1

I need to sign a XML file with a private RSA key to be verified with my C# application. When I sign the xml with my C# application, this is the final output:

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
    <Reference URI="">
      <Transforms>
        <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
      </Transforms>
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
      <DigestValue>VIRRzqwb20aCSXrRTX1Y5vW//IA=</DigestValue>
    </Reference>
  </SignedInfo>
  <SignatureValue>mS3JQ/KmyXCayLly4hHRXKM51jPy230B3h4ngjzOhq0xR/7BRDQP2wfp7ugVcL5kMWaV+pBHbJgdvvu8OrzyxCUQ+R7RYqWpEBYJHUARov0Pws7oFybFpmzRnwhg2gPaPEzcVpK4VL4G1iM07XgmoSKM8Id0fRQ1lD+4BEcAxNY=</SignatureValue>
</Signature>

Signing in C#:

public static void SignXmlDocument(RSA key, XmlDocument doc)
{
    var sxml = new SignedXml(doc);
    sxml.SigningKey = key;
    sxml.SignedInfo.CanonicalizationMethod = SignedXml.XmlDsigCanonicalizationUrl;
    var r = new Reference("");
    r.AddTransform(new XmlDsigEnvelopedSignatureTransform(false));
    sxml.AddReference(r);
    sxml.ComputeSignature();
    var sig = sxml.GetXml();
    doc.DocumentElement.AppendChild(sig);
}

How can I make the same in PHP?

Deduplicator
  • 44,692
  • 7
  • 66
  • 118
Leandro Battochio
  • 355
  • 6
  • 18
  • Implement [XMLDSIG](http://www.w3.org/TR/xmldsig-core/) in PHP or use an existing [library](https://github.com/Maks3w/xmldsig). – Mike Nov 06 '13 at 18:02
  • Can't understand how to use it? Tried several ways to create an instance of `XmlseclibsAdapter` but only errors. I even created a single file with all the contents of `AdapterInterface.php` and `XmlseclibsAdapter.php` into a single file and tried working from there, but then somewhot it said `Fatal error: Class 'XmlseclibsAdapter' not found`. – Leandro Battochio Nov 06 '13 at 20:05
  • Do you solve this problem? I have same problem and using XMLDsig this lib signature doesnot mutch – baxri May 17 '17 at 13:48

1 Answers1

1

You can use XMLDsig

Install the library and register the paths in your autoloader. If you use composer both steps are automatic.

require_once __DIR__ . '/vendor/autoload.php';

$xmlDocument = new DOMDocument();
$xmlDocument..... // define the contents to sign

$xmlTool = new FR3D\XmlDSig\Adapter\XmlseclibsAdapter();
$xmlTool->setPrivateKey(file_get_contents('<path to your private key>/private.pem');
$xmlTool->addTransform(FR3D\XmlDSig\Adapter\XmlseclibsAdapter::ENVELOPED);

$xmlTool->sign($xmlDocument);

Now $xmlDocument has the <signature> element at the end.

Maks3w
  • 6,014
  • 6
  • 37
  • 42