EDN Admin
Well-known member
Hi,
I try to verify signed xml documents and want to transfer legacy code (which I wrote myself) to a new project. My problem is, that the verification failed even if the input is the same. (It only differs in some conversions from XmlDocument to XmlElement,
... - but thats far before this log lines)
I activated the log (System.Security.Cryptography.Xml.SignedXmlDebugLog) and the inputs are identically:
<pre>5424;3023;2011-04-28 17:01:46.5320;Trace;System.Security.Cryptography.Xml.SignedXml;43;System.Security.Cryptography.Xml.SignedXmlDebugLog.WriteLine;"[SignedXml#015b9d55, BeginSignatureVerification] Kontext wird verwendet: <FirstPairState xmlns=""http://logima.de/osl" <!--class Logima.OSL.ReaderEraserControl.DosimeterPairState--><DosimeterID>0010000533</DosimeterID><ReaderID>09000112</ReaderID><DatasetID>b3be3387-ae77-4330-9f7e-894b650c9f32</DatasetID><Timestamp>2010-02-09T19:01:01.3051349+01:00</Timestamp><!--class Logima.OSL.ReaderEraserControl.DosimeterPairState--><PairID>First</PairID><RequestAuthor>ReaderEraserControl</RequestAuthor><State>StandardErasing</State><Signature xmlns=""http://www.w3.org/2000/09/xmldsig#" <SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#rsa-sha1"" /><Reference URI=""" <Transforms><Transform Algorithm=""http://www.w3.org/2000/09/xmldsig#enveloped-signature"" /></Transforms><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>+90k3r32Yy9ORVKBq3vojem4Em4=</DigestValue></Reference></SignedInfo><SignatureValue>Boff2KUooSjxJnBEm/nkxuAiQKmBO33JnQAHSrGVV1HJfiCmjNyOEPhQ92dSTXId2M+Gko0WZYkFoFfgWTvPLYmOTYJamYjo9JrthJ+3XmLD4NU9HKuXwnuTzc9kLeUK3HqD4TDkFxyr2iu43SyU+C1NXodQT+dTIj7IvuC93EazPaMDZyw=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIF0jCCA7qgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADByMQswCQYDVQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEWMBQGA1UECgwNaWJhIERvc2ltZXRyeTEPMA0GA1UECgwGTG9naW1hMQwwCgYDVQQLDANPU0wxGjAYBgNVBAMMEU9TTCBmb3IgSGVsbWhvbHR6MB4XDTA5MTIxMDA5MDI1M1oXDTEyMTExMjA5MDI1M1owdjELMAkGA1UEBhMCREUxEDAOBgNVBAgMB0JhdmFyaWExFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR4wHAYDVQQDDBVPU0xfUmVhZGVyU05fMDkwMDAxMTIwgaQwDQYJKoZIhvcNAQEBBQADgZIAMIGOAoGGC/4PRK2w8MBl0ZpJJB017hMlToH7X2J1HKH+PsSVEHCoIlsr+8WaPYgTdR/BCFbydx0lcuNXCNZJKyYrD7jeAXpJlYlpUL7FCXSjGwxf1GI2udj2B+Jjy5FDeJwP30PsH+iBAVz2WpAYeb9cMRoN2DwA55yLI6a7T6dhz4SLNscgcAsHLgkCAwEAAaOCAewwggHoMAwGA1UdEwQFMAMBAf8wNgYJYIZIAYb4QgENBCkWJ0FuIE9TTCBDZXJ0aWZpY2F0ZSBnZW5lcmF0ZWQgYnkgT3BlblNTTDAdBgNVHQ4EFgQUVD4f+dID78DOOKFMu6xlLFMxC6YwgcgGA1UdIwSBwDCBvYAU6wVR42ypZbb5xr8sWoWX1qgN5VWhgaGkgZ4wgZsxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMRIwEAYDVQQHDAlOdXJlbWJlcmcxFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR0wGwYDVQQDDBRPU0wgUm9vdCBDZXJ0aWZpY2F0ZTEQMA4GCSqGSIb3DQEJARYBIIIBAzBGBglghkgBhvhCAQQEORY3aHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsL2NhLXJvb3QtY3JsLnBlbTA3BglghkgBhvhCAQIEKhYoaHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsLzAbBglghkgBhvhCAQMEDhYMcmV2b2NhdGlvbi8/MBgGCWCGSAGG+EIBBwQLFglyZW5ld2FsLz8wDQYJKoZIhvcNAQENBQADggIBAGr0ljEtJfCTyLtNTvjo5Izpq69zP0gqegpEQUSnulpmnR3SSKgtIrYeQQ1m6LTsXINqJ/CvjoQnTt1sUNvV4iKc2msthi46PLSg0K4L9dcrRrkz1LsJFsBUybf0JtHUEhFice3C+C09wM7FynGl4xvQGuUBLTX1riClPgFGlZrny6FPYQ37cvLoSzH8uOBCS28+kkyEIrMtTRfs/uFFW4MUfNAhA3aGpn/QfA6kabYEfUh5epdgjfN83E0ItvphCLju6dOD7wl2hjIocOb52/YpBxVzWfkaJBgZMtMl7P+xMnscPs6VCCndc/SkVgnlIJ6DXXf4zXq4QLaVlQOtESEVyTUUYTShMs/a+0sRdPvhafEgMNaySSbufVWtlDxbcGFJqLBliEvzY5cZ8fpM4r/W6IWbpYdQQatNNE4Gv7ZRG8ACqV91pSyfVU2gUsx+9RPFQ0CN90pgjKDpbnjgJ1ZleyFSDzJFnaQAK7Tu1rYueH58wWG2tZ5OLNVA3LkREIkmUnAzNyhJM7EOEHczP86gaPEdXPiK9gseS+SDEn3f0S/4xLRMzihzkg35psj6+pNPG4YxoHXxPPBeUnzl5WFjQ10yTFMxdldUKWLZ2VQVnfep/bOIWvAJuzAwRWsCi6oPR0xIosJSlzCBFe08aRfyMlaM57EL6AH8ChS+3GOw</X509Certificate></X509Data></KeyInfo></Signature></FirstPairState>";Agent: adapter run thread for test VerifyTest11 with id 84f92b3c-dc48-4509-86b0-efd3d3e2d94e;;;;
[/code]
<pre>5424;603 ;2011-04-28 16:59:22.3717;Trace;System.Security.Cryptography.Xml.SignedXml;43;System.Security.Cryptography.Xml.SignedXmlDebugLog.WriteLine;"[SignedXml#00ad6b8a, BeginSignatureVerification] Kontext wird verwendet: <FirstPairState xmlns=""http://logima.de/osl" <!--class Logima.OSL.ReaderEraserControl.DosimeterPairState--><DosimeterID>0010000533</DosimeterID><ReaderID>09000112</ReaderID><DatasetID>b3be3387-ae77-4330-9f7e-894b650c9f32</DatasetID><Timestamp>2010-02-09T19:01:01.3051349+01:00</Timestamp><!--class Logima.OSL.ReaderEraserControl.DosimeterPairState--><PairID>First</PairID><RequestAuthor>ReaderEraserControl</RequestAuthor><State>StandardErasing</State><Signature xmlns=""http://www.w3.org/2000/09/xmldsig#" <SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#rsa-sha1"" /><Reference URI=""" <Transforms><Transform Algorithm=""http://www.w3.org/2000/09/xmldsig#enveloped-signature"" /></Transforms><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>+90k3r32Yy9ORVKBq3vojem4Em4=</DigestValue></Reference></SignedInfo><SignatureValue>Boff2KUooSjxJnBEm/nkxuAiQKmBO33JnQAHSrGVV1HJfiCmjNyOEPhQ92dSTXId2M+Gko0WZYkFoFfgWTvPLYmOTYJamYjo9JrthJ+3XmLD4NU9HKuXwnuTzc9kLeUK3HqD4TDkFxyr2iu43SyU+C1NXodQT+dTIj7IvuC93EazPaMDZyw=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIF0jCCA7qgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADByMQswCQYDVQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEWMBQGA1UECgwNaWJhIERvc2ltZXRyeTEPMA0GA1UECgwGTG9naW1hMQwwCgYDVQQLDANPU0wxGjAYBgNVBAMMEU9TTCBmb3IgSGVsbWhvbHR6MB4XDTA5MTIxMDA5MDI1M1oXDTEyMTExMjA5MDI1M1owdjELMAkGA1UEBhMCREUxEDAOBgNVBAgMB0JhdmFyaWExFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR4wHAYDVQQDDBVPU0xfUmVhZGVyU05fMDkwMDAxMTIwgaQwDQYJKoZIhvcNAQEBBQADgZIAMIGOAoGGC/4PRK2w8MBl0ZpJJB017hMlToH7X2J1HKH+PsSVEHCoIlsr+8WaPYgTdR/BCFbydx0lcuNXCNZJKyYrD7jeAXpJlYlpUL7FCXSjGwxf1GI2udj2B+Jjy5FDeJwP30PsH+iBAVz2WpAYeb9cMRoN2DwA55yLI6a7T6dhz4SLNscgcAsHLgkCAwEAAaOCAewwggHoMAwGA1UdEwQFMAMBAf8wNgYJYIZIAYb4QgENBCkWJ0FuIE9TTCBDZXJ0aWZpY2F0ZSBnZW5lcmF0ZWQgYnkgT3BlblNTTDAdBgNVHQ4EFgQUVD4f+dID78DOOKFMu6xlLFMxC6YwgcgGA1UdIwSBwDCBvYAU6wVR42ypZbb5xr8sWoWX1qgN5VWhgaGkgZ4wgZsxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMRIwEAYDVQQHDAlOdXJlbWJlcmcxFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR0wGwYDVQQDDBRPU0wgUm9vdCBDZXJ0aWZpY2F0ZTEQMA4GCSqGSIb3DQEJARYBIIIBAzBGBglghkgBhvhCAQQEORY3aHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsL2NhLXJvb3QtY3JsLnBlbTA3BglghkgBhvhCAQIEKhYoaHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsLzAbBglghkgBhvhCAQMEDhYMcmV2b2NhdGlvbi8/MBgGCWCGSAGG+EIBBwQLFglyZW5ld2FsLz8wDQYJKoZIhvcNAQENBQADggIBAGr0ljEtJfCTyLtNTvjo5Izpq69zP0gqegpEQUSnulpmnR3SSKgtIrYeQQ1m6LTsXINqJ/CvjoQnTt1sUNvV4iKc2msthi46PLSg0K4L9dcrRrkz1LsJFsBUybf0JtHUEhFice3C+C09wM7FynGl4xvQGuUBLTX1riClPgFGlZrny6FPYQ37cvLoSzH8uOBCS28+kkyEIrMtTRfs/uFFW4MUfNAhA3aGpn/QfA6kabYEfUh5epdgjfN83E0ItvphCLju6dOD7wl2hjIocOb52/YpBxVzWfkaJBgZMtMl7P+xMnscPs6VCCndc/SkVgnlIJ6DXXf4zXq4QLaVlQOtESEVyTUUYTShMs/a+0sRdPvhafEgMNaySSbufVWtlDxbcGFJqLBliEvzY5cZ8fpM4r/W6IWbpYdQQatNNE4Gv7ZRG8ACqV91pSyfVU2gUsx+9RPFQ0CN90pgjKDpbnjgJ1ZleyFSDzJFnaQAK7Tu1rYueH58wWG2tZ5OLNVA3LkREIkmUnAzNyhJM7EOEHczP86gaPEdXPiK9gseS+SDEn3f0S/4xLRMzihzkg35psj6+pNPG4YxoHXxPPBeUnzl5WFjQ10yTFMxdldUKWLZ2VQVnfep/bOIWvAJuzAwRWsCi6oPR0xIosJSlzCBFe08aRfyMlaM57EL6AH8ChS+3GOw</X509Certificate></X509Data></KeyInfo></Signature></FirstPairState>";Agent: adapter run thread for test VerifyTest11 with id 84f92b3c-dc48-4509-86b0-efd3d3e2d94e;;;;[/code]
But the canonized form is different (the <signature/> element is still there in the first line):
<pre>5424;3037;2011-04-28 17:01:47.4070;Trace;System.Security.Cryptography.Xml.SignedXml;43;System.Security.Cryptography.Xml.SignedXmlDebugLog.WriteLine;"[Reference#00b1772d, ReferenceData] Umgewandelte Verweisinhalte: <FirstPairState xmlns=""http://logima.de/osl" <DosimeterID>0010000533</DosimeterID><ReaderID>09000112</ReaderID><DatasetID>b3be3387-ae77-4330-9f7e-894b650c9f32</DatasetID><Timestamp>2010-02-09T19:01:01.3051349+01:00</Timestamp><PairID>First</PairID><RequestAuthor>ReaderEraserControl</RequestAuthor><State>StandardErasing</State><Signature xmlns=""http://www.w3.org/2000/09/xmldsig#" <SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315" </CanonicalizationMethod><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#rsa-sha1" </SignatureMethod><Reference URI=""" <Transforms><Transform Algorithm=""http://www.w3.org/2000/09/xmldsig#enveloped-signature" </Transform></Transforms><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1" </DigestMethod><DigestValue>+90k3r32Yy9ORVKBq3vojem4Em4=</DigestValue></Reference></SignedInfo><SignatureValue>Boff2KUooSjxJnBEm/nkxuAiQKmBO33JnQAHSrGVV1HJfiCmjNyOEPhQ92dSTXId2M+Gko0WZYkFoFfgWTvPLYmOTYJamYjo9JrthJ+3XmLD4NU9HKuXwnuTzc9kLeUK3HqD4TDkFxyr2iu43SyU+C1NXodQT+dTIj7IvuC93EazPaMDZyw=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIF0jCCA7qgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADByMQswCQYDVQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEWMBQGA1UECgwNaWJhIERvc2ltZXRyeTEPMA0GA1UECgwGTG9naW1hMQwwCgYDVQQLDANPU0wxGjAYBgNVBAMMEU9TTCBmb3IgSGVsbWhvbHR6MB4XDTA5MTIxMDA5MDI1M1oXDTEyMTExMjA5MDI1M1owdjELMAkGA1UEBhMCREUxEDAOBgNVBAgMB0JhdmFyaWExFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR4wHAYDVQQDDBVPU0xfUmVhZGVyU05fMDkwMDAxMTIwgaQwDQYJKoZIhvcNAQEBBQADgZIAMIGOAoGGC/4PRK2w8MBl0ZpJJB017hMlToH7X2J1HKH+PsSVEHCoIlsr+8WaPYgTdR/BCFbydx0lcuNXCNZJKyYrD7jeAXpJlYlpUL7FCXSjGwxf1GI2udj2B+Jjy5FDeJwP30PsH+iBAVz2WpAYeb9cMRoN2DwA55yLI6a7T6dhz4SLNscgcAsHLgkCAwEAAaOCAewwggHoMAwGA1UdEwQFMAMBAf8wNgYJYIZIAYb4QgENBCkWJ0FuIE9TTCBDZXJ0aWZpY2F0ZSBnZW5lcmF0ZWQgYnkgT3BlblNTTDAdBgNVHQ4EFgQUVD4f+dID78DOOKFMu6xlLFMxC6YwgcgGA1UdIwSBwDCBvYAU6wVR42ypZbb5xr8sWoWX1qgN5VWhgaGkgZ4wgZsxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMRIwEAYDVQQHDAlOdXJlbWJlcmcxFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR0wGwYDVQQDDBRPU0wgUm9vdCBDZXJ0aWZpY2F0ZTEQMA4GCSqGSIb3DQEJARYBIIIBAzBGBglghkgBhvhCAQQEORY3aHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsL2NhLXJvb3QtY3JsLnBlbTA3BglghkgBhvhCAQIEKhYoaHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsLzAbBglghkgBhvhCAQMEDhYMcmV2b2NhdGlvbi8/MBgGCWCGSAGG+EIBBwQLFglyZW5ld2FsLz8wDQYJKoZIhvcNAQENBQADggIBAGr0ljEtJfCTyLtNTvjo5Izpq69zP0gqegpEQUSnulpmnR3SSKgtIrYeQQ1m6LTsXINqJ/CvjoQnTt1sUNvV4iKc2msthi46PLSg0K4L9dcrRrkz1LsJFsBUybf0JtHUEhFice3C+C09wM7FynGl4xvQGuUBLTX1riClPgFGlZrny6FPYQ37cvLoSzH8uOBCS28+kkyEIrMtTRfs/uFFW4MUfNAhA3aGpn/QfA6kabYEfUh5epdgjfN83E0ItvphCLju6dOD7wl2hjIocOb52/YpBxVzWfkaJBgZMtMl7P+xMnscPs6VCCndc/SkVgnlIJ6DXXf4zXq4QLaVlQOtESEVyTUUYTShMs/a+0sRdPvhafEgMNaySSbufVWtlDxbcGFJqLBliEvzY5cZ8fpM4r/W6IWbpYdQQatNNE4Gv7ZRG8ACqV91pSyfVU2gUsx+9RPFQ0CN90pgjKDpbnjgJ1ZleyFSDzJFnaQAK7Tu1rYueH58wWG2tZ5OLNVA3LkREIkmUnAzNyhJM7EOEHczP86gaPEdXPiK9gseS+SDEn3f0S/4xLRMzihzkg35psj6+pNPG4YxoHXxPPBeUnzl5WFjQ10yTFMxdldUKWLZ2VQVnfep/bOIWvAJuzAwRWsCi6oPR0xIosJSlzCBFe08aRfyMlaM57EL6AH8ChS+3GOw</X509Certificate></X509Data></KeyInfo></Signature></FirstPairState>";Agent: adapter run thread for test VerifyTest11 with id 84f92b3c-dc48-4509-86b0-efd3d3e2d94e;;;;[/code]
<pre>5424;617 ;2011-04-28 16:59:23.2448;Trace;System.Security.Cryptography.Xml.SignedXml;43;System.Security.Cryptography.Xml.SignedXmlDebugLog.WriteLine;"[Reference#02f58909, ReferenceData] Umgewandelte Verweisinhalte: <FirstPairState xmlns=""http://logima.de/osl" <DosimeterID>0010000533</DosimeterID><ReaderID>09000112</ReaderID><DatasetID>b3be3387-ae77-4330-9f7e-894b650c9f32</DatasetID><Timestamp>2010-02-09T19:01:01.3051349+01:00</Timestamp><PairID>First</PairID><RequestAuthor>ReaderEraserControl</RequestAuthor><State>StandardErasing</State></FirstPairState>";Agent: adapter run thread for test VerifyTest11 with id 84f92b3c-dc48-4509-86b0-efd3d3e2d94e;;;;[/code]
And so verification failed for the second try (corresponding to the first lines above)...:
<pre>5424;3038;2011-04-28 17:01:47.4670;Trace;System.Security.Cryptography.Xml.SignedXml;43;System.Security.Cryptography.Xml.SignedXmlDebugLog.WriteLine;"[SignedXml#015b9d55, VerifyReference] Verweis Reference#00b1772d mit Hash ""http://www.w3.org/2000/09/xmldsig#sha1"" (SHA1CryptoServiceProvider) weist den Hashwert ""78b95d1f459e9af1ceabd62d87ae5ed6b3fd071e"" auf, erwartet wurde Hashwert ""fbdd24debdf6632f4e455281ab7be88de9b8126e"".";Agent: adapter run thread for test VerifyTest11 with id 84f92b3c-dc48-4509-86b0-efd3d3e2d94e;;;;[/code]
Does anybody have any idea why?
Thanks!
Stefan
<br/>
View the full article
I try to verify signed xml documents and want to transfer legacy code (which I wrote myself) to a new project. My problem is, that the verification failed even if the input is the same. (It only differs in some conversions from XmlDocument to XmlElement,
... - but thats far before this log lines)
I activated the log (System.Security.Cryptography.Xml.SignedXmlDebugLog) and the inputs are identically:
<pre>5424;3023;2011-04-28 17:01:46.5320;Trace;System.Security.Cryptography.Xml.SignedXml;43;System.Security.Cryptography.Xml.SignedXmlDebugLog.WriteLine;"[SignedXml#015b9d55, BeginSignatureVerification] Kontext wird verwendet: <FirstPairState xmlns=""http://logima.de/osl" <!--class Logima.OSL.ReaderEraserControl.DosimeterPairState--><DosimeterID>0010000533</DosimeterID><ReaderID>09000112</ReaderID><DatasetID>b3be3387-ae77-4330-9f7e-894b650c9f32</DatasetID><Timestamp>2010-02-09T19:01:01.3051349+01:00</Timestamp><!--class Logima.OSL.ReaderEraserControl.DosimeterPairState--><PairID>First</PairID><RequestAuthor>ReaderEraserControl</RequestAuthor><State>StandardErasing</State><Signature xmlns=""http://www.w3.org/2000/09/xmldsig#" <SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#rsa-sha1"" /><Reference URI=""" <Transforms><Transform Algorithm=""http://www.w3.org/2000/09/xmldsig#enveloped-signature"" /></Transforms><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>+90k3r32Yy9ORVKBq3vojem4Em4=</DigestValue></Reference></SignedInfo><SignatureValue>Boff2KUooSjxJnBEm/nkxuAiQKmBO33JnQAHSrGVV1HJfiCmjNyOEPhQ92dSTXId2M+Gko0WZYkFoFfgWTvPLYmOTYJamYjo9JrthJ+3XmLD4NU9HKuXwnuTzc9kLeUK3HqD4TDkFxyr2iu43SyU+C1NXodQT+dTIj7IvuC93EazPaMDZyw=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIF0jCCA7qgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADByMQswCQYDVQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEWMBQGA1UECgwNaWJhIERvc2ltZXRyeTEPMA0GA1UECgwGTG9naW1hMQwwCgYDVQQLDANPU0wxGjAYBgNVBAMMEU9TTCBmb3IgSGVsbWhvbHR6MB4XDTA5MTIxMDA5MDI1M1oXDTEyMTExMjA5MDI1M1owdjELMAkGA1UEBhMCREUxEDAOBgNVBAgMB0JhdmFyaWExFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR4wHAYDVQQDDBVPU0xfUmVhZGVyU05fMDkwMDAxMTIwgaQwDQYJKoZIhvcNAQEBBQADgZIAMIGOAoGGC/4PRK2w8MBl0ZpJJB017hMlToH7X2J1HKH+PsSVEHCoIlsr+8WaPYgTdR/BCFbydx0lcuNXCNZJKyYrD7jeAXpJlYlpUL7FCXSjGwxf1GI2udj2B+Jjy5FDeJwP30PsH+iBAVz2WpAYeb9cMRoN2DwA55yLI6a7T6dhz4SLNscgcAsHLgkCAwEAAaOCAewwggHoMAwGA1UdEwQFMAMBAf8wNgYJYIZIAYb4QgENBCkWJ0FuIE9TTCBDZXJ0aWZpY2F0ZSBnZW5lcmF0ZWQgYnkgT3BlblNTTDAdBgNVHQ4EFgQUVD4f+dID78DOOKFMu6xlLFMxC6YwgcgGA1UdIwSBwDCBvYAU6wVR42ypZbb5xr8sWoWX1qgN5VWhgaGkgZ4wgZsxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMRIwEAYDVQQHDAlOdXJlbWJlcmcxFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR0wGwYDVQQDDBRPU0wgUm9vdCBDZXJ0aWZpY2F0ZTEQMA4GCSqGSIb3DQEJARYBIIIBAzBGBglghkgBhvhCAQQEORY3aHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsL2NhLXJvb3QtY3JsLnBlbTA3BglghkgBhvhCAQIEKhYoaHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsLzAbBglghkgBhvhCAQMEDhYMcmV2b2NhdGlvbi8/MBgGCWCGSAGG+EIBBwQLFglyZW5ld2FsLz8wDQYJKoZIhvcNAQENBQADggIBAGr0ljEtJfCTyLtNTvjo5Izpq69zP0gqegpEQUSnulpmnR3SSKgtIrYeQQ1m6LTsXINqJ/CvjoQnTt1sUNvV4iKc2msthi46PLSg0K4L9dcrRrkz1LsJFsBUybf0JtHUEhFice3C+C09wM7FynGl4xvQGuUBLTX1riClPgFGlZrny6FPYQ37cvLoSzH8uOBCS28+kkyEIrMtTRfs/uFFW4MUfNAhA3aGpn/QfA6kabYEfUh5epdgjfN83E0ItvphCLju6dOD7wl2hjIocOb52/YpBxVzWfkaJBgZMtMl7P+xMnscPs6VCCndc/SkVgnlIJ6DXXf4zXq4QLaVlQOtESEVyTUUYTShMs/a+0sRdPvhafEgMNaySSbufVWtlDxbcGFJqLBliEvzY5cZ8fpM4r/W6IWbpYdQQatNNE4Gv7ZRG8ACqV91pSyfVU2gUsx+9RPFQ0CN90pgjKDpbnjgJ1ZleyFSDzJFnaQAK7Tu1rYueH58wWG2tZ5OLNVA3LkREIkmUnAzNyhJM7EOEHczP86gaPEdXPiK9gseS+SDEn3f0S/4xLRMzihzkg35psj6+pNPG4YxoHXxPPBeUnzl5WFjQ10yTFMxdldUKWLZ2VQVnfep/bOIWvAJuzAwRWsCi6oPR0xIosJSlzCBFe08aRfyMlaM57EL6AH8ChS+3GOw</X509Certificate></X509Data></KeyInfo></Signature></FirstPairState>";Agent: adapter run thread for test VerifyTest11 with id 84f92b3c-dc48-4509-86b0-efd3d3e2d94e;;;;
[/code]
<pre>5424;603 ;2011-04-28 16:59:22.3717;Trace;System.Security.Cryptography.Xml.SignedXml;43;System.Security.Cryptography.Xml.SignedXmlDebugLog.WriteLine;"[SignedXml#00ad6b8a, BeginSignatureVerification] Kontext wird verwendet: <FirstPairState xmlns=""http://logima.de/osl" <!--class Logima.OSL.ReaderEraserControl.DosimeterPairState--><DosimeterID>0010000533</DosimeterID><ReaderID>09000112</ReaderID><DatasetID>b3be3387-ae77-4330-9f7e-894b650c9f32</DatasetID><Timestamp>2010-02-09T19:01:01.3051349+01:00</Timestamp><!--class Logima.OSL.ReaderEraserControl.DosimeterPairState--><PairID>First</PairID><RequestAuthor>ReaderEraserControl</RequestAuthor><State>StandardErasing</State><Signature xmlns=""http://www.w3.org/2000/09/xmldsig#" <SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315"" /><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#rsa-sha1"" /><Reference URI=""" <Transforms><Transform Algorithm=""http://www.w3.org/2000/09/xmldsig#enveloped-signature"" /></Transforms><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1"" /><DigestValue>+90k3r32Yy9ORVKBq3vojem4Em4=</DigestValue></Reference></SignedInfo><SignatureValue>Boff2KUooSjxJnBEm/nkxuAiQKmBO33JnQAHSrGVV1HJfiCmjNyOEPhQ92dSTXId2M+Gko0WZYkFoFfgWTvPLYmOTYJamYjo9JrthJ+3XmLD4NU9HKuXwnuTzc9kLeUK3HqD4TDkFxyr2iu43SyU+C1NXodQT+dTIj7IvuC93EazPaMDZyw=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIF0jCCA7qgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADByMQswCQYDVQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEWMBQGA1UECgwNaWJhIERvc2ltZXRyeTEPMA0GA1UECgwGTG9naW1hMQwwCgYDVQQLDANPU0wxGjAYBgNVBAMMEU9TTCBmb3IgSGVsbWhvbHR6MB4XDTA5MTIxMDA5MDI1M1oXDTEyMTExMjA5MDI1M1owdjELMAkGA1UEBhMCREUxEDAOBgNVBAgMB0JhdmFyaWExFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR4wHAYDVQQDDBVPU0xfUmVhZGVyU05fMDkwMDAxMTIwgaQwDQYJKoZIhvcNAQEBBQADgZIAMIGOAoGGC/4PRK2w8MBl0ZpJJB017hMlToH7X2J1HKH+PsSVEHCoIlsr+8WaPYgTdR/BCFbydx0lcuNXCNZJKyYrD7jeAXpJlYlpUL7FCXSjGwxf1GI2udj2B+Jjy5FDeJwP30PsH+iBAVz2WpAYeb9cMRoN2DwA55yLI6a7T6dhz4SLNscgcAsHLgkCAwEAAaOCAewwggHoMAwGA1UdEwQFMAMBAf8wNgYJYIZIAYb4QgENBCkWJ0FuIE9TTCBDZXJ0aWZpY2F0ZSBnZW5lcmF0ZWQgYnkgT3BlblNTTDAdBgNVHQ4EFgQUVD4f+dID78DOOKFMu6xlLFMxC6YwgcgGA1UdIwSBwDCBvYAU6wVR42ypZbb5xr8sWoWX1qgN5VWhgaGkgZ4wgZsxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMRIwEAYDVQQHDAlOdXJlbWJlcmcxFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR0wGwYDVQQDDBRPU0wgUm9vdCBDZXJ0aWZpY2F0ZTEQMA4GCSqGSIb3DQEJARYBIIIBAzBGBglghkgBhvhCAQQEORY3aHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsL2NhLXJvb3QtY3JsLnBlbTA3BglghkgBhvhCAQIEKhYoaHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsLzAbBglghkgBhvhCAQMEDhYMcmV2b2NhdGlvbi8/MBgGCWCGSAGG+EIBBwQLFglyZW5ld2FsLz8wDQYJKoZIhvcNAQENBQADggIBAGr0ljEtJfCTyLtNTvjo5Izpq69zP0gqegpEQUSnulpmnR3SSKgtIrYeQQ1m6LTsXINqJ/CvjoQnTt1sUNvV4iKc2msthi46PLSg0K4L9dcrRrkz1LsJFsBUybf0JtHUEhFice3C+C09wM7FynGl4xvQGuUBLTX1riClPgFGlZrny6FPYQ37cvLoSzH8uOBCS28+kkyEIrMtTRfs/uFFW4MUfNAhA3aGpn/QfA6kabYEfUh5epdgjfN83E0ItvphCLju6dOD7wl2hjIocOb52/YpBxVzWfkaJBgZMtMl7P+xMnscPs6VCCndc/SkVgnlIJ6DXXf4zXq4QLaVlQOtESEVyTUUYTShMs/a+0sRdPvhafEgMNaySSbufVWtlDxbcGFJqLBliEvzY5cZ8fpM4r/W6IWbpYdQQatNNE4Gv7ZRG8ACqV91pSyfVU2gUsx+9RPFQ0CN90pgjKDpbnjgJ1ZleyFSDzJFnaQAK7Tu1rYueH58wWG2tZ5OLNVA3LkREIkmUnAzNyhJM7EOEHczP86gaPEdXPiK9gseS+SDEn3f0S/4xLRMzihzkg35psj6+pNPG4YxoHXxPPBeUnzl5WFjQ10yTFMxdldUKWLZ2VQVnfep/bOIWvAJuzAwRWsCi6oPR0xIosJSlzCBFe08aRfyMlaM57EL6AH8ChS+3GOw</X509Certificate></X509Data></KeyInfo></Signature></FirstPairState>";Agent: adapter run thread for test VerifyTest11 with id 84f92b3c-dc48-4509-86b0-efd3d3e2d94e;;;;[/code]
But the canonized form is different (the <signature/> element is still there in the first line):
<pre>5424;3037;2011-04-28 17:01:47.4070;Trace;System.Security.Cryptography.Xml.SignedXml;43;System.Security.Cryptography.Xml.SignedXmlDebugLog.WriteLine;"[Reference#00b1772d, ReferenceData] Umgewandelte Verweisinhalte: <FirstPairState xmlns=""http://logima.de/osl" <DosimeterID>0010000533</DosimeterID><ReaderID>09000112</ReaderID><DatasetID>b3be3387-ae77-4330-9f7e-894b650c9f32</DatasetID><Timestamp>2010-02-09T19:01:01.3051349+01:00</Timestamp><PairID>First</PairID><RequestAuthor>ReaderEraserControl</RequestAuthor><State>StandardErasing</State><Signature xmlns=""http://www.w3.org/2000/09/xmldsig#" <SignedInfo><CanonicalizationMethod Algorithm=""http://www.w3.org/TR/2001/REC-xml-c14n-20010315" </CanonicalizationMethod><SignatureMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#rsa-sha1" </SignatureMethod><Reference URI=""" <Transforms><Transform Algorithm=""http://www.w3.org/2000/09/xmldsig#enveloped-signature" </Transform></Transforms><DigestMethod Algorithm=""http://www.w3.org/2000/09/xmldsig#sha1" </DigestMethod><DigestValue>+90k3r32Yy9ORVKBq3vojem4Em4=</DigestValue></Reference></SignedInfo><SignatureValue>Boff2KUooSjxJnBEm/nkxuAiQKmBO33JnQAHSrGVV1HJfiCmjNyOEPhQ92dSTXId2M+Gko0WZYkFoFfgWTvPLYmOTYJamYjo9JrthJ+3XmLD4NU9HKuXwnuTzc9kLeUK3HqD4TDkFxyr2iu43SyU+C1NXodQT+dTIj7IvuC93EazPaMDZyw=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIF0jCCA7qgAwIBAgIBAzANBgkqhkiG9w0BAQ0FADByMQswCQYDVQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTEWMBQGA1UECgwNaWJhIERvc2ltZXRyeTEPMA0GA1UECgwGTG9naW1hMQwwCgYDVQQLDANPU0wxGjAYBgNVBAMMEU9TTCBmb3IgSGVsbWhvbHR6MB4XDTA5MTIxMDA5MDI1M1oXDTEyMTExMjA5MDI1M1owdjELMAkGA1UEBhMCREUxEDAOBgNVBAgMB0JhdmFyaWExFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR4wHAYDVQQDDBVPU0xfUmVhZGVyU05fMDkwMDAxMTIwgaQwDQYJKoZIhvcNAQEBBQADgZIAMIGOAoGGC/4PRK2w8MBl0ZpJJB017hMlToH7X2J1HKH+PsSVEHCoIlsr+8WaPYgTdR/BCFbydx0lcuNXCNZJKyYrD7jeAXpJlYlpUL7FCXSjGwxf1GI2udj2B+Jjy5FDeJwP30PsH+iBAVz2WpAYeb9cMRoN2DwA55yLI6a7T6dhz4SLNscgcAsHLgkCAwEAAaOCAewwggHoMAwGA1UdEwQFMAMBAf8wNgYJYIZIAYb4QgENBCkWJ0FuIE9TTCBDZXJ0aWZpY2F0ZSBnZW5lcmF0ZWQgYnkgT3BlblNTTDAdBgNVHQ4EFgQUVD4f+dID78DOOKFMu6xlLFMxC6YwgcgGA1UdIwSBwDCBvYAU6wVR42ypZbb5xr8sWoWX1qgN5VWhgaGkgZ4wgZsxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMRIwEAYDVQQHDAlOdXJlbWJlcmcxFjAUBgNVBAoMDWliYSBEb3NpbWV0cnkxDzANBgNVBAoMBkxvZ2ltYTEMMAoGA1UECwwDT1NMMR0wGwYDVQQDDBRPU0wgUm9vdCBDZXJ0aWZpY2F0ZTEQMA4GCSqGSIb3DQEJARYBIIIBAzBGBglghkgBhvhCAQQEORY3aHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsL2NhLXJvb3QtY3JsLnBlbTA3BglghkgBhvhCAQIEKhYoaHR0cHM6Ly9zZWN1cmVkb3MuaWJhLWdyb3VwLmNvbS9wa2kvb3NsLzAbBglghkgBhvhCAQMEDhYMcmV2b2NhdGlvbi8/MBgGCWCGSAGG+EIBBwQLFglyZW5ld2FsLz8wDQYJKoZIhvcNAQENBQADggIBAGr0ljEtJfCTyLtNTvjo5Izpq69zP0gqegpEQUSnulpmnR3SSKgtIrYeQQ1m6LTsXINqJ/CvjoQnTt1sUNvV4iKc2msthi46PLSg0K4L9dcrRrkz1LsJFsBUybf0JtHUEhFice3C+C09wM7FynGl4xvQGuUBLTX1riClPgFGlZrny6FPYQ37cvLoSzH8uOBCS28+kkyEIrMtTRfs/uFFW4MUfNAhA3aGpn/QfA6kabYEfUh5epdgjfN83E0ItvphCLju6dOD7wl2hjIocOb52/YpBxVzWfkaJBgZMtMl7P+xMnscPs6VCCndc/SkVgnlIJ6DXXf4zXq4QLaVlQOtESEVyTUUYTShMs/a+0sRdPvhafEgMNaySSbufVWtlDxbcGFJqLBliEvzY5cZ8fpM4r/W6IWbpYdQQatNNE4Gv7ZRG8ACqV91pSyfVU2gUsx+9RPFQ0CN90pgjKDpbnjgJ1ZleyFSDzJFnaQAK7Tu1rYueH58wWG2tZ5OLNVA3LkREIkmUnAzNyhJM7EOEHczP86gaPEdXPiK9gseS+SDEn3f0S/4xLRMzihzkg35psj6+pNPG4YxoHXxPPBeUnzl5WFjQ10yTFMxdldUKWLZ2VQVnfep/bOIWvAJuzAwRWsCi6oPR0xIosJSlzCBFe08aRfyMlaM57EL6AH8ChS+3GOw</X509Certificate></X509Data></KeyInfo></Signature></FirstPairState>";Agent: adapter run thread for test VerifyTest11 with id 84f92b3c-dc48-4509-86b0-efd3d3e2d94e;;;;[/code]
<pre>5424;617 ;2011-04-28 16:59:23.2448;Trace;System.Security.Cryptography.Xml.SignedXml;43;System.Security.Cryptography.Xml.SignedXmlDebugLog.WriteLine;"[Reference#02f58909, ReferenceData] Umgewandelte Verweisinhalte: <FirstPairState xmlns=""http://logima.de/osl" <DosimeterID>0010000533</DosimeterID><ReaderID>09000112</ReaderID><DatasetID>b3be3387-ae77-4330-9f7e-894b650c9f32</DatasetID><Timestamp>2010-02-09T19:01:01.3051349+01:00</Timestamp><PairID>First</PairID><RequestAuthor>ReaderEraserControl</RequestAuthor><State>StandardErasing</State></FirstPairState>";Agent: adapter run thread for test VerifyTest11 with id 84f92b3c-dc48-4509-86b0-efd3d3e2d94e;;;;[/code]
And so verification failed for the second try (corresponding to the first lines above)...:
<pre>5424;3038;2011-04-28 17:01:47.4670;Trace;System.Security.Cryptography.Xml.SignedXml;43;System.Security.Cryptography.Xml.SignedXmlDebugLog.WriteLine;"[SignedXml#015b9d55, VerifyReference] Verweis Reference#00b1772d mit Hash ""http://www.w3.org/2000/09/xmldsig#sha1"" (SHA1CryptoServiceProvider) weist den Hashwert ""78b95d1f459e9af1ceabd62d87ae5ed6b3fd071e"" auf, erwartet wurde Hashwert ""fbdd24debdf6632f4e455281ab7be88de9b8126e"".";Agent: adapter run thread for test VerifyTest11 with id 84f92b3c-dc48-4509-86b0-efd3d3e2d94e;;;;[/code]
Does anybody have any idea why?
Thanks!
Stefan
<br/>
View the full article