OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ubl-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Mini UBL-Dev digital signature plugtest

Hi folks!

I've been scrambling this week trying to prepare my 
freely-downloadable Windows-based environment for digitally signing 
UBL documents in time for the ETSI plug test on Monday:

   http://www.etsi.org/plugtests/XAdES-2010/About.htm

Only today did I realize that it costs EUR700 (!!!!) to 
participate.  I can't participate in that for something that will be 
downloaded for free from my web site.

So this is an appeal to UBL-Dev members to hold a mini plugtest by 
running your XAdES software on the attached digitally signed UBL 
documents.  I've ZIPped it and attached it with a ".zzz" extension.

Below is a transcript showing publicly-available XML Digital 
Signature software verifying (or not!) the signed content of each 
document.  If I hack a single byte outside of the 
<sig:UBLDocumentSignatures> element ("Hacked1"), the verification 
fails.  If I add anything under <sig:UBLDocumentSignatures> such as 
another signature ("Hacked2"), the verification succeeds.  So I think 
that proves our XPath transform we are using is correct.

But ... and here's the mini plugtest ... in my environment I'm 
testing my stuff with my own stuff.  Can someone else out there in 
UBL-Dev land please validate the attached signed UBL documents?

The XMLDSIG software I found checks the digital signature but not the 
XAdES aspect of the signature.

I still have a lot of work to do to package this for download from my 
web site, but I think everything is working.  If someone else can 
tell me it is working for them, then I'll post what I've got and then 
anyone can sign a UBL document.  I'm no longer trying to finish for 
Monday morning, but the faster someone can test this with their own 
stuff, the faster I'll be more comfortable about posting the free package.

Thank you for any help you can be!

. . . . . . . . . . . Ken

T:\gkholman-UBL-signatures-20101022-2140z>w3cschema 
u:\ubl\UBL-2.1-PRD1-20100925\xsd\maindoc\UBL-Invoice-2.1.xsd 
UBL-Invoice-2.1-Signed.xml
Xerces...
No validation errors.
Saxon...
No validation errors.
Altova...
The XML data is valid.

T:\gkholman-UBL-signatures-20101022-2140z>w3cschema 
u:\ubl\UBL-2.1-PRD1-20100925\xsd\maindoc\UBL-Order-2.1.xsd 
UBL-Order-2.1-Signed.xml
Xerces...
No validation errors.
Saxon...
No validation errors.
Altova...
The XML data is valid.

T:\gkholman-UBL-signatures-20101022-2140z>w3cschema 
u:\ubl\UBL-2.1-PRD1-20100925\xsd\maindoc\UBL-Invoice-2.1.xsd 
UBL-Invoice-2.1-Hacked1.xml
Xerces...
No validation errors.
Saxon...
No validation errors.
Altova...
The XML data is valid.

T:\gkholman-UBL-signatures-20101022-2140z>w3cschema 
u:\ubl\UBL-2.1-PRD1-20100925\xsd\maindoc\UBL-Invoice-2.1.xsd 
UBL-Invoice-2.1-Hacked2.xml
Xerces...
No validation errors.
Saxon...
No validation errors.
Altova...
The XML data is valid.

T:\gkholman-UBL-signatures-20101022-2140z>\xmlsec\bin\xmlsec.exe 
--verify UBL-Invoice-2.1-Signed.xml
OK
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0

T:\gkholman-UBL-signatures-20101022-2140z>\xmlsec\bin\xmlsec.exe 
--verify UBL-Order-2.1-Signed.xml
OK
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0

T:\gkholman-UBL-signatures-20101022-2140z>\xmlsec\bin\xmlsec.exe 
--verify UBL-Invoice-2.1-Hacked1.xml
func=xmlSecOpenSSLEvpDigestVerify:file=..\src\openssl\digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid 
data:data and digest do not match
FAIL
SignedInfo References (ok/all): 0/1
Manifests References (ok/all): 0/0
Error: failed to verify file "UBL-Invoice-2.1-Hacked1.xml"

T:\gkholman-UBL-signatures-20101022-2140z>\xmlsec\bin\xmlsec.exe 
--verify UBL-Invoice-2.1-Hacked2.xml
OK
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0

T:\gkholman-UBL-signatures-20101022-2140z>

--
XSLT/XQuery training:   after http://XMLPrague.cz 2011-03-28/04-01
Vote for your XML training:   http://www.CraneSoftwrights.com/u/i/
Crane Softwrights Ltd.          http://www.CraneSoftwrights.com/u/
G. Ken Holman                 mailto:gkholman@CraneSoftwrights.com
Male Cancer Awareness Nov'07  http://www.CraneSoftwrights.com/u/bc
Legal business disclaimers:  http://www.CraneSoftwrights.com/legal

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]