Re: [SignServer-develop] consultation

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Dear Cristian,

Currently the SignServer XML signer has no support for specifying tags
to be excluded. If the underlaying library supports XPath expressions
this should be quite easy to develop.
What would be the use case for this feature?

Cheers,
Markus

PrimeKey Solutions offers a commercial EJBCA & SignServer support
subscription and training. Please see www.primekey.se or contact
in...@pr... for more information. 
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/

On 2013-12-13 19:49, Cristian Altamirano wrote:
> Hi Dear.
>                     My name is Cristian Altamirano and I am testing
> signserver using xml file.
>  I wonder if signserver can make a digital sign wtithout some xml tag.
>                    For example I want to know if the sign can be
> something like:
>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>       <ds:SignedInfo>
>          <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
>          <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>          <ds:Reference URI="#183">
>             <ds:Transforms>
>                <ds:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
>                <ds:Transform
> Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
>                  *<ds:XPath
> xmlns:ctr="http://www.abcdef.cl/2005/05/CGRDoc"
> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">not(ancestor-or-self::ctr:Folio)
> and not(ancestor-or-self::ctr:Fecha) and
> not(ancestor-or-self::ctr:Lugar)</ds:XPath>*
>                </ds:Transform>
>             </ds:Transforms>
>             <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>             <ds:DigestValue>ErGgQ8Ke0hF2C1SSi12Abssi0Kg=</ds:DigestValue>
>          </ds:Reference>
>          <ds:Reference URI="#a4dbe2a7-0aac-4391-8773-62b1d519ada82">
>             <ds:Transforms>
>                <ds:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
>             </ds:Transforms>
>             <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>             <ds:DigestValue>AD6lnb/DQl0tTgF+njpq+qUk9Zc=</ds:DigestValue>
>          </ds:Reference>
>       </ds:SignedInfo>
>      
> <ds:SignatureValue>CwEOfSDVDFcXlKkhjNm/lqIbHfmsXwxb+RoNndGR0zi+YrAGMchqE+tXmqxyEB4IOp9gciw9NecmSCXFGD13NmEpLJynt6BVcGqe3BuC1txKwOZYQNlN4yLalVUrmfge+wrd0ebfFEDoJPq+fA13Yvo16v7Vj2dvdYjffcUK4jc=</ds:SignatureValue>
>       <ds:KeyInfo>
>          <ds:X509Data>
>             <ds:X509IssuerSerial>
>                <ds:X509IssuerName>CN=TEST, O=TEST, OU=TEST,
> E=...@E-... <mailto:TE...@E-...>, C=CL</ds:X509IssuerName>
>               
> <ds:X509SerialNumber>140585008369263210178025</ds:X509SerialNumber>
>             </ds:X509IssuerSerial>
>             <ds:X509SubjectName>C=CL, E=...@TE...
> <mailto:TE...@TE...>, OU=TEST, O=TEST, CN=TEST</ds:X509SubjectName>
>            
> <ds:X509Certificate>MIICUTCCAbqgAwIBAgIKHcUg6kSMM7Cl6TANBgkqhkiG9w0BAQUFADBZMQ0wCwYDVQQDEwRURVNUMQ0wCwYDVQQKEwRURVNUMQ0wCwYDVQQLEwRURVNUMR0wGwYJKoZIhvcNAQkBFg5URVNUQEUtU0lHTi5DTDELMAkGA1UEBhMCQ0wwHhcNMTMxMDA3MTMyODM1WhcNMTgxMDA3MTMyODM1WjBZMQ0wCwYDVQQDEwRURVNUMQ0wCwYDVQQKEwRURVNUMQ0wCwYDVQQLEwRURVNUMR0wGwYJKoZIhvcNAQkBFg5URVNUQEUtU0lHTi5DTDELMAkGA1UEBhMCQ0wwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALSvW/fbYisBDVaECeQMTvq4VyT2urClj6WGwwPROa+6iMILy3mtP4aa8ptgjT+l7DNeKceZBIMo+8K2YrMTRS1K/8NRBa/QTRA2pOwp9UVKr5g08f4wOyjonybPNOh0w3797yCh9A39YcJ5KZGSMFiypdOLnJ25KxYxNmMpkWXTAgMBAAGjIDAeMA8GCSqGSIb3LwEBCgQCBQAwCwYDVR0PBAQDAgSQMA0GCSqGSIb3DQEBBQUAA4GBADkRuoSugzY5/pDkRTR2tFfnwItA2e0r5ga6cOBEsVcfBDe00Clgaks52QoTFSSltgSHKBPsSR4XmE6AmE5gnBVQPeNNmb5TJovG4DnzoODp0mgSpOKj6aO4YY70H8tJzUeeSfWUU1/y0pPdDclN46NFwoAPKSmihvwGeCbuqwua</ds:X509Certificate>
>          </ds:X509Data>
>          <ds:KeyValue>
>             <ds:RSAKeyValue>
>               
> <ds:Modulus>tK9b99tiKwENVoQJ5AxO+rhXJPa6sKWPpYbDA9E5r7qIwgvLea0/hprym2CNP6XsM14px5kEgyj7wrZisxNFLUr/w1EFr9BNEDak7Cn1RUqvmDTx/jA7KOifJs806HTDfv3vIKH0Df1hwnkpkZIwWLKl04ucnbkrFjE2YymRZdM=</ds:Modulus>
>                <ds:Exponent>AQAB</ds:Exponent>
>             </ds:RSAKeyValue>
>          </ds:KeyValue>
>       </ds:KeyInfo>     
>    </ds:Signature>
>
>
>
> -- 
> Regards.
> Cristian Altamirano
>
>
>
>
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT 
> organizations don't have a clear picture of how application performance 
> affects their revenue. With AppDynamics, you get 100% visibility into your 
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
>
>
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop

-- 

PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se or contact in...@pr... for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/