I'm trying to sign a Microsoft Office Word file using C# in direct XML format.
There are some questions and ambiguousness arises here like:
- How should I fill in the digest values, what value should I exactly digest for each reference, and what value should I digest for each transform?
- What value should I sign to create the
SignatureValue? - And what certificate should I include in x509 data and how? (We don't exactly have a certificate so a guide for creating one is appreciated.)
The last question is am I doing this correctly? Maybe there is something wrong here and I have missed a package that would otherwise itself interact with the openxml document and sign it.
But remember though that I am actually trying to sign a data with an external token which has a pkcs11 interface available(but no CSP) so I have used the PKCS11 Interop library to migrate it to c#, but I'm still a little confused here.
- Is there a package that I can use to sign word documents?
- Or is there a package that eases openXML interation?
- Or do I have to do it manually?
Just for heads up any library that does the openXML interaction should also allow me to sign the documents using the pkcs11 commands (i.e which gives me the bytestream to sign and digest but does the other parts itself, pkcs11 is really should not be considered an importance here(you can replace it with my custom algorithm))
BTW a signature builder in XML looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="idPackageSignature">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#idPackageObject">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#idOfficeObject">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#idSignedProperties">
<Transforms>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
</SignedInfo>
<SignatureValue/>
<KeyInfo>
<X509Data>
<X509Certificate/>
</X509Data>
</KeyInfo>
<Object Id="idPackageObject">
<Manifest>
<Reference URI="/_rels/.rels?ContentType=application/vnd.openxmlformats-package.relationships+xml">
<Transforms>
<Transform Algorithm="http://schemas.openxmlformats.org/package/2006/RelationshipTransform">
<mdssi:RelationshipReference xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" SourceId="rId1"/>
</Transform>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference URI="/word/_rels/document.xml.rels?ContentType=application/vnd.openxmlformats-package.relationships+xml">
<Transforms>
<Transform Algorithm="http://schemas.openxmlformats.org/package/2006/RelationshipTransform">
<mdssi:RelationshipReference xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" SourceId="rId5"/>
<mdssi:RelationshipReference xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" SourceId="rId4"/>
<mdssi:RelationshipReference xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" SourceId="rId3"/>
<mdssi:RelationshipReference xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" SourceId="rId2"/>
<mdssi:RelationshipReference xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" SourceId="rId1"/>
</Transform>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference URI="/word/document.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference URI="/word/fontTable.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.fontTable+xml">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference URI="/word/settings.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference URI="/word/styles.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference URI="/word/theme/theme1.xml?ContentType=application/vnd.openxmlformats-officedocument.theme+xml">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
<Reference URI="/word/webSettings.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.webSettings+xml">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</Reference>
</Manifest>
<SignatureProperties>
<SignatureProperty Id="idSignatureTime" Target="#idPackageSignature">
<mdssi:SignatureTime xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature">
<mdssi:Format>YYYY-MM-DDThh:mm:ssTZD</mdssi:Format>
<mdssi:Value>2015-11-22T17:21:28Z</mdssi:Value>
</mdssi:SignatureTime>
</SignatureProperty>
</SignatureProperties>
</Object>
<Object Id="idOfficeObject">
<SignatureProperties>
<SignatureProperty Id="idOfficeV1Details" Target="#idPackageSignature">
<SignatureInfoV1 xmlns="http://schemas.microsoft.com/office/2006/digsig">
<SetupID/>
<SignatureText/>
<SignatureImage/>
<SignatureComments>TEST SIGNING</SignatureComments>
<WindowsVersion>10.0</WindowsVersion>
<OfficeVersion>15.0</OfficeVersion>
<ApplicationVersion>15.0</ApplicationVersion>
<Monitors>1</Monitors>
<HorizontalResolution>1920</HorizontalResolution>
<VerticalResolution>1080</VerticalResolution>
<ColorDepth>32</ColorDepth>
<SignatureProviderId>{00000000-0000-0000-0000-000000000000}</SignatureProviderId>
<SignatureProviderUrl/>
<SignatureProviderDetails>9</SignatureProviderDetails>
<SignatureType>1</SignatureType>
</SignatureInfoV1>
</SignatureProperty>
</SignatureProperties>
</Object>
<Object>
<xd:QualifyingProperties xmlns:xd="http://uri.etsi.org/01903/v1.3.2#" Target="#idPackageSignature">
<xd:SignedProperties Id="idSignedProperties">
<xd:SignedSignatureProperties>
<xd:SigningTime>2015-11-22T17:21:28Z</xd:SigningTime>
<xd:SigningCertificate>
<xd:Cert>
<xd:CertDigest>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue/>
</xd:CertDigest>
<xd:IssuerSerial>
<X509IssuerName>E=ali@ali.com, CN=ALI-PC, OU=ALI-PC, O=ALI-PC, L=ALI-PC, S=ALI-PC, C=98</X509IssuerName>
<X509SerialNumber>1</X509SerialNumber>
</xd:IssuerSerial>
</xd:Cert>
</xd:SigningCertificate>
<xd:SignaturePolicyIdentifier>
<xd:SignaturePolicyImplied/>
</xd:SignaturePolicyIdentifier>
</xd:SignedSignatureProperties>
<xd:SignedDataObjectProperties>
<xd:CommitmentTypeIndication>
<xd:CommitmentTypeId>
<xd:Identifier>http://uri.etsi.org/01903/v1.2.2#ProofOfOrigin</xd:Identifier>
<xd:Description>Created and approved this document</xd:Description>
</xd:CommitmentTypeId>
<xd:AllSignedDataObjects/>
<xd:CommitmentTypeQualifiers>
<xd:CommitmentTypeQualifier>TEST SIGNING</xd:CommitmentTypeQualifier>
</xd:CommitmentTypeQualifiers>
</xd:CommitmentTypeIndication>
</xd:SignedDataObjectProperties>
</xd:SignedProperties>
</xd:QualifyingProperties>
</Object>
</Signature>
