Open gine opened 6 years ago
Here is example of XAdES-EPES signature creating. This is working code.
You can remove selected code for getting simple XAdES signature
i'm using the browser version of XAdES. I include:
'vendor/asmcrypto/index.js',
'vendor/webcrypto-liner.min/index.js',
'vendor/xades.js',
My code looks like your example but I continue to have the object element. Furthermore i have other 2 problems:
SignXml(rcd, key, { name: "RSASSA-PKCS1-v1_5", hash: { name: "SHA-256" } }, preparePem(certFabbricantePem))
.then(function(signedDocument){
console.log(signedDocument);
});
function SignXml(xmlString, key, algorithm, cert) {
var signedXml;
return Promise.resolve()
.then(() => {
var xmlDoc = XAdES.Parse(xmlString);
signedXml = new XAdES.SignedXml();
return signedXml.Sign(
algorithm,
key,
xmlDoc,
{
x509: [cert],
references: [{ uri: "", hash: "SHA-256", transforms: ["enveloped"] }],
})
})
.then(() => signedXml.GetXml());
}
@gine I'll create HTML example for you a bit later
This is what i'm trying to do:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>zc=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>tA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>tA==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
And this is what i can create with xades and the code above (in a comment what i need and what i don't want):
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="id-fe0cee136f14"> <!-- i need to remove this id: Id="id-fe0cee136f14" -->
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference > <!-- here i want URI="" -->
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>zc=</ds:DigestValue>
</ds:Reference>
<!-- i don't want that part1 -->
<ds:Reference URI="#xades-id-fe0cee136f14" Type="http://uri.etsi.org/01903#SignedProperties">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>4Ikh2diAjgrBVmZjLi1/gOVeR3wurnMrJhNol/I2CZc=</ds:DigestValue>
</ds:Reference>
<!-- until here1 -->
</ds:SignedInfo>
<ds:SignatureValue>tA==</ds:SignatureValue>
<!-- i don't want that part2 -->
<ds:Object>
<xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Target="#id-fe0cee136f14">
<xades:SignedProperties Id="xades-id-fe0cee136f14">
<xades:SignedSignatureProperties>
<xades:SigningTime>2018-02-16T11:47:41.446Z</xades:SigningTime>
<xades:SignaturePolicyIdentifier><xades:SignaturePolicyImplied/>
</xades:SignaturePolicyIdentifier></xades:SignedSignatureProperties>
</xades:SignedProperties>
</xades:QualifyingProperties>
</ds:Object>
<!-- until here2 -->
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>tA==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
Do you need xmldsig?
@microshine what do you mean?
xml signature without QualifyingProperties is xmldsig xml signature with QualifyingProperties is xades
So i need xmldsig.
just try to use xmldsigjs instead of xadesjs. It has the same API
I don't understand how i can generate an enveloped-signature without the xades's reference and the