我的XML数字签名具有以下摘录:
<Signature Id="idPackageSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#idOfficeObject" Type="http://www.w3.org/2000/09/xmldsig#Object">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>ofqf9+Tj0qTkkExCEOwFz0V4aNo=</DigestValue>
</Reference>
</SignedInfo>
<Object Id="idOfficeObject"><SignatureProperties><SignatureProperty Id="idOfficeV1Details" Target="#idPackageSignature"><SignatureInfoV1 xmlns="http://schemas.microsoft.com/office/2006/digsig"><SetupID/><SignatureText/><SignatureImage/><SignatureComments>test</SignatureComments><WindowsVersion>6.1</WindowsVersion><OfficeVersion>14.0</OfficeVersion><ApplicationVersion>14.0</ApplicationVersion><Monitors>1</Monitors><HorizontalResolution>1920</HorizontalResolution><VerticalResolution>1200</VerticalResolution><ColorDepth>32</ColorDepth><SignatureProviderId>{00000000-0000-0000-0000-000000000000}</SignatureProviderId><SignatureProviderUrl/><SignatureProviderDetails>9</SignatureProviderDetails><ManifestHashAlgorithm>http://www.w3.org/2000/09/xmldsig#sha1</ManifestHashAlgorithm><SignatureType>1</SignatureType></SignatureInfoV1></SignatureProperty></SignatureProperties></Object>
引用的Object元素应该具有摘要值ofqf9 + Tj0qTkkExCEOwFz0V4aNo =。我规范化了Object元素,并获得以下输出,对我来说似乎是正确的:
<Object Id="idOfficeObject"><SignatureProperties><SignatureProperty Id="idOfficeV1Details" Target="#idPackageSignature"><SignatureInfoV1 xmlns="http://schemas.microsoft.com/office/2006/digsig"><SetupID></SetupID><SignatureText></SignatureText><SignatureImage></SignatureImage><SignatureComments>test</SignatureComments><WindowsVersion>6.1</WindowsVersion><OfficeVersion>14.0</OfficeVersion><ApplicationVersion>14.0</ApplicationVersion><Monitors>1</Monitors><HorizontalResolution>1920</HorizontalResolution><VerticalResolution>1200</VerticalResolution><ColorDepth>32</ColorDepth><SignatureProviderId>{00000000-0000-0000-0000-000000000000}</SignatureProviderId><SignatureProviderUrl></SignatureProviderUrl><SignatureProviderDetails>9</SignatureProviderDetails><ManifestHashAlgorithm>http://www.w3.org/2000/09/xmldsig#sha1</ManifestHashAlgorithm><SignatureType>1</SignatureType></SignatureInfoV1></SignatureProperty></SignatureProperties></Object>
我将其存储在文件'inputxml'中,并尝试使用以下命令获取sha1摘要的base64编码版本:
% shasum inputxml | cut -f 1 -d ' ' | xxd -r -p | base64
/zTi8HGHX9X+csjULYLt6FLrm3g=
计算出的摘要值与XML签名中的值不匹配。我究竟做错了什么?我尝试了多种方法和调整,但是无法获得正确的摘要值。
注意:XML签名正确验证。因此,值是正确的,但我缺少一些步骤或细节。谢谢你的帮助。如果不是很清楚,请让我知道如何进一步阐述或阐明我的问题。
最后我让它开始工作。我的规范化标记存在两个问题:
发送到重要平台后,我尝试检查文件是否更改。因此,我必须检查摘要值的正确与否。您能解释一下如何逐步计算值吗?我正在研究,但无法正确检查摘要值。非常感谢。 @SkypeMeSM