1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
|
Sample XML Signatures Produced Using the Phaos XML Toolkit
November 26, 2002
Contents of phaos-xmldsig-three
===============================
signature-rsa-enveloped.xml
---------------------------
Contains an RSA enveloped signature.
signature-rsa-enveloping.xml
----------------------------
Contains an RSA enveloping signature.
signature-rsa-detached.xml
--------------------------
Contains an RSA detached signature.
signature-dsa-enveloped.xml
---------------------------
Contains a DSA enveloped signature.
signature-dsa-enveloping.xml
----------------------------
Contains a DSA enveloping signature.
signature-dsa-detached.xml
--------------------------
Contains a DSA detached signature.
signature-hmac-md5-c14n-enveloping.xml
--------------------------------------
Contains an enveloping MD5 HMAC signature and uses XML Canonicalization
as the canonicalization method. The HMAC secret is the ASCII encoding of
the word "test".
signature-hmac-sha1-exclusive-c14n-enveloped.xml
------------------------------------------------
Contains an enveloped SHA-1 HMAC signature and uses the Exclusive XML
Canonicalization canonicalization method. The HMAC secret is the ASCII
encoding of the word "test".
signature-hmac-sha1-exclusive-c14n-comments-detached.xml
--------------------------------------------------------
Contains a detached SHA-1 HMAC signature and uses the Exclusive XML
Canonicalization With Comments canonicalization method. The HMAC secret
is the ASCII encoding of the word "test".
signature-hmac-sha1-40-c14n-comments-detached.xml
-------------------------------------------------
Contains a detached 40-byte SHA-1 HMAC signature and uses the XML
Canonicalization With Comments canonicalization method. The HMAC secret is
the ASCII encoding of the word "test".
signature-hmac-sha1-40-exclusive-c14n-comments-detached.xml
-----------------------------------------------------------
Contains a detached 40 byte SHA-1 HMAC signature and uses the Exclusive
XML Canonicalization With Comments canonicalization method. The HMAC secret
is the ASCII encoding of the word "test".
signature-dsa-detached-manifest.xml
-----------------------------------
Contains a detached DSA signature with a manifest.
signature-rsa-detached-manifest.xml
----------------------------------
Contains a detached RSA signature with a manifest.
signature-rsa-detached-b64-transform.xml
----------------------------------------
Contains a detached RSA signature with a Base64 decode transform.
signature-rsa-detached-xpath-transform.xml
------------------------------------------
Contains a detached RSA signature with an XPath transform.
signature-rsa-xpath-transform-enveloped.xml
------------------------------------------
Contains an RSA signature with an XPath transform that produces the
same result as the enveloped signature algorithm.
signature-rsa-detached-xslt-transform.xml
------------------------------------------
Contains a detached RSA signature with an XSLT transformation.
signature-rsa-detached-x509-data.xml
------------------------------------
Contains a detached RSA signature with several X509Data subelements.
signature-rsa-detached-x509-data-subject-name.xml
------------------------------------
Contains a detached RSA signature with an X509SubjectName that
references the subject name of the certificate stored in
certs/rsa-client-cert.der.
signature-rsa-detached-x509-data-issuer-serial.xml
------------------------------------
Contains a detached RSA signature with an X509IssuerSerial that
references the issuer and serial number of the certificate stored in
certs/rsa-client-cert.der.
signature-rsa-detached-x509-data-ski.xml
------------------------------------
Contains a detached RSA signature with an X509SKI that
references the Subject Key Identifier of the certificate stored in
certs/rsa-client-cert.der.
signature-rsa-detached-x509-data-client-cert.xml
------------------------------------
Contains a detached RSA signature with an X509Certificate that
represents the certificate stored in certs/rsa-client-cert.der.
signature-rsa-detached-x509-data-cert-chain.xml
------------------------------------
Contains a detached RSA signature with two X509Certificate
elements that represent the certificates stored in
certs/rsa-client-cert.der and certs/rsa-ca-cert.der.
signature-rsa-detached-xslt-transform-retrieval-method.xml
------------------------------------
Contains a detached RSA signature with an XSLT transform and a KeyInfo
element that refers to an external X.509 certificate. The certificate
is located in certs/rsa-client-cert.der.
signature-big.xml
-----------------
Contains a larger detached RSA signature that contains a manifest and many
references that test various transformation algorithms, URI reference syntax
formats, etc. The KeyInfo contains a KeyName whose value is the subject
name of the certificate stored in certs/rsa-client-cert.der.
signature-rsa-detached-xslt-transform-bad-retrieval-method.xml
---------------------------------------------------------------
Contains a detached RSA signature with an XSLT transform and a KeyInfo
element that refers to an INCORRECT external X.509 certificate. (The correct
X.509 certificate is located in certs/rsa-client-cert.der.) Verification
should FAIL.
signature-rsa-enveloped-bad-digest-val.xml
------------------------------------------
Contains an enveloped RSA signature that contains a reference with an INCORRECT
digest value. Verification should FAIL.
signature-rsa-enveloped-bad-sig.xml
-----------------------------------
Contains an enveloped RSA signature that contains a reference that was added
after the signature value was computed. Verification should FAIL.
document.xml
------------
An XML document that is referenced by some of the signature examples.
document-stylesheet.xml
-----------------------
The same as document.xml with the addition of an xsl-stylesheet processing
instruction.
document.xsl
------------
An XSL stylesheet referenced by several of the signature examples and
document-stylesheet.xml.
document.b64
------------
A Base64 encoded XML document.
README.txt
----------
This file.
Contents of phaos-xmldsig-three/certs
=====================================
rsa-cert.der
------------
An RSA end entity certificate issued by the CA certificate contained in
rsa-ca-cert.der.
enc-rsa-key.der
---------------
The RSA private key that matches rsa-cert.der, password-encrypted using
the PKCS#8 format. The password is "test".
dsa-cert.der
------------
An DSA end entity certificate issued by the CA certificate contained in
dsa-ca-cert.der.
enc-dsa-key.der
---------------
The DSA private key that matches dsa-cert.der, password-encrypted using
the PKCS#8 format. The password is "test".
rsa-ca-cert.der
---------------
An RSA self-signed CA certificate.
dsa-ca-cert.der
---------------
A DSA self-signed CA certificate.
crl.der
-------
A sample CRL that revokes rsa-cert.der.
Joe Morgan
Software Engineer
Phaos Technology
jmorgan@phaos.com
http://www.phaos.com/
|
