{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 再贱就再见 的问题《How do I decide the `DigestValue`, `SignatureValue》','https://www.manongdao.com/q-1375642.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am working on a project where I need to verify the xml is digitally signed or not.
Its really getting hard for me to try and validate the XML for the key values for following
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI=**Some URI Value**>
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>**Some Digest Value**</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>**Some Signature Value**</SignatureValue>
<KeyInfo xmlns:type="http://www.w3.org/2000/09/xmldsig#RSAKeyValue">
<RSAKeyValue><Modulus>**Some RSA Key Value**</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyInfo >
</Signature>
I am not able to trace out how I can get the values for
Reference URIDigest ValueSignature ValueRSA Modulus Value
Can any one tell me how I can get the values of the all above? and what is the logic behind using these much combinations in XML Validation?
I am using C# for checking validations.
you can check code for c# in my previous questions
Thanks in advance.
If you want to just check if the values are there, just use some XML manipulation class like XDocument.
If you want to verify the signature you need to understand this:
So with you want to check if the signature is valid, you need to decript the SignatureValue with his public key and then compare it with the DigestValue. If both are equal, your document is ok, if not, maybe two things ocurred. Or the document was modified during the process, or the public key is not correspondent with the private key that encrypts the document.