000019421 - RSA BSAFE Cert-J Canonicalization algorithms for XML signing do not seem to be working correctly

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019421
Applies ToRSA BSAFE Cert-J 2.0
IssueRSA BSAFE Cert-J Canonicalization algorithms for XML signing do not seem to be working correctly
Signature is breaking when adding XML comments to the <SignedInfo> in RSA BSAFE Cert-J
ResolutionAccording to the XML Signature Recommendation (http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/ ), In Section 4.3.3.2 "The Reference Processing Model" it is
stated that same document URI References (Such as URI="") are processed with implied comment stripping. That is, when a same document URI reference is processed, all XML
comments should be stripped out. I am adding XML comments to my <SignedInfo> and now my signatures fail to verify. What is happening?

The reason why the signature breaks when you add your comment inside the <SignedInfo> element is because that's not all you're adding. The DOM structure model treats whitespace as significant, and canonical XML doesn't canonicalize whitespace in between elements (this is very non-intuitive, as one might think that it would).

For example, consider this excerpt below:

<ds:SignedInfo>
   <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
   <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
   <ds:Reference URI="">
     <ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
       <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
     </ds:Transforms>
     <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
     <ds:DigestValue>V2V+ZDjxvoF2VrC8+Z8SPF3TbGI=</ds:DigestValue>
   </ds:Reference>
           
</ds:SignedInfo>

The DOM (and Canonical XML) treats the extra empty line as significant. This means
that adding whitespace will break the signature. OK, next example:

<ds:SignedInfo>
   <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
   <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
   <ds:Reference URI="">
     <ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
       <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
     </ds:Transforms>
     <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
     <ds:DigestValue>V2V+ZDjxvoF2VrC8+Z8SPF3TbGI=</ds:DigestValue>
   </ds:Reference>
   <!-- comment here -->
</ds:SignedInfo>

So what's added here? Well, for one a comment is added, but an *extra* text node (empty white
space) has also been added. This is why the signature breaks. Further, consider this <SignedInfo>
structure that properly adds a comment without introducing whitespace:

 <ds:SignedInfo>
   <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
   <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
   <ds:Reference URI="">
     <ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
       <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
     </ds:Transforms>
     <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
     <ds:DigestValue>V2V+ZDjxvoF2VrC8+Z8SPF3TbGI=</ds:DigestValue>
   </ds:Reference><!-- hello -->
 </ds:SignedInfo>

This comment is stripped and does not affect the signature value.
Legacy Article IDa9120

Attachments

    Outcomes