I eventually found the issue is the settings in the verification code.
 
Igor Delac
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Junabc Li wrote:thanks! I tried transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS); or similar things which should do same.
I eventually found the issue is the settings in the verification code.


Do you use jsr105 crypto library? I have small issue regarding xml signature verification if I use PKCS12 keystore. Do you have a good documentation where I could read how to do xml signature verification?
 
reply
    Bookmark Topic Watch Topic
  • New Topic