1

I am trying to sign XML file with PHP and xmlseclibs. However all validation tools say that my signature is invalid. XMLSpy says: "The calculated digest value doesn't match the digest of reference"

This is my XML:

<root><value>x</value></root>

This is the digest I get:

KaMTM32K5rXl9U6MgG2BXuzNxoQ=

Methods I used to get it:

1.) PHP:

$doc = new DOMDocument();
$doc->loadXML('<root><value>x</value></root>');
echo base64_encode(sha1($doc->documentElement->C14N(), true));

2.) OpenSSL:

openssl dgst -binary -sha1 test.xml | openssl enc -base64

3.) This website: http://hash.online-convert.com/sha1-generator

This is the digest that XMLSpy somehow gets and that works:

HedaN7TMgHgq2bRypzavMuFLoCg=

How do I get this digest?

4

1 回答 1

1

XMLSpy 在对 XML 进行签名之前对其进行格式化。它添加了换行符和制表符,C14N 不会删除这些。当您删除时,<Signature>您会留下这个用于计算摘要的 XML:

<root>
    <value>x</value>

</root>

XMLSpy 所做的另一件事是将属性 URI="" 添加到<Reference>. PHP 库 xmlseclibs 默认情况下不这样做。所以我把我的代码改成这样:

$objDSig->addReference($doc, XMLSecurityDSig::SHA1, array('http://www.w3.org/2000/09/xmldsig#enveloped-signature'), array('force_uri' => TRUE));
于 2014-09-04T15:05:09.117 回答