CryptoSys Home > SC14N > Example Signed XML-DSIG Documents

Example Signed XML-DSIG Documents

This page looks at example signed XML-DSIG documents created using SC14N, a straightforward XML canonicalization utility.

Enveloped signature

The document olamundo.xml is an example of an enveloped signature for input containing the character "á" in ISO-8859-1 encoding (Latin-1). For a more detailed explanation of this particular example, see Example of enveloped signature. For code in C# and Python to do this with SC14N, see Signing an XML-DSIG document using SC14N.

Base data to be signed

001 <?xml version="1.0" encoding="ISO-8859-1"?>
002 <Envelope xmlns="http://example.org/envelope">
003   <Body>
004     Olá mundo
005   </Body>
...
034 </Envelope>

Final signed document

001 <?xml version="1.0" encoding="ISO-8859-1"?>
002 <Envelope xmlns="http://example.org/envelope">
003   <Body>
004     Olá mundo
005   </Body>
006   <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
007     <SignedInfo>
008       <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
009       <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
010       <Reference URI="">
011         <Transforms>
012           <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
013         </Transforms>
014         <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
015         <DigestValue>UWuYTYug10J1k5hKfonxthgrAR8=</DigestValue>
016       </Reference>
017     </SignedInfo>
018     <SignatureValue>
019       TSQUoVrQ0kg1eiltNwIhKPrIdsi1VhWjYNJlXvfQqW2EKk3X37X862SCfrz7v8IYJ7OorWwlFpGDStJDSR6saO
020       ScqSvmesCrGEEq+U6zegR9nH0lvcGZ8Rvc/y7U9kZrE4fHqEiLyfpmzJyPmWUT9Uta14nPJYsl3cmdThHB8Bs=
021     </SignatureValue>
022     <KeyInfo>
023       <KeyValue>
024          <RSAKeyValue>
025            <Modulus>
026              4IlzOY3Y9fXoh3Y5f06wBbtTg94Pt6vcfcd1KQ0FLm0S36aGJtTSb6pYKfyX7PqCUQ8wgL6xUJ5GRPEsu9gyz8
027              ZobwfZsGCsvu40CWoT9fcFBZPfXro1Vtlh/xl/yYHm+Gzqh0Bw76xtLHSfLfpVOrmZdwKmSFKMTvNXOFd0V18=
028            </Modulus>
029            <Exponent>AQAB</Exponent>
030          </RSAKeyValue>
031       </KeyValue>
032     </KeyInfo>
033   </Signature>
034 </Envelope>

Comments

Some lines in the above example do not form part of the signature and could be reformatted or changed without affecting the signature (give or take some twists for white space).

001 -- The XML declaration is not signed.
006,033 -- The outer <Signature> element itself is not signed (but any white space before and after the element tags are)
018-021 -- The <SignatureValue> itself is not signed (because we don't know its value before we sign, obviously)
022-032 -- The <KeyInfo> is not signed (but it could be if we reference it separately). In this example we use <RSAKeyValue> so it will work on the verifier site.

> sc14n -d -x Signature olamundo.xml
UWuYTYug10J1k5hKfonxthgrAR8=

Enveloped signature using RSA-SHA256

The document olamundo-sha256 is the same as above except we've used the RSA-SHA256 algorithm for the signature and SHA-256 for the digest method.

 1 <?xml version="1.0" encoding="ISO-8859-1"?>
 2 <Envelope xmlns="http://example.org/envelope">
 3   <Body>
 4     Olá mundo
 5   </Body>
 6   <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
 7     <SignedInfo>
 8       <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
 9       <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
10       <Reference URI="">
11         <Transforms>
12           <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
13         </Transforms>
14         <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
15         <DigestValue>XmEzFTF6w33nhHfeQqIZKwITz3H2mbBvShxWn+ML/7s=</DigestValue>
16       </Reference>
17     </SignedInfo>
...
22   </Signature>
23 </Envelope>

> sc14n -d --sha256 -x Signature olamundo-sha256.xml
XmEzFTF6w33nhHfeQqIZKwITz3H2mbBvShxWn+ML/7s=

Note that the SHA-256 algorithm for the digest value is declared in the <Reference> element (line 14), and the RSA-SHA256 algorithm for the signature method is declared separately on line 9. These are independent. You don't need to use the same SHA-256 algorithm in each!

Same document with namespaces

The document olamundo-ds.xml has content substantially the same as above except we now use namespaces with prefix "env:" for the outer element (with a made-up URI) and "ds:" for the Signature (with a genuine URI). And we've changed the white space in the <Signature> and <SignedInfo> elements as well, which affects the signature.

 1 <?xml version="1.0" encoding="ISO-8859-1"?>
 2 <env:Envelope xmlns:env="http://example.org/envelope">
 3   <env:Body>
 4     Olá mundo
 5   </env:Body><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
 6 <ds:SignedInfo>
 7 <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
 8 <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
 9 <ds:Reference URI="">
10 <ds:Transforms>
11 <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
12 </ds:Transforms>
13 <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
14 <ds:DigestValue>jDpk5iPbux5KxjW0GokRswYzXx4=</ds:DigestValue>
15 </ds:Reference>
16 </ds:SignedInfo>
...
31 </ds:Signature></env:Envelope>

> sc14n -d -x ds:Signature olamundo-ds.xml
jDpk5iPbux5KxjW0GokRswYzXx4=

Detached signature

The document detached.xml is an example of a detached signature for the file at URI http://www.di-mgt.com.au/abc.html (note that URIs with "https:" will not work on the verifier site).

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html>
<html>
<head>
<title>abc</title>
</head>
<body>
abc
</body>
</html>

 1 <?xml version="1.0" encoding="UTF-8"?>
 2 <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
 3 <SignedInfo>
 4 <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
 5 <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
 6 <Reference URI="http://www.di-mgt.com.au/abc.html">
 7 <Transforms>
 8 <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
 9 </Transforms>
10 <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
11 <DigestValue>ZGABDwC0PQvbdpZ8lRQIadXgFpk=</DigestValue>
12 </Reference>
13 </SignedInfo>
...
18 </Signature>

Here is a zipped copy of the original file abc.html. To reproduce the digest value do the following.

> sc14n -d abc.html
ZGABDwC0PQvbdpZ8lRQIadXgFpk=

Signed document with Chinese characters

The document daiwei.xml contains Chinese characters encoded in UTF-8.

 1 <?xml version="1.0" encoding="UTF-8"?>
 2 <Envelope xmlns="http://example.org/envelope">
 3 <Body>
 4 大卫中国
 5 </Body>...
14 <DigestValue>T/HYRvf6dlmsoW0cHvYZTp6Ov18=</DigestValue>
21 ...</Envelope>

> sc14n -d -x Signature daiwei.xml
T/HYRvf6dlmsoW0cHvYZTp6Ov18=

Same document with Chinese characters as character references

The document daiwei-ents.xml is identical in content to the one above except the Chinese characters are represented in an US-ASCII file by XML character references. This produces exactly the same digest value as above and an identical signature value.

 1 <?xml version="1.0" encoding="US-ASCII"?>
 2 <Envelope xmlns="http://example.org/envelope">
 3 <Body>
 4 &#x5927;&#x536b;&#x4e2d;&#x56fd;
 5 </Body>...
14 <DigestValue>T/HYRvf6dlmsoW0cHvYZTp6Ov18=</DigestValue>
21 ...</Envelope>

Example with CDATA

The document cdata-signed.xml is an example of an XML document with CDATA.

 1 <?xml version="1.0" encoding="US-ASCII"?>
 2 <doc>
 3 <![CDATA[
 4 <contact>
 5 <name>Fred Bloggs</name>
 6 <coy>Branston & Pickle</coy>
 7 </contact>
 8 ]]>
 9 <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
...
18 <DigestValue>O8fw2GNyHnFq1uJ+iznJ1qgcKsA=</DigestValue>
31 ...</Signature></doc>

> sc14n -d -x Signature cdata-signed.xml
O8fw2GNyHnFq1uJ+iznJ1qgcKsA=

The canonicalized version of this document is as follows:

> sc14n -x Signature cdata-signed.xml
<doc>

&lt;contact&gt;
&lt;name&gt;Fred Bloggs&lt;/name&gt;
&lt;coy&gt;Branston &amp; Pickle&lt;/coy&gt;
&lt;/contact&gt;

</doc>

A more complicated XML-DSIG document

The document input.xml has more complicated signed references. There are three <Reference> elements: one (on lines 17-24) referencing the entire document (excluding the <Signature> element), and two referencing the elements with Id="foo" and ID="bar" (lines 25-32 and 33-40, respectively). The inline DTD with the <!ATTLIST> elements is required by the verifier site.

 1 <?xml version="1.0" encoding="US-ASCII"?>
 2 <!DOCTYPE doc [
 3 <!ATTLIST Data Id ID #IMPLIED>
 4 <!ATTLIST Info ID ID #IMPLIED>
 5 ]>
 6 <doc>
 7   <Data>xyz</Data>
 8   <Data>pqr</Data>
 9   <Data Id="foo">abc</Data>
10   <Data Id="baz">456</Data>
11   <Info ID="bar">123</Info>
12   <Info ID="qux">789</Info>
13 <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="thesig">
14 <SignedInfo>
15 <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
16 <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
17 <Reference URI="">
18 <Transforms>
19 <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
20 <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
21 </Transforms>
22 <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
23 <DigestValue>d6Pzi4DPNG6uc9KqTxdnm1zdLSA=</DigestValue>
24 </Reference>
25 <Reference URI="#foo">
26 <Transforms>
27 <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
28 <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
29 </Transforms>
30 <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
31 <DigestValue>j5sLNXdJgD7ye531XlyUb2exL8I=</DigestValue>
32 </Reference>
33 <Reference URI="#bar">
34 <Transforms>
35 <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
36 <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
37 </Transforms>
38 <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
39 <DigestValue>yn5TDgwmUdYwr7PtVYsz2XuwUww=</DigestValue>
40 </Reference>
41 </SignedInfo>
...
52 </Signature>
53 </doc>

> sc14n -d -x Signature input.xml
d6Pzi4DPNG6uc9KqTxdnm1zdLSA=

> sc14n -d -S foo input.xml
j5sLNXdJgD7ye531XlyUb2exL8I=

> sc14n -d -S Id=foo input.xml
j5sLNXdJgD7ye531XlyUb2exL8I=

> sc14n -d -S ID=bar input.xml
yn5TDgwmUdYwr7PtVYsz2XuwUww=

Signing Key

All the above examples have been signed using Alice's test RSA private key from RFC4134 with matching X.509 certificate. The password for the encrypted private key is password.

Verifier Site

Use Online XML Digital Signature Verifer to verify these examples. Some hints:

Open the test document in a UTF-8-aware editor (like Notepad++) then copy and paste from the open document onto the web page. This seems to fix some encoding issues.
To use an example RSA signing key like we do here, you must use an <RSAKeyValue> in the <KeyInfo> element to specify the public key.
If using an ID reference like <Reference URI="#foo"> then you must include an inline DTD with <!ATTLIST elemname attrname ID #IMPLIED> like we do above.
Links to external documents with a URI using "https://" do not work. You'll get an error like "func=xmlSecTransformInputURIOpen:/:io function failed:/;errno=2".
If you get an error like "Entity: line 49: parser error : Input is not proper UTF-8, indicate encoding !" then some characters are not cutting-and-pasting properly as UTF-8. The solution is to edit the document and replace the offending character with its corresponding XML character entity. For example, the character ó in an Eastern European context may give an error Bytes: 0xF3 and show as �. If so, replace ó with ó.

2022-03-20: See Troubleshooting problems on the 'Online XML Digital Signature Verifier' site