dongpan9760
dongpan9760
2014-09-03 10:18
浏览 164

XML签名DigestValue无效

I am trying to sign XML file with PHP and xmlseclibs. However all validation tools say that my signature is invalid. XMLSpy says: "The calculated digest value doesn't match the digest of reference"

This is my XML:

<root><value>x</value></root>

This is the digest I get:

KaMTM32K5rXl9U6MgG2BXuzNxoQ=

Methods I used to get it:

1.) PHP:

$doc = new DOMDocument();
$doc->loadXML('<root><value>x</value></root>');
echo base64_encode(sha1($doc->documentElement->C14N(), true));

2.) OpenSSL:

openssl dgst -binary -sha1 test.xml | openssl enc -base64

3.) This website: http://hash.online-convert.com/sha1-generator

This is the digest that XMLSpy somehow gets and that works:

HedaN7TMgHgq2bRypzavMuFLoCg=

How do I get this digest?

图片转代码服务由CSDN问答提供 功能建议

我正在尝试使用PHP和xmlseclibs签署XML文件。 但是,所有验证工具都说我的签名无效。 XMLSpy说:“计算的摘要值与参考摘要不匹配”

这是我的XML:

 &lt;  root&gt;&lt; value&gt; x&lt; / value&gt;&lt; / root&gt; 
   
 
 

这是我得到的摘要:

  KaMTM32K5rXl9U6MgG2BXuzNxoQ = 
   
 
 

我曾经得到过的方法:

1。)PHP:

  $ doc = new DOMDocument(); 
 $ doc-&gt; loadXML('&lt; root&gt;&lt; value&gt; x&lt; / value&gt;&lt; / root&gt;'); \  necho base64_encode(sha1($ doc-&gt; documentElement-&gt; C14N(),true)); 
   
 
 

2。)OpenSSL:

  openssl dgst -binary -sha1 test.xml |  openssl enc -base64 
   
 
 

3。)本网站: http://hash.online-convert.com/sha1-generator

这是XMLSpy以某种方式得到的摘要,并且有效:

  HedaN7TMgHgq2bRypzavMuFLoCg = 
   
 
 

如何获取此摘要?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongxu7408
    dongxu7408 2014-09-04 15:05
    已采纳

    XMLSpy formats XML before it signs it. It adds line feeds and tabs and C14N does not remove these. When you remove <Signature> you are left with this XML which is used to calculate digest:

    <root>
        <value>x</value>
    
    </root>
    

    Another thing XMLSpy does is that it adds attribute URI="" to <Reference>. PHP library xmlseclibs doesn't do that by default. So I changed my code to this:

    $objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), array('force_uri' => TRUE));
    
    点赞 评论

相关推荐