Topic
1 reply Latest Post - ‏2012-12-11T10:29:19Z by SystemAdmin
SystemAdmin
SystemAdmin
6772 Posts
ACCEPTED ANSWER

Pinned topic Can't verify the signature with verify-hmac

‏2012-12-11T08:25:19Z |
Hi Guys,

I am signing a part of the soap message with sign-hmac. But after signing, i am trying to verify it with verify-hmac, and i am not able to do it yet. Below you can find the part of my code. Pls tell me what i am doing wrong.


<xsl:variable name=
"signedNode"> <wsu:Timestamp wsu:Id=
"_1"> <wsu:Created>2012-12-11T07:31:48Z</wsu:Created> <wsu:Expires>2012-12-11T07:36:48Z</wsu:Expires> </wsu:Timestamp> </xsl:variable>   <xsl:variable name=
"digest"> <xsl:value-of select=
"dp:exc-c14n-hash('', $signedNode, false(), 'http://www.w3.org/2000/09/xmldsig#sha1')" /> </xsl:variable>     <xsl:variable name=
"signed-info" xmlns=
"http://www.w3.org/2000/09/xmldsig#"> <SignedInfo xmlns=
"http://www.w3.org/2000/09/xmldsig#"> <CanonicalizationMethod Algorithm=
"http://www.w3.org/2001/10/xml-exc-c14n#" /> <SignatureMethod Algorithm=
"http://www.w3.org/2000/09/xmldsig#hmac-sha1" /> <Reference URI=
"#_1"> <Transforms> <Transform Algorithm=
"http://www.w3.org/2001/10/xml-exc-c14n#" /> </Transforms> <DigestMethod Algorithm=
"http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue><xsl:value-of select=
"$digest" /></DigestValue> </Reference> </SignedInfo> </xsl:variable>   <!-- 

finally there it is --> <Signature xmlns=
"http://www.w3.org/2000/09/xmldsig#"> <xsl:copy-of select=
"$signed-info" /> <SignatureValue> <xsl:value-of select=
"dp:sign-hmac('http://www.w3.org/2000/09/xmldsig#hmac-sha1', 0, $signed-info, 'key:ZBE//hRWqu6kViFG6Ovv67Dobm47DFu2tcOGbD/zTYg=', false(), 'http://www.w3.org/2001/10/xml-exc-c14n#','')" /> </SignatureValue> </Signature>   <!--The related part of the request looks like this--> <wsu:Timestamp wsu:Id=
"_1"> <wsu:Created>2012-12-11T07:31:48Z</wsu:Created> <wsu:Expires>2012-12-11T07:36:48Z</wsu:Expires> </wsu:Timestamp> <Signature xmlns=
"http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm=
"http://www.w3.org/2001/10/xml-exc-c14n#" /> <SignatureMethod Algorithm=
"http://www.w3.org/2000/09/xmldsig#hmac-sha1" /> <Reference URI=
"#_1"> <Transforms> <Transform Algorithm=
"http://www.w3.org/2001/10/xml-exc-c14n#" /> </Transforms> <DigestMethod Algorithm=
"http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue>OpKYG32s8XSGIAMmbuh3ZUkr7kI=</DigestValue> </Reference> </SignedInfo> <SignatureValue>TSRYtnq8lIHi1JFE9IMwauV8ILM=</SignatureValue> </Signature>


After i create my signature and handle the soap request, i try to verify it as below.


<xsl:variable name=
"signedInfo" select=
"/*[local-name()='Envelope']/*[local-name()='Header']/*[local-name()='Security']/*[local-name()='Signature']/*[local-name()='SignedInfo']" />   <xsl:variable name=
"signedNode" select=
"/*[local-name()='Envelope']/*[local-name()='Header']/*[local-name()='Security']/*[local-name()='TimeStamp']" />   <xsl:variable name=
"digestValue" select=
"$signedInfo/*[local-name() = 'Reference']/*[local-name() = 'DigestValue']" /> <xsl:variable name=
"result"> <xsl:value-of select=
"dp:verify-hmac-set('http://www.w3.org/2000/09/xmldsig#hmac-sha1', 0, $signedNode, $digestValue, 'key:ZBE//hRWqu6kViFG6Ovv67Dobm47DFu2tcOGbD/zTYg=', false(), 'http://www.w3.org/2001/10/xml-exc-c14n#', '')" /> </xsl:variable>


And the result is Signature didn't verify
Updated on 2012-12-11T10:29:19Z at 2012-12-11T10:29:19Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    6772 Posts
    ACCEPTED ANSWER

    Re: Can't verify the signature with verify-hmac

    ‏2012-12-11T10:29:19Z  in response to SystemAdmin
    I made huge mistake :) I had been trying to set the digest value as an arg into verify function, but it should be the signature value. Now it is working, at least, the post is an information about sign-hmac and verify-hmac.

    Thanks