Signing elements inside <Signature>

[jmbrito01]

I'm trying to use xml-crypto to sign some ISO-20022 messages following the Brazilian Central Bank pattern, one of the requirements is to create a signature from the x509 KeyInfo.
Is there a way today to use addReference to sign elements inside the Signature element?

I need something like this:

<Envelope xmlns="pacs.008.spi.1.0.xsd">
  <AppHdr>
    <Sgntr>
      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
          <ds:Reference URI="#b2177f73-7685-39ac-83db-fa00ffd2b89c">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
            <ds:DigestValue>zqj93e6vEFVL2Pssc9nUdPweSYVxUadBaTebSuaCG0I=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference URI="">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
            <ds:DigestValue>LrZoVaudkSbJbCM8/s0QT7ejlPGNVHt0uaT/HrCoZX8=</ds:DigestValue>
          </ds:Reference>
          <ds:Reference>
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
            <ds:DigestValue>
xaYzMm+MbzWxgpZyRPUTa7X6mFQ6bn5EAccCtcXOOEc=
</ds:DigestValue>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>z2rH67+Rv3ofKoGkrufiUXSgLO3DxqblwuaTbR5qbyYHnVrOPB5su3wwAJoAPNEW5Lr Sh9pD3ECq4nrRd7UDHi9cmSalr42zKPvpwvVPZTgQkGTyvyQAFCUCnfhpj/qalU1fIfw0Ie60WTsqHnAY/sUXn6HIBdHtJ/Vd7ZuWB8elCd09DE3MlV9gTqN7KCgEEvw+y0KvODme1SXngVKNA//udA4nhpsUCqDQpCmNzUXDG9yWiziSL4fXE/IQ1frgoglw/IZkZ1Emc4VdNJd+q4U3HJBThHeMj1fYtucLS/JZi+urbAIolIwpYldGgmd/sEEKe0gE9cMWryjsSVBnxg==
             </ds:SignatureValue>
        <ds:KeyInfo Id="b2177f73-7685-39ac-83db-fa00ffd2b89c">
          <ds:X509Data>
            <ds:X509IssuerSerial>
              <ds:X509IssuerName>CN=SPI - Banco Central do Brasil</ds:X509IssuerName>
              <ds:X509SerialNumber>17649420304715376549</ds:X509SerialNumber>
            </ds:X509IssuerSerial>
          </ds:X509Data>
        </ds:KeyInfo>
      </ds:Signature>
    </Sgntr>
  </AppHdr>
  <Document>
       </Document>
</Envelope>

Where URI='' is the signature from the AppHdr without the Signature element, URI='uuid' is the signature from the KeyInfo(A x509 certificate) and ds:Reference is the signature from the Document element.

I was able to do the URI='' but the other two i couldn't do using the documentation.
Is there some way to do this on xml-crypto?

[bermr]

hey! did you get any success with that?

[heena-snap]

Hey i am also facing same issue with id attribute _0 in reference tag in XML-signature anyone having how to handle it from java-script side please let me know

[heena-snap]

due to In reference tag _0 taking by-default how to handle it that id attribute ...?

[cjbarth]

@jmbrito01 , I pretty-printed your XML to make it easier to read. It would also be useful to see what XML you're starting with and what code you're using. Ideally, we'd like to see a PR with a failing test so that once this is fixed we can make sure it never breaks again. Would you or @bermr or @heena-snap be able to provide such a PR?

[brugambwa]

Hi, @jmbrito01 or @heena-snap did you succeed in solving this problem? I am having the same problem.

[sibelius]

how did you solve this issue X509IssuerName ?

[sibelius]

how to reference a KeyInfo ?

[bermr]

i solved by not using the lib

[sibelius]

Are you using another library? Or something else?

[brugambwa]

i solved by not using the lib

What did you use? Could you please share/guide us?

[bermr]

i solved by not using the lib

What did you use? Could you please share/guide us?

i used crypto to create digests and xmlbuilder2 to build and manipulate the doc

[srd90]

Where URI='' is the signature from the AppHdr without the Signature element, URI='uuid' is the signature from the KeyInfo(A x509 certificate) and ds:Reference is the signature from the Document element.

Copy pasting comment from: #486 (comment)

---

Regarding Reference which URI attribute is omitted spec https://www.w3.org/TR/2008/REC-xmldsig-core-20080610/#sec-URI says:

If the URI attribute is omitted altogether, the receiving application is expected to know the identity of the object. For example, a lightweight data protocol might omit this attribute given the identity of the object is part of the application context. This attribute may be omitted from at most one Reference in any particular SignedInfo, or Manifest.

So (IMHO) it seems that at the end of the day one has to construct signature without the help of xml-crypto because at least I can't figure out how xml-crypto would be made aware which part of the document should be handled when reference without URI is added.

This second opinion backs aforementioned interpretation: https://stackoverflow.com/questions/15522098/java-xmldsig-reference-with-no-uri/18526152#18526152

---

Regarding

URI='uuid' is the signature from the KeyInfo(A x509 certificate)

Solution for that is WIP at

• [ENHANCEMENT]: Improve experience of adding a Reference to the Signature. #463
• Initial code to sign keyinfo #464

Regarding

Where URI='' is the signature from the AppHdr without the Signature element

Spec says e.g.:

... In this specification, a 'same-document' reference is defined as a URI-Reference that consists of a hash sign ('#') followed by a fragment or alternatively consists of an empty URI ...
The following examples demonstrate what the URI attribute identifies and how it is dereferenced:
...

• URI=""
• Identifies the node-set (minus any comment nodes) of the XML resource containing the signature
  ...

Quick look to xml-crypto codebase did not provide clear answer whether it would use aforementioned node-set (during digest calculation during signing or during digest calculation during validation). Furthermore I did not understand (from the specs) whether node-set is interpreted in this issue's case to be Envelope or AppHdr or Sgntr.

FWIW, based on this #486 (comment) Chilkat had maybe also different opinion (due to unability calculate same digest for reference 2 which has URI='') which node-set (Envelope or AppHdr or Sgntr) it should use in case of empty URI than the program which generated signed document. And reason why Chilkat was unable to calculate same digest for reference which did not have URI at all might be caused by the fact that it isn't aware of which object that reference refers to.

Full disclosure: I am not a xmlsig expert. Just had some free time to invest out of curiosity.

IMHO #486 should be closed because it is about some java stack related problem even though better issue context extraction process ended up to about same problem as this issue and this #204 should stay open until someone has determined whether URI='' case has some xml-crypto related issue (from signature generation or validation pov) or whether it is validatable only with some custom implementstion which uses even lower level APIs (like someone had already done).

FWIW2, South-America region has also other interesting xmlsigning cases like #473 and #115