Comments (21)
where is the xml?
from xml-crypto.
I attached you the xml and the public key
JAEP820923NM9-AOPF580423BIA.txt
JAEP820923NM9_publicKey.key.pem.txt
from xml-crypto.
this xml already contains a signature, why do you sign it again? try all of this on a very simple xml (1-2 tags) to see if it works on that.
from xml-crypto.
I'm trying with hello and
sign = new SignedXml()
sign.addReference "//*[local-name(.)='node']" , "" , "" , "" , "" , "" , true
but it doesn't work
from xml-crypto.
sorry , the xml I'm using now is from attached image
from xml-crypto.
try this using null instead of empty strings in addReference.
from xml-crypto.
I tried with null instead empty strings, but I had the same result
sign.addReference "//*[local-name(.)='node']" , null , null , null , null , null , true
from xml-crypto.
does it work if you just give addReference the first parameter (I know it will create the wrong URI but lets see if at least it gets the signature correctly).
from xml-crypto.
if it fails try the example file or readme sample of the project. if it works try to hard code here to use the empty uri value:
https://github.com/yaronn/xml-crypto/blob/master/lib/signed-xml.js#L560
from xml-crypto.
the problem is that you must sign your xml with the enveloped signature transform (because the signature will live inside the node you are signing)
from xml-crypto.
try using:
(example in js)
sign.addReference(
"//*[local-name(.)='ConsultaSectorPrimario']",
[
'http://www.w3.org/2000/09/xmldsig#enveloped-signature',
'http://www.w3.org/2001/10/xml-exc-c14n#'
],
null,
'',
'',
'',
true
);
from xml-crypto.
that should work.. if it doesn't work please create a repository with your original xml, a dumb private/public key and the code you are using.
from xml-crypto.
good call @bjrmatos!
from xml-crypto.
woooooow, that it works, good one @bjrmatos, thanks, now I'm getting a successful validate, the web validator https://www.aleksey.com/xmlsec/xmldsig-verifier.html still says "invalid signature" but it doesn't care, thaks so much
from xml-crypto.
I have a question, can I sign a xml twice? I mean a second sign to a xml previously signed and includes both signs
first xml to sign
second xml to sign
from xml-crypto.
mmm technically, you can (i'm sure xml-crypto let you do that) but i don't know if it is valid according to the XML Digital Signature Spec, i haven't seen a xml with a re-signature but maybe @yaronn know more about this
from xml-crypto.
I don't think it'll be valid to the standard, but is a requirement of electronical invoice in México, I tried to do it but the first and the second sign has the same digestvalue always, I don't know if it'll be ok
from xml-crypto.
i'm closing this because is not an issue, feel free to keep comment.
mmm interesting, i have implemented electronical invoice in Perú.. in that case there is no need for re-sign the document. if i understand correctly mexico (and other countries in south america) use the UBL standard for electronical invoices, is that correct?
from xml-crypto.
Peru uses the UBL standard, but Mexico don't, Mexico has own standard, and it has many different process, one of them requires a resigned xml, and I just read that also requires a canonicalization method 1.1, I don't know if xml-crypto supports this method
from xml-crypto.
xml-crypto support canonicalization methods and extending with custom canonicalization methods, but i don't know how the canonicalization 1.1 works (maybe is just one of the supported canonicalization methods that xml-crypto have but with other name).
I don't think it'll be valid to the standard, but is a requirement of electronical invoice in México, I tried to do it but the first and the second sign has the same digestvalue always, I don't know if it'll be ok
if you create a repository, i can help you to test the re-sign to a document. unfortunately i don't know coffeescript so you should create the repository in JavaScript (it is short code anyway)
from xml-crypto.
Thanks so much, I'll create a repository in javascript, and now I have an exact example with the xml signes an resigned, I'll also add it to repository
from xml-crypto.
Related Issues (20)
- HMAC key usage in KeyInfo HOT 2
- A Proposal for Moving Forward HOT 1
- refactor: deprecate `SignedXml.signingKey` in favor of `SignedXml.publicKey` and `SignedXml.privateKey` HOT 1
- `xpath` dependency "problem" HOT 10
- [ENHANCEMENT]: Signature compliant to http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 HOT 5
- [ENHANCEMENT]: Export `C14nCanonicalization`, `ExclusiveCanonicalization` HOT 1
- [ENHANCEMENT]: Remove files, folders not needed on the release HOT 2
- Add Reference for the KeyInfo node
- [BUG]: keyInfo usage HOT 4
- invalid signature: for uri calculated digest is '*' but the xml to validate supplies digest '*' HOT 9
- Issue with Signature Verification When 'Transforms' Tag is Absent in 'Reference' Element HOT 5
- How to sign a SAML assertion? HOT 1
- Potentially unsafe default impl for `getKeyInfo()` HOT 2
- [BUG?]: duplicate reference in signature HOT 6
- The declared digest does not match the actual calculated digest HOT 3
- Bug/Outdated README: unclear whether signatureAlgorithm required or not HOT 2
- [ENHANCEMENT]: AddObject to SignedXml instance HOT 4
- [ENHANCEMENT]: wssecurity - getCertFromKeyInfo not possible HOT 1
- [ENHANCEMENT]: Improve experience of adding a `Reference` to the `Signature`.
- [ENHANCEMENT]: Making the signature wrap the content that it's signing HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xml-crypto.