XAdES signature verification error

Having trouble installing Oxygen? Got a bug to report? Post it all here.
Post Reply
xrakan
Posts: 1
Joined: Mon May 26, 2025 12:31 am

XAdES signature verification error

Post by xrakan »

Can oXygen verify signature in XAdES standard?

I have created digital signature with JAVA xades4j library, but signature verification in oXygen XML Editor version 27.1 returns error:
The refenerce for URI #xmldsig-4f451966-b443-47fa-bf94-7e4312a9fab4-signedprops has no XMLSIgnatureInput.
I am sure, that signature is valid, because other signature validators, e.g. DSS Demonstration Application in https://ec.europa.eu/digital-building-b ... validation has no issues with xades:SignedProperties element.
Validation also passed without any changes in signed XML file when I used old oXygen XML Editor version 14.2, why? Has last oXygen version some limitations? Is XAdES supported?

My Signature pseudo code:

Code: Select all

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="xmldsig-4f451966-b443-47fa-bf94-7e4312a9fab4">
    <ds:SignedInfo>
        <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
        <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
        <ds:Reference Id="xmldsig-4f451966-b443-47fa-bf94-7e4312a9fab4-ref0" URI="">
            <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
            <ds:DigestValue>MRE5lxU0wHyVm853WL+ENvlF9D05pDDH+wmZXXFkzJQ=</ds:DigestValue>
        </ds:Reference>
        <ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#xmldsig-4f451966-b443-47fa-bf94-7e4312a9fab4-signedprops">
            <ds:Transforms>
                <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
            <ds:DigestValue>xLIIjH+FlggcnAHqYjNseEdpBK4NLCkbb6sgiFnaLrk=</ds:DigestValue>
        </ds:Reference>
    </ds:SignedInfo>
    <ds:SignatureValue Id="xmldsig-4f451966-b443-47fa-bf94-7e4312a9fab4-sigvalue">TReP1uZGUjjMwRHAuMzDA09dIFUqdOGNOa833rilmMj+zadSIsDX2Q5w+s24VBTncb5LIkfvANqUziiKWdbstS3OEctnTzxO/mLO2BHBRPIsGtkByUEllqHdCxk2Y23BXQUIkh7mwO9TIXqKBXa7zh6Usr2bsuNzmrr54Fy+TaCa8Z2diUxLx0Cxtkp/lEwVrz7YErx5f4BHEzJEsH8mUWU/xyuso3X9uW1zyhim2n1B9b51Z8XO2W9z7UofbR2l0y+NjaZPwiybold7lLx0iEJOsqJlMBSgpQCfRHjfEPaDmfTmHs6qLWYYi6BdeyA2Z0TQtdReIYbFTKvcfdXcvA==</ds:SignatureValue>
    <ds:KeyInfo>
        <ds:X509Data>
            <ds:X509Certificate>SOME_CA_CERTIFICATE</ds:X509Certificate>
            <ds:X509Certificate>SOME_CERTIFICATE</ds:X509Certificate>
            <ds:X509IssuerSerial>
                <ds:X509IssuerName>ISSUER</ds:X509IssuerName>
                <ds:X509SerialNumber>1</ds:X509SerialNumber>
            </ds:X509IssuerSerial>
            <ds:X509SubjectName>SUBJECT</ds:X509SubjectName>
        </ds:X509Data>
    </ds:KeyInfo>
    <ds:Object>
        <xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:xades141="http://uri.etsi.org/01903/v1.4.1#" Target="#xmldsig-4f451966-b443-47fa-bf94-7e4312a9fab4">
            <xades:SignedProperties Id="xmldsig-4f451966-b443-47fa-bf94-7e4312a9fab4-signedprops">
                <xades:SignedSignatureProperties>
                    <xades:SigningTime>2025-05-25T23:48:47.303+02:00</xades:SigningTime>
                    <xades:SigningCertificate>
                        <xades:Cert>
                            <xades:CertDigest>
                                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                                <ds:DigestValue>OwRJJuVvcfrwGFtzk9HYMM+68zGjghElMSwhKLsveC8=</ds:DigestValue>
                            </xades:CertDigest>
                            <xades:IssuerSerial>
                                <ds:X509IssuerName>ISSUER</ds:X509IssuerName>
                                <ds:X509SerialNumber>1</ds:X509SerialNumber>
                            </xades:IssuerSerial>
                        </xades:Cert>
                        <xades:Cert>
                            <xades:CertDigest>
                                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                                <ds:DigestValue>krYxjK4MMGOSFL+gnk0KHD6dYNcTqAYjTDXA8keuwi8=</ds:DigestValue>
                            </xades:CertDigest>
                            <xades:IssuerSerial>
                                <ds:X509IssuerName>ISSUER</ds:X509IssuerName>
                                <ds:X509SerialNumber>11796205941189417507</ds:X509SerialNumber>
                            </xades:IssuerSerial>
                        </xades:Cert>
                    </xades:SigningCertificate>
                </xades:SignedSignatureProperties>
            </xades:SignedProperties>
        </xades:QualifyingProperties>
    </ds:Object>
</ds:Signature>
Top
teo
Posts: 85
Joined: Wed Aug 30, 2017 3:56 pm

Re: XAdES signature verification error

Post by teo »

Hello,

I have investigated the reported issue and it may stem from the way the application handles internal references in XAdES signatures.
Additionally, I found that we have already logged an issue on roughly the same topic, dating back several versions.

We use a third-party library for digitally signing documents and it is possible that the problems with the XAdES standard may have arisen following an update to that library that actually included a regression regarding the format in question.
I will post your report there and raise the priority of the issue.

Regards,
Teo
Teodor Timplaru
<oXygen/> XML Editor
http://www.oxygenxml.com
Top
Post Reply

Return to “Common Problems”