search

PeculiarVentures / xadesjs

A pure Typescript/Javascript implementation of XAdES based on XMLDSIGjs. (Keywords: WebCrypto, XMLDSIG, XADES, eIDAS, Trust List, X.509, CRL, OCSP)
https://xadesjs.com
MIT License
141 stars 49 forks source link

Object element #65

Open gine opened 6 years ago

gine commented 6 years ago

I don't understand how i can generate an enveloped-signature without the xades's reference and the element attached on the signature element.Ca you make me an example. Thanks.

microshine commented 6 years ago

Here is example of XAdES-EPES signature creating. This is working code.

You can remove selected code for getting simple XAdES signature

gine commented 6 years ago

i'm using the browser version of XAdES. I include:

'vendor/asmcrypto/index.js',
'vendor/webcrypto-liner.min/index.js',
'vendor/xades.js',

My code looks like your example but I continue to have the object element. Furthermore i have other 2 problems:

  1. Signature element must haven't the id attribute
  2. The Reference element must have the uri attribute setted to the root element (uri="")
SignXml(rcd, key, { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-256" } }, preparePem(certFabbricantePem))
.then(function(signedDocument){
  console.log(signedDocument);
});
function SignXml(xmlString, key, algorithm, cert) {
    var signedXml;
    return Promise.resolve()
        .then(() => {
            var xmlDoc = XAdES.Parse(xmlString);
            signedXml = new XAdES.SignedXml();

            return signedXml.Sign(               
                algorithm,      
                key,      
                xmlDoc,   
                {                                 
            x509: [cert],
                    references: [{ uri: "", hash: "SHA-256", transforms: ["enveloped"] }],
                })
        })
        .then(() => signedXml.GetXml());
}
microshine commented 6 years ago

@gine I'll create HTML example for you a bit later

gine commented 6 years ago

This is what i'm trying to do:

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
        <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
        <ds:Reference URI="">
            <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
            <ds:DigestValue>zc=</ds:DigestValue>
        </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue>tA==</ds:SignatureValue>
    <ds:KeyInfo>
        <ds:X509Data>
            <ds:X509Certificate>tA==</ds:X509Certificate>
        </ds:X509Data>
    </ds:KeyInfo>
</ds:Signature>

And this is what i can create with xades and the code above (in a comment what i need and what i don't want):

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="id-fe0cee136f14"> <!-- i need to remove this id: Id="id-fe0cee136f14" -->
    <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
        <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
        <ds:Reference > <!-- here i want URI="" -->
            <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
            <ds:DigestValue>zc=</ds:DigestValue>
        </ds:Reference>
               <!-- i don't want that part1 -->
            <ds:Reference URI="#xades-id-fe0cee136f14" Type="http://uri.etsi.org/01903#SignedProperties">
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
               <ds:DigestValue>4Ikh2diAjgrBVmZjLi1/gOVeR3wurnMrJhNol/I2CZc=</ds:DigestValue>
           </ds:Reference>
               <!-- until here1 -->
    </ds:SignedInfo>
    <ds:SignatureValue>tA==</ds:SignatureValue>
        <!-- i don't want that part2 -->
    <ds:Object>
        <xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Target="#id-fe0cee136f14">
            <xades:SignedProperties Id="xades-id-fe0cee136f14">
                <xades:SignedSignatureProperties>
                    <xades:SigningTime>2018-02-16T11:47:41.446Z</xades:SigningTime>
                    <xades:SignaturePolicyIdentifier><xades:SignaturePolicyImplied/>
                </xades:SignaturePolicyIdentifier></xades:SignedSignatureProperties>
            </xades:SignedProperties>
        </xades:QualifyingProperties>
    </ds:Object>
         <!-- until here2 -->
    <ds:KeyInfo>
        <ds:X509Data>
            <ds:X509Certificate>tA==</ds:X509Certificate>
        </ds:X509Data>
    </ds:KeyInfo>
</ds:Signature>
microshine commented 6 years ago

Do you need xmldsig?

gine commented 6 years ago

@microshine what do you mean?

microshine commented 6 years ago

xml signature without QualifyingProperties is xmldsig xml signature with QualifyingProperties is xades

gine commented 6 years ago

So i need xmldsig.

microshine commented 6 years ago

just try to use xmldsigjs instead of xadesjs. It has the same API

gine commented 6 years ago

Yes it works well except for the URI empty attribute in the Reference element. If i set uri="" in the ReferenceOptions, the code produced doesn't have it. It's already present a similar issue. But i think that i am off topic here.

  • © Githubissues.
  • Githubissues is a development platform for aggregating issues.