XAdES signature verification error
Posted: Tue May 27, 2025 12:53 am
Can oXygen verify signature in XAdES standard?
I have created digital signature with JAVA xades4j library, but signature verification in oXygen XML Editor version 27.1 returns error:
Validation also passed without any changes in signed XML file when I used old oXygen XML Editor version 14.2, why? Has last oXygen version some limitations? Is XAdES supported?
My Signature pseudo code:
I have created digital signature with JAVA xades4j library, but signature verification in oXygen XML Editor version 27.1 returns error:
I am sure, that signature is valid, because other signature validators, e.g. DSS Demonstration Application in https://ec.europa.eu/digital-building-b ... validation has no issues with xades:SignedProperties element.The refenerce for URI #xmldsig-4f451966-b443-47fa-bf94-7e4312a9fab4-signedprops has no XMLSIgnatureInput.
Validation also passed without any changes in signed XML file when I used old oXygen XML Editor version 14.2, why? Has last oXygen version some limitations? Is XAdES supported?
My Signature pseudo code:
Code: Select all
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="xmldsig-4f451966-b443-47fa-bf94-7e4312a9fab4">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference Id="xmldsig-4f451966-b443-47fa-bf94-7e4312a9fab4-ref0" URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>MRE5lxU0wHyVm853WL+ENvlF9D05pDDH+wmZXXFkzJQ=</ds:DigestValue>
</ds:Reference>
<ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#xmldsig-4f451966-b443-47fa-bf94-7e4312a9fab4-signedprops">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>xLIIjH+FlggcnAHqYjNseEdpBK4NLCkbb6sgiFnaLrk=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="xmldsig-4f451966-b443-47fa-bf94-7e4312a9fab4-sigvalue">TReP1uZGUjjMwRHAuMzDA09dIFUqdOGNOa833rilmMj+zadSIsDX2Q5w+s24VBTncb5LIkfvANqUziiKWdbstS3OEctnTzxO/mLO2BHBRPIsGtkByUEllqHdCxk2Y23BXQUIkh7mwO9TIXqKBXa7zh6Usr2bsuNzmrr54Fy+TaCa8Z2diUxLx0Cxtkp/lEwVrz7YErx5f4BHEzJEsH8mUWU/xyuso3X9uW1zyhim2n1B9b51Z8XO2W9z7UofbR2l0y+NjaZPwiybold7lLx0iEJOsqJlMBSgpQCfRHjfEPaDmfTmHs6qLWYYi6BdeyA2Z0TQtdReIYbFTKvcfdXcvA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>SOME_CA_CERTIFICATE</ds:X509Certificate>
<ds:X509Certificate>SOME_CERTIFICATE</ds:X509Certificate>
<ds:X509IssuerSerial>
<ds:X509IssuerName>ISSUER</ds:X509IssuerName>
<ds:X509SerialNumber>1</ds:X509SerialNumber>
</ds:X509IssuerSerial>
<ds:X509SubjectName>SUBJECT</ds:X509SubjectName>
</ds:X509Data>
</ds:KeyInfo>
<ds:Object>
<xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:xades141="http://uri.etsi.org/01903/v1.4.1#" Target="#xmldsig-4f451966-b443-47fa-bf94-7e4312a9fab4">
<xades:SignedProperties Id="xmldsig-4f451966-b443-47fa-bf94-7e4312a9fab4-signedprops">
<xades:SignedSignatureProperties>
<xades:SigningTime>2025-05-25T23:48:47.303+02:00</xades:SigningTime>
<xades:SigningCertificate>
<xades:Cert>
<xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>OwRJJuVvcfrwGFtzk9HYMM+68zGjghElMSwhKLsveC8=</ds:DigestValue>
</xades:CertDigest>
<xades:IssuerSerial>
<ds:X509IssuerName>ISSUER</ds:X509IssuerName>
<ds:X509SerialNumber>1</ds:X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert>
<xades:Cert>
<xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>krYxjK4MMGOSFL+gnk0KHD6dYNcTqAYjTDXA8keuwi8=</ds:DigestValue>
</xades:CertDigest>
<xades:IssuerSerial>
<ds:X509IssuerName>ISSUER</ds:X509IssuerName>
<ds:X509SerialNumber>11796205941189417507</ds:X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert>
</xades:SigningCertificate>
</xades:SignedSignatureProperties>
</xades:SignedProperties>
</xades:QualifyingProperties>
</ds:Object>
</ds:Signature>