yaronn
Signing elements inside <Signature>
I'm trying to use xml-crypto to sign some ISO-20022 messages following the Brazilian Central Bank pattern, one of the requirements is to create a signature from the x509 KeyInfo. Is there a way today to use addReference to sign elements inside the Signature element?
I need something like this:
<Envelope xmlns="pacs.008.spi.1.0.xsd">
<AppHdr>
<Sgntr>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#b2177f73-7685-39ac-83db-fa00ffd2b89c">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>zqj93e6vEFVL2Pssc9nUdPweSYVxUadBaTebSuaCG0I=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>LrZoVaudkSbJbCM8/s0QT7ejlPGNVHt0uaT/HrCoZX8=</ds:DigestValue>
</ds:Reference>
<ds:Reference>
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>
xaYzMm+MbzWxgpZyRPUTa7X6mFQ6bn5EAccCtcXOOEc=
</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>z2rH67+Rv3ofKoGkrufiUXSgLO3DxqblwuaTbR5qbyYHnVrOPB5su3wwAJoAPNEW5Lr Sh9pD3ECq4nrRd7UDHi9cmSalr42zKPvpwvVPZTgQkGTyvyQAFCUCnfhpj/qalU1fIfw0Ie60WTsqHnAY/sUXn6HIBdHtJ/Vd7ZuWB8elCd09DE3MlV9gTqN7KCgEEvw+y0KvODme1SXngVKNA//udA4nhpsUCqDQpCmNzUXDG9yWiziSL4fXE/IQ1frgoglw/IZkZ1Emc4VdNJd+q4U3HJBThHeMj1fYtucLS/JZi+urbAIolIwpYldGgmd/sEEKe0gE9cMWryjsSVBnxg==
</ds:SignatureValue>
<ds:KeyInfo Id="b2177f73-7685-39ac-83db-fa00ffd2b89c">
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>CN=SPI - Banco Central do Brasil</ds:X509IssuerName>
<ds:X509SerialNumber>17649420304715376549</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</Sgntr>
</AppHdr>
<Document>
</Document>
</Envelope>
Where URI='' is the signature from the AppHdr without the Signature element, URI='uuid' is the signature from the KeyInfo(A x509 certificate) and ds:Reference is the signature from the Document element.
I was able to do the URI='' but the other two i couldn't do using the documentation. Is there some way to do this on xml-crypto?
Hey i am also facing same issue with id attribute _0 in reference tag in XML-signature anyone having how to handle it from java-script side please let me know
due to In reference tag _0 taking by-default how to handle it that id attribute ...?
@jmbrito01 , I pretty-printed your XML to make it easier to read. It would also be useful to see what XML you're starting with and what code you're using. Ideally, we'd like to see a PR with a failing test so that once this is fixed we can make sure it never breaks again. Would you or @bermr or @heena-snap be able to provide such a PR?
Hi, @jmbrito01 or @heena-snap did you succeed in solving this problem? I am having the same problem.
