1

I am trying to sign an XML document but the one reference URI attribute must not form part of the signature. is this possible? if i try have a reference without a uri defined the xml doesnt get signed. making use of https://github.com/Caliper/Xades to sign my xml with Xades What i am trying to achieve:

<document>
  <AppHeader></AppHeader>
  <Body>
    <firstname>Michael</firstname>
    <lastname>Rademeyer</lastname>
    <location>Johannesburg</location>
  </Body>
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <ds:Reference>
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <ds:DigestValue>Y0p85S0Uinb000/i8Zviu3/a7qOrJGaEX72y8+E3eFI=</ds:DigestValue>
      </ds:Reference>
      <ds:Reference URI="#_3c3e1cb4d9384797befc5ea5940c1857" Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties">
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <ds:DigestValue>puZLzn1Rv1vrDmG0lInyKeoxHSp9ye5WEqKFNR4E0bg=</ds:DigestValue>
      </ds:Reference>
      <ds:Reference URI="#_d95ce85f251143e79494fbf23d504aca">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <ds:DigestValue>rrBK5Uo1boaR4mErbdwT9i5LXoL/10f7TBgqyEvEEOg=</ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>yE6ZY+0CiOOkg9zRPgkzlGbmc57RKYAsnBEalifsNnAYIxVZGj7OjqzwJwPjNUOgy3LsUw97uptpDal19N4PpkfatU+basPm6OWTTgTsopBzJPstd/V4Ce9du+Ang42fwFpxhr+ryxtIYJX8CvWHV8nIsSJ+EsyB6SRiLBhEy14lVHUdq8X4emEVAplObiZLUn9QVl4moBHUWTlPauAT5UX14amk73o1gRDNg0Fzy1UwsRYlRrVZKGbAMeNWiYyZqwotd1HFSftdMO8roCuQmpqYgHsI/K+KmneojuVVeh0XFj4wJBTyHe96spjniCF6BqsG8HMihNexn6dzDjK5NA==</ds:SignatureValue>
    <ds:KeyInfo Id="_d95ce85f251143e79494fbf23d504aca">
      <ds:X509Data>
        <ds:X509IssuerSerial>
          <ds:X509IssuerName>...</ds:X509IssuerName>
          <ds:X509SerialNumber>...</ds:X509SerialNumber>
        </ds:X509IssuerSerial>
      </ds:X509Data>
    </ds:KeyInfo>
    <ds:Object>
      <xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#">
        <xades:SignedProperties Id="_3c3e1cb4d9384797befc5ea5940c1857">
          <xades:SignedSignatureProperties>
            <xades:SigningTime>2020-01-30T12:22:56</xades:SigningTime>
          </xades:SignedSignatureProperties>
        </xades:SignedProperties>
      </xades:QualifyingProperties>
    </ds:Object>
  </ds:Signature>
</document>

what i am getting

<document>
  <AppHeader></AppHeader>
  <Body>
    <firstname>Michael</firstname>
    <lastname>Rademeyer</lastname>
    <location>Johannesburg</location>
  </Body>
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <ds:Reference>
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <ds:DigestValue>Y0p85S0Uinb000/i8Zviu3/a7qOrJGaEX72y8+E3eFI=</ds:DigestValue>
      </ds:Reference>
      <ds:Reference URI="#_3c3e1cb4d9384797befc5ea5940c1857" Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties">
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <ds:DigestValue>puZLzn1Rv1vrDmG0lInyKeoxHSp9ye5WEqKFNR4E0bg=</ds:DigestValue>
      </ds:Reference>
      <ds:Reference URI="#_d95ce85f251143e79494fbf23d504aca">
        <ds:Transforms>
          <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
        </ds:Transforms>
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
        <ds:DigestValue>rrBK5Uo1boaR4mErbdwT9i5LXoL/10f7TBgqyEvEEOg=</ds:DigestValue>
      </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>yE6ZY+0CiOOkg9zRPgkzlGbmc57RKYAsnBEalifsNnAYIxVZGj7OjqzwJwPjNUOgy3LsUw97uptpDal19N4PpkfatU+basPm6OWTTgTsopBzJPstd/V4Ce9du+Ang42fwFpxhr+ryxtIYJX8CvWHV8nIsSJ+EsyB6SRiLBhEy14lVHUdq8X4emEVAplObiZLUn9QVl4moBHUWTlPauAT5UX14amk73o1gRDNg0Fzy1UwsRYlRrVZKGbAMeNWiYyZqwotd1HFSftdMO8roCuQmpqYgHsI/K+KmneojuVVeh0XFj4wJBTyHe96spjniCF6BqsG8HMihNexn6dzDjK5NA==</ds:SignatureValue>
    <ds:KeyInfo Id="_d95ce85f251143e79494fbf23d504aca">
      <ds:X509Data>
        <ds:X509IssuerSerial>
          <ds:X509IssuerName>...</ds:X509IssuerName>
          <ds:X509SerialNumber>...</ds:X509SerialNumber>
        </ds:X509IssuerSerial>
      </ds:X509Data>
    </ds:KeyInfo>
    <ds:Object>
      <xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#">
        <xades:SignedProperties Id="_3c3e1cb4d9384797befc5ea5940c1857">
          <xades:SignedSignatureProperties>
            <xades:SigningTime>2020-01-30T12:22:56</xades:SigningTime>
          </xades:SignedSignatureProperties>
        </xades:SignedProperties>
      </xades:QualifyingProperties>
    </ds:Object>
  </ds:Signature>
</document>
Mikerad
  • 131
  • 2
  • 9
  • See following posting : https://stackoverflow.com/questions/46722997/saml-assertion-in-a-xml-using-c-sharp/46724392 – jdweng Jan 30 '20 at 11:28
  • that ways still has the Uri="" attribute in the reference tag – Mikerad Jan 30 '20 at 12:47
  • Using my code you can build the XML any way you want, leaving out some of the tags or adding additional tags. – jdweng Jan 30 '20 at 13:43

0 Answers0