the

the

关注
发信
关注(28)粉丝(399)

如何确定用于 XML 数字签名的“DigestValue"、“SignatureValue"和“RSAKeyValue"

本文介绍了如何确定用于 XML 数字签名的“DigestValue"、“SignatureValue"和“RSAKeyValue"的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在开发一个项目,我需要验证 xml 是否经过数字签名.我真的很难尝试验证 XML 以获取以下关键值

I am working on a project where I need to verify the xml is digitally signed or not.Its really getting hard for me to try and validate the XML for the key values for following

    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <Reference URI=**Some URI Value**>
        <Transforms>
          <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
          <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">

          </Transform>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
        <DigestValue>**Some Digest Value**</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>**Some Signature Value**</SignatureValue>
  <KeyInfo xmlns:type="http://www.w3.org/2000/09/xmldsig#RSAKeyValue">  
    <RSAKeyValue><Modulus>**Some RSA Key Value**</Modulus>  
     <Exponent>AQAB</Exponent>
    </RSAKeyValue>
   </KeyInfo >  
</Signature>

我无法找出如何获取

  1. 引用 URI
  2. 摘要值
  3. 签名值
  4. RSA 模量值

谁能告诉我如何获得上述所有值?在 XML 验证中使用这么多组合背后的逻辑是什么?

Can any one tell me how I can get the values of the all above?and what is the logic behind using these much combinations in XML Validation?

我使用 C# 来检查验证.你可以在我之前的问题中检查 c# 的代码

I am using C# for checking validations.you can check code for c# in my previous questions

  1. 如何验证以下代码的 XML

提前致谢.

推荐答案

如果您只想检查值是否存在,只需使用一些 XML 操作类,如 XDocument.

If you want to just check if the values are there, just use some XML manipulation class like XDocument.

如果你想验证签名你需要明白这一点:

If you want to verify the signature you need to understand this:

  1. 发行人生成文档的 HASH 并放在上面(这是 DigestValue)
  2. 发行人用他的私钥加密这个 HASH 并放入文档(这是 SignatureValue)
  3. 用户随文档一起发送他的证书(这是 X509Certificate 字段).

因此,如果您想检查签名是否有效,则需要使用他的公钥解密 SignatureValue,然后将其与 DigestValue 进行比较.如果两者相等,则您的文档没问题,否则,可能发生了两件事.或者文档在此过程中被修改,或者公钥与加密文档的私钥不一致.

So with you want to check if the signature is valid, you need to decript the SignatureValue with his public key and then compare it with the DigestValue. If both are equal, your document is ok, if not, maybe two things ocurred. Or the document was modified during the process, or the public key is not correspondent with the private key that encrypts the document.

这篇关于如何确定用于 XML 数字签名的“DigestValue"、“SignatureValue"和“RSAKeyValue"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

11-03 14:00
Powered by LMLPHP ©2024 the 0.004545