0
<SIGNATURES>
    <Signature Id="_041f3337-f6ad-4809-8700-eff1f374830e"
        xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
            <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
            <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <Reference URI="#_3cef4156-ab0f-4d32-b213-8de4581a17bb">
                <Transforms>
                    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                </Transforms>
                <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <DigestValue>Gvm5MZ9Zw9gRSFTVRZxMtpeeXJw=</DigestValue>
            </Reference>
            <Reference URI="#_e5531cfd-8c44-452f-bc02-6fb5f9a9dc02">
                <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <DigestValue>PQQoYcX5onnJA8xLlI4xkRxB53w=</DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue>rRZwT9P4rZFr+uPuOAfCbc+WScJrkFTnNvkM5zKGGMSVDAPRFkoHa5M8ivf+0cpE5rBkvnEkJzrK1g5hTV29zxV28xYSY0v5VQM3dc40WWQeGBEgB+aa3/oJyN2JxxEEhw9WYJx+jSQsMM7Wv50bewuTU3oto5USv1ePHp9oDnQn5x14N+FXe7Iw9WTQDmv8Nz3No420lsb+3m6NbAhsAHvlnYVYxyJDbSVMx3Sso2iHdIkIScIBjY/cdPybPbEKpOXy7wX8vcCeT2p2quDfqXsfgcvX3rPU3WiPmry08tre/G0AKhnSo3dXYjD0qVzCDsbuxSdnE1xV3U4FZlpSLA==</SignatureValue>
        <KeyInfo>
            <X509Data>
                <X509IssuerSerial>
                    <X509IssuerName>CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US</X509IssuerName>
                    <X509SerialNumber>12927711549898519737061701825646900021</X509SerialNumber>
                </X509IssuerSerial>
                <X509SubjectName>CN=idfn-1esign.conformx.com, O="Docutech, LLC", L=Idaho Falls, S=Idaho, C=US</X509SubjectName>
                <X509Certificate>MIIGRDCCBSygAwIBAgIQCbnJY8Vh6IngqzyRDvEzNTANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSkwJwYDVQQDEyBEaWdpQ2VydCBUTFMgUlNBIFNIQTI1NiAyMDIwIENBMTAeFw0yMTAzMDEwMDAwMDBaFw0yMjA0MDEyMzU5NTlaMG4xCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVJZGFobzEUMBIGA1UEBxMLSWRhaG8gRmFsbHMxFjAUBgNVBAoTDURvY3V0ZWNoLCBMTEMxITAfBgNVBAMTGGlkZm4tMWVzaWduLmNvbmZvcm14LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK6uyGj03iknqHCvR+fMiSZER8yP8898GCJ82QOeFEAxwnLkrGIKS0EEC+LlsjP3rds77Wu2eGvKDlJdSGqyS3QNonL9aUHHFDFa198s4TttvgA+fcP7R4CHCgQtbtLxo8ceNOSzlbFIRbiCMVGV6pA+KkS1FOksk+114aq2y1voeMCKUCHHRdp0Wh2s7eZ32KcLwr3yIWNNdXlmcAwyToWRxnS8DLvCY+1zpFzaqLeqRvLcvdyRJge506Sk/g+lxFqV9qiwsbv2D8jEWdQVk/555XLIeiHEi8MCVNVkNJCjUE6t07CwNs0zAEkfZtl4NIrrEsODcM3K9Zg0BNylCl0CAwEAAaOCAvswggL3MB8GA1UdIwQYMBaAFLdrouqoqoSMeeq02g+YssWVdrn0MB0GA1UdDgQWBBQr29MC3kryVKaZDNlNTiGB2c21pTAjBgNVHREEHDAaghhpZGZuLTFlc2lnbi5jb25mb3JteC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBiwYDVR0fBIGDMIGAMD6gPKA6hjhodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLmNybDA+oDygOoY4aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VExTUlNBU0hBMjU2MjAyMENBMS5jcmwwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMH0GCCsGAQUFBwEBBHEwbzAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEcGCCsGAQUFBzAChjtodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUTFNSU0FTSEEyNTYyMDIwQ0ExLmNydDAMBgNVHRMBAf8EAjAAMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHYAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAF37tm2TAAABAMARzBFAiEAsKIh+IXScut6Nj2Ss4PYyy+8QQoUoZf7cNJxjMASVv4CIEsccSe8qRwtQiiUmnU3RWW7noLQaDn/Gb6WXJ3VjDIGAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt/XcaDXG7iDwIAAAF37tm2nwAABAMARzBFAiABe/gP+U2BlCFYLbuvhRu0UntAgJhju9QQMlOhemkNGgIhAMUmBCVjmzgGVICwCwmwLC4ejCqNP9kMnNUjQI8y2TMsMA0GCSqGSIb3DQEBCwUAA4IBAQBu4ex6B0xZpRHlPU71EiilqBgDIVn5Q+1ir1u0wA8lsDALQTu31X0eu+0DQL6+pxLutvotKgDhAFAloA+3Icktv1vJ9DU+RCylY+g2cHpfY4gWHBY/iRXRyUBFjP7vkS5Md7+2bwVzkluzjXxw7b2nLBjpikVD/m9Qz987E9oqCn85D3tT3GhvQ7knDuO3UOLaUjmoMdlTPPs+FgDX2DQT6gyI3zvQmHPhfQtPWM1K9xAmAnZAQgsbfOhgYxnivUWABaM00OCV1lyvkMUA635WZUrk5Jwlj9Y0ve/LdnqMYRFKaZCs9+G190L0tzl8VkojS185JuWid+7gWXsM1JtM</X509Certificate>
            </X509Data>
        </KeyInfo>
    </Signature>
</SIGNATURES>

The signature integrity check method looks like the following:

We check all References located in the SignedInfo section, apply canonicalization methods, calculating the hash and checking it with the hash in the DigestValue element, if the hash is equal to the calculated one, then the signed elements have not changed.
Then, as far as I understand, we need to recalculate the hash for the entire SignedInfo section and sign it with a private key, and enter the resulting value into the SignatureValue element, as I would do if I created a signature signature.

However, I need to check the integrity of the SignedInfo, there is no way to calculate the SignatureValue, since I do not have the subscriber's private key.
How to verify the integrity of the SignedInfo section with only the SignatureValue and certificate information in the KeyInfo section?
I can't understand the reverse validation process of the SignedInfo section.

MadInc
  • 1
  • 3

0 Answers0