Hi all,

To explain from my previous message below, I am trying to sign an SwA message where the attachment is compressed with GZip.

Therefore I am thinking I will need to compute digests for the XML elements to be signed and the compressed attachment. Then based on the digest values I will compute the signature.

Kind regards,
***NOTICE***
This e-mail/facsimile may contain confidential or legally privileged material and if you are not the intended recipient, you are advised that Synchronised Software Pty Ltd does not consent to you reading or copying the material and does not waive any confidentiality or legal privilege associated with it. This e-mail/facsimile may also contain material which is protected by copyright and if you are not the intended recipient, you are advised that Synchronised Software Pty Ltd has not consented to your reproduction of the material and there is no intention to provide you with an implied licence to exercise any of the rights of the copyright owner or an authorised licensee. If you have received this e-mail/facsimile in error, please advise Synchronised Software Pty Ltd immediately by return e-mail/facsimile or by telephone on 61-3-9236-1900.
The recipient of this e-mail/facsimile is solely responsible for conducting such tests and virus scanning as may be necessary, before using any attachment, to ensure that the attachment does not contain any virus and that use of the attached materials will in no way corrupt the recipient's data or systems or those of any other person.
Please consider the environment before printing this message.

From: Jean-Paul Berthelot
Sent: Sunday, 7 July 2013 2:38 PM
To: 'dev-crypto-csharp-***@public.gmane.org'
Subject: Support for signature computation based on SignedInfo for WSSE in Bouncy Castle C#
Importance: High

Hi all,

I have a question regarding computation of a signature for based on multiple digest values. Would you there be a way to approach this problem in Bouncy Castle.

For example, say if I have multiple XML elements that I would like to calculate digest values for individually and then compute the signature based on the digest values for the whole XML document. Would this be possible with bouncy castle.

To provide an example I am trying to produce a WSSE security token to with a signature based on the SignedInfo element as highlighted in yellow below.


<wsse:Security>

<wsse:BinarySecurityToken wsu:Id="Id-9dde0b830ffc4f82996d9b2bada06c56" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIDKDCCAhSgAwIBAgIQrFS6uduwTI9G/PLSuVErxDAJBgUrDgMCHQUAMCYxJDAiBgNVBAMTG1N5bmNzb2Z0IEVudGVycHJpc2UgUm9vdCBDQTAeFw0xMzA1MTcyMjI0MjdaFw0zOTEyMzEyMzU5NTlaMCUxIzAhBgNVBAMTGmVudGVycHJpc2Uuc3luY3NvZnQuY29tLmF1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWUoI9/+tQSh5lX110sl1q4WG18dUpC758tvx+sg065q4zmBdDp14Keoay6hzqKPQWAH1eDk5LOyHxI3MwK2qkRYRPdOOVXNMUetKKOsh8h1rJAzj4kVMaeiAHigx7eRElBfv4zhycv1hl2BiSp+OT+Z88ukO1cCCz8Ehkim746ZPtQXYQAofgkTRf1x8RmUN4/MfOIwm7Rq9LVjQz2a4bmajDhn1BuGN10odfr9Q8fy7R7Zrtw31+5c4rkMtB7vZGp6kafxqbTKYgR5TXn3RY3bhHyhoKT+tRhSHQjHmVlF5+flQiAnxRysnjiTEBjoAEfjlMFSWj0uHlKaqlY/BQIDAQABo1swWTBXBgNVHQEEUDBOgBBlOH56UNr6Z/sT51gI9rTMoSgwJjEkMCIGA1UEAxMbU3luY3NvZnQgRW50ZXJwcmlzZSBSb290IENBghAP8+VIW7eqiUrhf3ayIowlMAkGBSsOAwIdBQADggEBAIXSUVBD0LytaWb1qp2cLz8CGQYvWojpjPDth7FObMOelTKj08eqRYseZJPP4KFQveibCuW5ChODwLupYrmC3MiYCNg+4LMFBhdsSe/md5k2ZwW7VD/fdu6ipHtgJF7fJHHVuHqOW09krBhPxDS5lGyNjaPlbfz5cTNZRDAKNxHgqNFRKoL6uDWB9m0WnpSbg/vHRqB2rwhjq4XamKyo0ronoZMAWZGgE/BW1YZh7yCw6vQ8D4aaRTA7loIKEfEiuJxgwhS7kZ1zBq2P7e10qOcPSmD1s0OKc+sI70wihHgk+LK/FJnYhhy+YvHZyboF216UP2gTxbhpglbH8+E6FrI=</wsse:BinarySecurityToken>

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#<http://www.w3.org/2000/09/xmldsig>">

<SignedInfo>

<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>">

</CanonicalizationMethod>

<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1">

</SignatureMethod>

<Reference URI="#Id-d54f5f1c1f9944d69bbc690bd24c6a5e">

<Transforms>

<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>">

</Transform>

</Transforms>

<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">

</DigestMethod>

<DigestValue>gVlvjh1yqrcorBrjTbbOxZOqUMA=</DigestValue>

</Reference>

<Reference URI="#ID0EID">

<Transforms>

<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>">

</Transform>

</Transforms>

<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">

</DigestMethod>

<DigestValue>BtaRNTFAgjR1Baf65qUPSmV+vvc=</DigestValue>

</Reference>

</SignedInfo>

<SignatureValue>oR6HveOl+G9IkrhaLOf51XLDuLQa8kBn/WTbyjM0/ERr0vGAdHgSwBIZr29LRckGuC5ybKbiRSACCjunOBs5WmllL3hmThYl0cWXvdRuxUuBBHgISxr+661pRoxoJdWyuI4axmlOBXAdzy0cMkLpv01NP7HBluFnft2maA6X6QMEbh2Ecnm/4lz4BdxpN38/n+MFChsSrZs/zMkOLnlgWIRtajswTFL+cCtztnHOUlMoPRa50BeaKJbVrFIJuAlsOHxsqmXdmedL6g80MSNQyuN8z3WAlzO8AcfTbJYD6puYcmiq0TYGP9CvV5bdHrlgbHZlvZSw27zMkudZsz7rPA==</SignatureValue>

<KeyInfo>

<wsse:SecurityTokenReference>

<wsse:Reference URI="#Id-9dde0b830ffc4f82996d9b2bada06c56" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">

</wsse:Reference>

</wsse:SecurityTokenReference>

</KeyInfo>
</Signature>
</wsse:Security>

Would there be any support or examples I could find to complete this task with Bouncy Castle?

This is a standard requirement for SWA.

Could any provide any insight here as it would be greatly appreciated.

Cheers,

Jean-Paul Berthelot | Developer
SyncSoft | Ground Floor, 19-23 Prospect Street | Box Hill Vic 3128 | Australia
T: +61 3 9236 1936 | M: 0432327799 | F: +61 3 9236 1999
E: jean.paul.berthelot-Qon15l092L40n/***@public.gmane.org<mailto:***@syncsoft.com.au> | W: www.syncsoft.com.au<http://www.syncsoft.com.au>

***NOTICE***
This e-mail/facsimile may contain confidential or legally privileged material and if you are not the intended recipient, you are advised that Synchronised Software Pty Ltd does not consent to you reading or copying the material and does not waive any confidentiality or legal privilege associated with it. This e-mail/facsimile may also contain material which is protected by copyright and if you are not the intended recipient, you are advised that Synchronised Software Pty Ltd has not consented to your reproduction of the material and there is no intention to provide you with an implied licence to exercise any of the rights of the copyright owner or an authorised licensee. If you have received this e-mail/facsimile in error, please advise Synchronised Software Pty Ltd immediately by return e-mail/facsimile or by telephone on 61-3-9236-1900.
The recipient of this e-mail/facsimile is solely responsible for conducting such tests and virus scanning as may be necessary, before using any attachment, to ensure that the attachment does not contain any virus and that use of the attached materials will in no way corrupt the recipient's data or systems or those of any other person.
Please consider the environment before printing this message.

Hi all,

To explain from my previous message below, I am trying to sign an SwA message where the attachment is compressed with GZip.

Therefore I am thinking I will need to compute digests for the XML elements to be signed and the compressed attachment. Then based on the digest values I will then compute the signature.

Kind regards,

From: Jean-Paul Berthelot
Sent: Sunday, 7 July 2013 2:38 PM
To: 'dev-crypto-csharp-***@public.gmane.org'
Subject: Support for signature computation based on SignedInfo for WSSE in Bouncy Castle C#
Importance: High

Hi all,

I have a question regarding computation of a signature for based on multiple digest values. Would you there be a way to approach this problem in Bouncy Castle.

For example, say if I have multiple XML elements that I would like to calculate digest values for individually and then compute the signature based on the digest values for the whole XML document. Would this be possible with bouncy castle.

To provide an example I am trying to produce a WSSE security token to with a signature based on the SignedInfo element as highlighted in yellow below.


<wsse:Security>

<wsse:BinarySecurityToken wsu:Id="Id-9dde0b830ffc4f82996d9b2bada06c56" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIDKDCCAhSgAwIBAgIQrFS6uduwTI9G/PLSuVErxDAJBgUrDgMCHQUAMCYxJDAiBgNVBAMTG1N5bmNzb2Z0IEVudGVycHJpc2UgUm9vdCBDQTAeFw0xMzA1MTcyMjI0MjdaFw0zOTEyMzEyMzU5NTlaMCUxIzAhBgNVBAMTGmVudGVycHJpc2Uuc3luY3NvZnQuY29tLmF1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoWUoI9/+tQSh5lX110sl1q4WG18dUpC758tvx+sg065q4zmBdDp14Keoay6hzqKPQWAH1eDk5LOyHxI3MwK2qkRYRPdOOVXNMUetKKOsh8h1rJAzj4kVMaeiAHigx7eRElBfv4zhycv1hl2BiSp+OT+Z88ukO1cCCz8Ehkim746ZPtQXYQAofgkTRf1x8RmUN4/MfOIwm7Rq9LVjQz2a4bmajDhn1BuGN10odfr9Q8fy7R7Zrtw31+5c4rkMtB7vZGp6kafxqbTKYgR5TXn3RY3bhHyhoKT+tRhSHQjHmVlF5+flQiAnxRysnjiTEBjoAEfjlMFSWj0uHlKaqlY/BQIDAQABo1swWTBXBgNVHQEEUDBOgBBlOH56UNr6Z/sT51gI9rTMoSgwJjEkMCIGA1UEAxMbU3luY3NvZnQgRW50ZXJwcmlzZSBSb290IENBghAP8+VIW7eqiUrhf3ayIowlMAkGBSsOAwIdBQADggEBAIXSUVBD0LytaWb1qp2cLz8CGQYvWojpjPDth7FObMOelTKj08eqRYseZJPP4KFQveibCuW5ChODwLupYrmC3MiYCNg+4LMFBhdsSe/md5k2ZwW7VD/fdu6ipHtgJF7fJHHVuHqOW09krBhPxDS5lGyNjaPlbfz5cTNZRDAKNxHgqNFRKoL6uDWB9m0WnpSbg/vHRqB2rwhjq4XamKyo0ronoZMAWZGgE/BW1YZh7yCw6vQ8D4aaRTA7loIKEfEiuJxgwhS7kZ1zBq2P7e10qOcPSmD1s0OKc+sI70wihHgk+LK/FJnYhhy+YvHZyboF216UP2gTxbhpglbH8+E6FrI=</wsse:BinarySecurityToken>

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#<http://www.w3.org/2000/09/xmldsig>">

<SignedInfo>

<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>">

</CanonicalizationMethod>

<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1">

</SignatureMethod>

<Reference URI="#Id-d54f5f1c1f9944d69bbc690bd24c6a5e">

<Transforms>

<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>">

</Transform>

</Transforms>

<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">

</DigestMethod>

<DigestValue>gVlvjh1yqrcorBrjTbbOxZOqUMA=</DigestValue>

</Reference>

<Reference URI="#ID0EID">

<Transforms>

<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>">

</Transform>

</Transforms>

<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">

</DigestMethod>

<DigestValue>BtaRNTFAgjR1Baf65qUPSmV+vvc=</DigestValue>

</Reference>

</SignedInfo>

<SignatureValue>oR6HveOl+G9IkrhaLOf51XLDuLQa8kBn/WTbyjM0/ERr0vGAdHgSwBIZr29LRckGuC5ybKbiRSACCjunOBs5WmllL3hmThYl0cWXvdRuxUuBBHgISxr+661pRoxoJdWyuI4axmlOBXAdzy0cMkLpv01NP7HBluFnft2maA6X6QMEbh2Ecnm/4lz4BdxpN38/n+MFChsSrZs/zMkOLnlgWIRtajswTFL+cCtztnHOUlMoPRa50BeaKJbVrFIJuAlsOHxsqmXdmedL6g80MSNQyuN8z3WAlzO8AcfTbJYD6puYcmiq0TYGP9CvV5bdHrlgbHZlvZSw27zMkudZsz7rPA==</SignatureValue>

<KeyInfo>

<wsse:SecurityTokenReference>

<wsse:Reference URI="#Id-9dde0b830ffc4f82996d9b2bada06c56" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">

</wsse:Reference>

</wsse:SecurityTokenReference>

</KeyInfo>
</Signature>
</wsse:Security>

Would there be any support or examples I could find to complete this task with Bouncy Castle?

This is a standard requirement for SWA.

Could any provide any insight here as it would be greatly appreciated.

Cheers,

Jean-Paul