1

我们使用 Xades4j 来验证 xml 文件中的签名。此验证现在失败,因为签名包含 ecdsa:ECDSAKeyValue 元素

<ecdsa:ECDSAKeyValue xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#">
    <ecdsa:DomainParameters>
        <ecdsa:NamedCurve URN="urn:oid:1.3.36.3.3.2.8.1.1.7"/>
    </ecdsa:DomainParameters>
    <ecdsa:PublicKey>
        <ecdsa:X Value="18572964000475574191289519861917721795234288018618791443347147259050558052781" 
             xsi:type="ecdsa:PrimeFieldElemType"/>
        <ecdsa:Y Value="10002359033650864842631205094956892126968680447250207340443273037956040859507" 
             xsi:type="ecdsa:PrimeFieldElemType"/>
    </ecdsa:PublicKey>
</ecdsa:ECDSAKeyValue>

Xades4j 在签名中支持这种类型的 KeyValue 吗?

4

1 回答 1

0

Short answer is no.

xades4j relies on Apache Santuario for most of the XML-DSIG base processing. It seems that only the JSR 105 bits support EC keys. xades4j uses the org.apache.xml.security APIs mentioned on a comment on the issue, which still don't support EC keys.

As a side note, I'm not sure about the namespaces on your example. XML-DSIG 1.1 seems to define different names/namespaces. I think the URI on you example is actually the signature algorithm identifier.

于 2015-02-27T23:41:50.667 回答