dongpan9760 2014-09-03 10:18
浏览 339
已采纳

XML签名DigestValue无效

I am trying to sign XML file with PHP and xmlseclibs. However all validation tools say that my signature is invalid. XMLSpy says: "The calculated digest value doesn't match the digest of reference"

This is my XML:

<root><value>x</value></root>

This is the digest I get:

KaMTM32K5rXl9U6MgG2BXuzNxoQ=

Methods I used to get it:

1.) PHP:

$doc = new DOMDocument();
$doc->loadXML('<root><value>x</value></root>');
echo base64_encode(sha1($doc->documentElement->C14N(), true));

2.) OpenSSL:

openssl dgst -binary -sha1 test.xml | openssl enc -base64

3.) This website: http://hash.online-convert.com/sha1-generator

This is the digest that XMLSpy somehow gets and that works:

HedaN7TMgHgq2bRypzavMuFLoCg=

How do I get this digest?

  • 写回答

1条回答 默认 最新

  • dongxu7408 2014-09-04 15:05
    关注

    XMLSpy formats XML before it signs it. It adds line feeds and tabs and C14N does not remove these. When you remove <Signature> you are left with this XML which is used to calculate digest:

    <root>
        <value>x</value>
    
    </root>
    

    Another thing XMLSpy does is that it adds attribute URI="" to <Reference>. PHP library xmlseclibs doesn't do that by default. So I changed my code to this:

    $objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), array('force_uri' => TRUE));
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 请问不小心下载到了钓鱼软件怎么办?
  • ¥15 求国博抢票 求国博抢票 有的私
  • ¥50 swiftui @query 报错
  • ¥50 怎么解决刷卡或扫码后,点击软件输入框,win10屏幕键盘不会自动弹出的问题
  • ¥15 如何使用arcgispro的训练深度模型,发现water和nowater精度为0?(相关搜索:深度学习)
  • ¥20 matlab作业不太懂呀有问题能给个代码吗
  • ¥15 自制电路图为何无法驱动ESP01S?
  • ¥15 前端加access数据库
  • ¥15 ARCGIS 多值提取到点 ERROR 999999
  • ¥15 mysql异常断电, [MY-011971] [InnoDB]