0

I want to parse an XML-DSIG file and it's content. I've read on wikipedia about it's structure and a little of RFC. But I can't figure out some things, let's say this is an example XML-DSIG I got:

<?xml version="1.0"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <CanonicalizationMethod Algorithm="urn:xml-dsig:transformation:v1.1"/>
    <SignatureMethod Algorithm="some-algo"/>
    <Reference URI="#KeyInfo">
      <Transforms>
        <Transform Algorithm="urn:xml-dsig:transformation:v1.1"/>
      </Transforms>
      <DigestMethod Algorithm="some-algo-256"/>
      <DigestValue>some-hash-256</DigestValue>
    </Reference>
    <Reference URI="#Object">
      <Transforms>
        <Transform Algorithm="urn:xml-dsig:transformation:v1.1"/>
      </Transforms>
      <DigestMethod Algorithm="some-algo-256"/>
      <DigestValue>some-hash-256</DigestValue>
    </Reference>
  </SignedInfo>
  <SignatureValue>signature-value-in-base-64</SignatureValue>
  <KeyInfo Id="KeyInfo">
    <X509Data>
      <X509Certificate>x509-cert-in-base-64</X509Certificate>
    </X509Data>
  </KeyInfo>
  <Object Id="Object">
    <Result>
      ...Initial XML I was signing...
    </Result>
  </Object>
</Signature>

My questions are:

  1. If #KeyInfo is in <Reference> tag that means the <KeyInfo> section is being signed too? (Because wiki says "One or more Reference elements specify the resource being signed by URI reference"). That leads to the second question
  2. If signature value signs both data in tags <KeyInfo> and <Object>, what is getting signed actually? Is it just hashes of these two parts of the xml that were computed and that are in <DigestValue> tag, or is it the whole tags starting from <KeyInfo and till </KeyInfo> closing tag with the data between it? (same question with <Object>).

Wiki doesn't specify such things and I got lost in RFC and can't find the answers to these questions.

Arzybek
  • 547
  • 2
  • 6
  • 27

1 Answers1

0
  1. Yes, the KeyInfo will be included in the signature.
  2. The content of the SignedInfo element is what actually gets signed. It is first canonicalised using the specified transformation and then the bytes of that serialised element are fed into your chosen signature algorithm. The actual content (KeyInfo and Object) are included in the signature by the presence of the DigestValue elements in the SignedInfo rather than being signed directly. So it’s crucial that you verify that those hash values are correct during signature verification.
Arzybek
  • 547
  • 2
  • 6
  • 27