[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Fwd: Mini UBL-Dev digital signature plugtest
Fellow UBL Security SC members, Just in case you were not subscribed to UBL-Dev, I thought I would post here that I have built an environment for signing UBL documents that I will be making available for free from my web site. It makes use of stuff I've written and stuff I point to elsewhere on the Internet that is freely available. Before I do so, however, if any members can find the time to please inspect the attached documents that I created in my environment, it would help me to know early on if what I am doing is acceptable or not. Four documents are in the ZIP file, one with an error ("hacked1") and three without. One of the valid documents has two signatures in it ("hacked2"; I'm using "hacked" from the perspective of the first signature in that the second signature has been added to the file without disturbing the digital signature of the first). When complete, the environment will allow one to add any number of signatures to a UBL document and validate all signatures found in a UBL document. I look forward to your critical feedback regarding their accuracy as soon as possible so that I can release this environment for others to use. Thanks for your assistance! . . . . . . . . . . . Ken Date: Fri, 22 Oct 2010 17:42:47 -0400 To: UBL-Dev <ubl-dev@lists.oasis-open.org> From: "G. Ken Holman" <gkholman@CraneSoftwrights.com> Subject: Mini UBL-Dev digital signature plugtest Hi folks! I've been scrambling this week trying to prepare my freely-downloadable Windows-based environment for digitally signing UBL documents in time for the ETSI plug test on Monday: http://www.etsi.org/plugtests/XAdES-2010/About.htm Only today did I realize that it costs EUR700 (!!!!) to participate. I can't participate in that for something that will be downloaded for free from my web site. So this is an appeal to UBL-Dev members to hold a mini plugtest by running your XAdES software on the attached digitally signed UBL documents. I've ZIPped it and attached it with a ".zzz" extension. Below is a transcript showing publicly-available XML Digital Signature software verifying (or not!) the signed content of each document. If I hack a single byte outside of the <sig:UBLDocumentSignatures> element ("Hacked1"), the verification fails. If I add anything under <sig:UBLDocumentSignatures> such as another signature ("Hacked2"), the verification succeeds. So I think that proves our XPath transform we are using is correct. But ... and here's the mini plugtest ... in my environment I'm testing my stuff with my own stuff. Can someone else out there in UBL-Dev land please validate the attached signed UBL documents? The XMLDSIG software I found checks the digital signature but not the XAdES aspect of the signature. I still have a lot of work to do to package this for download from my web site, but I think everything is working. If someone else can tell me it is working for them, then I'll post what I've got and then anyone can sign a UBL document. I'm no longer trying to finish for Monday morning, but the faster someone can test this with their own stuff, the faster I'll be more comfortable about posting the free package. Thank you for any help you can be! . . . . . . . . . . . Ken T:\gkholman-UBL-signatures-20101022-2140z>w3cschema u:\ubl\UBL-2.1-PRD1-20100925\xsd\maindoc\UBL-Invoice-2.1.xsd UBL-Invoice-2.1-Signed.xml Xerces... No validation errors. Saxon... No validation errors. Altova... The XML data is valid. T:\gkholman-UBL-signatures-20101022-2140z>w3cschema u:\ubl\UBL-2.1-PRD1-20100925\xsd\maindoc\UBL-Order-2.1.xsd UBL-Order-2.1-Signed.xml Xerces... No validation errors. Saxon... No validation errors. Altova... The XML data is valid. T:\gkholman-UBL-signatures-20101022-2140z>w3cschema u:\ubl\UBL-2.1-PRD1-20100925\xsd\maindoc\UBL-Invoice-2.1.xsd UBL-Invoice-2.1-Hacked1.xml Xerces... No validation errors. Saxon... No validation errors. Altova... The XML data is valid. T:\gkholman-UBL-signatures-20101022-2140z>w3cschema u:\ubl\UBL-2.1-PRD1-20100925\xsd\maindoc\UBL-Invoice-2.1.xsd UBL-Invoice-2.1-Hacked2.xml Xerces... No validation errors. Saxon... No validation errors. Altova... The XML data is valid. T:\gkholman-UBL-signatures-20101022-2140z>\xmlsec\bin\xmlsec.exe --verify UBL-Invoice-2.1-Signed.xml OK SignedInfo References (ok/all): 1/1 Manifests References (ok/all): 0/0 T:\gkholman-UBL-signatures-20101022-2140z>\xmlsec\bin\xmlsec.exe --verify UBL-Order-2.1-Signed.xml OK SignedInfo References (ok/all): 1/1 Manifests References (ok/all): 0/0 T:\gkholman-UBL-signatures-20101022-2140z>\xmlsec\bin\xmlsec.exe --verify UBL-Invoice-2.1-Hacked1.xml func=xmlSecOpenSSLEvpDigestVerify:file=..\src\openssl\digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid data:data and digest do not match FAIL SignedInfo References (ok/all): 0/1 Manifests References (ok/all): 0/0 Error: failed to verify file "UBL-Invoice-2.1-Hacked1.xml" T:\gkholman-UBL-signatures-20101022-2140z>\xmlsec\bin\xmlsec.exe --verify UBL-Invoice-2.1-Hacked2.xml OK SignedInfo References (ok/all): 1/1 Manifests References (ok/all): 0/0 T:\gkholman-UBL-signatures-20101022-2140z>
gkholman-UBL-signatures-20101022-2140z.zzz
-- XSLT/XQuery training: after http://XMLPrague.cz 2011-03-28/04-01 Vote for your XML training: http://www.CraneSoftwrights.com/u/i/ Crane Softwrights Ltd. http://www.CraneSoftwrights.com/u/ G. Ken Holman mailto:gkholman@CraneSoftwrights.com Male Cancer Awareness Nov'07 http://www.CraneSoftwrights.com/u/bc Legal business disclaimers: http://www.CraneSoftwrights.com/legal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]