Sing error when add a KeyInfo Reference

Question

Sing error when add a KeyInfo Reference

Opened this issue 7 years ago · 1 comments

Code:

openssl_pkcs12_read(file_get_contents($pkcs12_file), $certs, $pkcs12_pass);

$data = new DOMDocument();
$data->load($file);

$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, ['type' => 'private']);
$objKey->loadKey($certs['pkey']);

$objXMLSecDSig = new XMLSecurityDSig();
$objXMLSecDSig->setCanonicalMethod(XMLSecurityDSig::C14N);

$objXMLSecDSig->add509Cert($certs['cert']);
$objXMLSecDSig->addReference($data, XMLSecurityDSig::SHA1, ['http://www.w3.org/2000/09/xmldsig#enveloped-signature'], ['force_uri' => true]);

$objKeyInfo = $objXMLSecDSig->sigNode->getElementsByTagName('KeyInfo')->item(0);
// Adding a KeyInfo Reference: this Reference invalidates the signature
$objXMLSecDSig->addReference($objKeyInfo , XMLSecurityDSig::SHA1, ['http://www.w3.org/2000/09/xmldsig#enveloped-signature'], ['force_uri' => true]);

$data->save($file . '.xsig');

If I add a reference to the KeyInfo node, the signature is invalidated (signature or altered certificates). If I do not add the reference the signature is correct, but my application needs that reference.

Answer 1 · 2017-12-20T23:16:31.000Z

More info and code in alphp/signature_facturae#1