| ||||
| ||||
| Есть ли у кого пример такой реализации ? спасибо за ответы подписывать XML документ по стандарту, тоесть формировать все поля вручную ? или может просто зашифровать сообщение и потом проверить его по SigneData .... | ||||
| Ответы: | ||||
| ||||
| C КриптоПро CSP 3.0 Можно использовать COM объект MSXML 5. | ||||
| ||||
| MSXML 5 поставляется только с Office2003 ....... ;-) так что спасибо, но нельзя | ||||
| ||||
| На компьютерах с ранними версиями Ofiice (97/2000/XP/2002) можно установить бесплатный продукт "Word 2003: XML Viewer" размером 1 Мб, который содержит MSXML5. Это работоспособное решение, до тех пор, пока MS не выпустит модуль для installer-а redistributible варианта нового MSXML. | ||||
| ||||
| спасибо, это буду иметь ввиду но все равно низя на пятом парсере писать ... вообщем CAPICOM + javascript + .NET мне бы примерчиков по уже реализованному ... не могу понять как мне на CAPICOM правильно подписать XML документ, либо - сделать Sign самому документу и возвращаемое значение с самим документом отправить на сервер, но там я опять не могу проверить ... вылетает ошибка ASN1, неправильный Base64 и куча всего ;-) | ||||
| ||||
| С CAPICOM Вам проще всего использовать вариант с bDetached==FALSE, либо самому реализовать аналог нормализации, а потом подписывать c bDetached==TRUE. > вылетает ошибка ASN1, неправильный Base64 Это похоже на ошибки связанные с тем, что строки в JS/VS в Unicode, а не в байтах. Надо тщательно следить за преобразованиями. Успехов. P.S. Если нужны примеры XML, то запросите их у Ирины <mailto:kalugina@cryptopro.ru>. | ||||
| ||||
| подскажите, пожалуйста, как правильно преобразовывать или где про это почитать ? | ||||
| ||||
| Описания соотвествующих языков. Вобщем, надо тщательно разбираться с тем, что подписываете (последовательность байт или Unicode(UTF16) строку), и с тем, что передаёте на Base64/ASN.1 декодирование. | ||||
| ||||
| index.html сохранен в UTF-8 var XML = new ActiveXObject("Msxml2.DOMDocument.4.0"); XML.async = false; XML.loadXML(strXML); var signedData = new ActiveXObject("CAPICOM.SignedData") var signer = new ActiveXObject("CAPICOM.Signer"); signer.Certificate = Certificate; // здесь выбран сертификат Certificate = new ActiveXObject("CAPICOM.Certificate"); signedData.Content = XML.xml; var signature = signedData.Sign(signer, true, 0); формируем strURL xmlhttp.Open("GET", strURL, true); отправляем тама вижу ошибки на дот нет ;-) strXML береться из textarea <?xml version="1.0" encoding="UTF-8"?> <docs> <doc> <doc_name>Protocol</doc_name> <doc_type>Act</doc_type> <doc_value>1000</doc_value> <doc_bank>MoscowBank</doc_bank> </doc> </docs> где могут быть ошибки ? | ||||
| ||||
| подпись XML парсером 5 версии вот этот код постоянно вылетает с ошибкой Access is denied. вылетает на этапе var a = xmldsig.sign(oKey, 1); Не подскажете как вылечить ? спасибо if (!xmldsig.signature) { alert("Invalid signature template\n"); return false; } var _key = cert.PrivateKey.ContainerName; document.all.a.value = _key; var oKey = xmldsig.createKeyFromCSP(1, "", _key, 0); try { var a = xmldsig.sign(oKey, 1); } catch (e) { alert(e.description); } | ||||
| ||||
| совсем нихто не знает ? ;-) не верю timda http://timda.ru | ||||
| ||||
| Так предлагает делать MS. Microsoft XML Core Services (MSXML) 5.0 for Microsoft Office - Digital Signatures JScript Source: sign.js var xmldoc, xmldsig, infile; var szResult = ""; NOKEYINFO = 0; KEYVALUE = 1; CERTIFICATES = 2; PURGE = 4; DSIGNS = "xmlns:ds=’http://www.w3.org/2000/09/xmldsig#’"; PROV_RSA_FULL = 1; // Change this key container name to your own if necessary. RSA_KEY = "MyRSAFullKeys"; csp = PROV_RSA_FULL; key = RSA_KEY; infile = "signature_template.sign.rsa.xml"; if (InitXML()) { if (LoadXML(infile)) { alert("Sign with fwWriteKeyInfo = NOKEYINFO:"); SignXML(NOKEYINFO); alert("Sign with fwWriteKeyInfo = KEYVALUE:"); SignXML(KEYVALUE|PURGE); alert("Sign with fwWriteKeyInfo = CERTIFICATES:"); SignXML(CERTIFICATES); alert("Sign with fwWriteKeyInfo = CERTIFICATES|PURGE:"); SignXML(CERTIFICATES|PURGE); alert("Sign with fwWriteKeyInfo = PURGE:"); SignXML(PURGE); } } ///////// Helper functions. ///////// function alert(str) { WScript.echo(str); } ///////// Set the signature for signing. //////// function InitXML() { try { xmldoc = new ActiveXObject("Msxml2.DOMDOcument.5.0"); xmldsig= new ActiveXObject("Msxml2.MXDigitalSignature.5.0"); } catch (e) { alert("Installation of mxsml5 is required to run this app.\n"); return false; } xmldoc.async = false; xmldoc.preserveWhiteSpace = true; xmldoc.validateOnParse = false; xmldoc.resolveExternals = false; return true; } function LoadXML(file) { if (xmldoc == null) { alert("must instantiate xml dom\n"); return false; } if (!xmldoc.load(file)) { alert("Can’t load "+ file + "\n"); return false; } xmldoc.setProperty("SelectionNamespaces", DSIGNS); xmldsig.signature = xmldoc.selectSingleNode(".//ds:Signature"); return true; } function SignXML(fwWriteKeyInfo) { if (!xmldsig.signature) { alert("Invalid signature template\n"); return false; } var oKey = xmldsig.createKeyFromCSP(csp, "", key, 0); if (!oKey) { alert("Invalid key.\n"); return false; } var oSignedKey = xmldsig.sign(oKey,fwWriteKeyInfo); if (!oSignedKey) { alert("sign failed.\n"); return false; } alert("The specified data was signed successfully.\n"+ "Resultant signature:\n"+ xmldoc.xml + "\n"); return true; } Try It! Ensure that you have completed all the procedures in Getting Started with XML Digital Signatures. Copy the XML signature template from Resource Files, and paste it into a text file. Save the file as signature_template.sign.rsa.xml. Copy the JScript listing above, and paste it into a text file. Save the file as sign.js, in the same directory where you saved signature_template.sign.rsa.xml. From a command prompt, navigate to this directory, then type "cscript sign.js". Note Under operating systems other than Windows 2000 or Windows XP, you might need to install Windows Scripting Host (to run cscript.exe or wscript.exe), if it is not already installed. Verify that your output is the similar to that listed in the Output topic. | ||||
| ||||
| Так предлагает делать MS. Microsoft XML Core Services (MSXML) 5.0 for Microsoft Office - Digital Signatures JScript Source: sign.js var xmldoc, xmldsig, infile; var szResult = ""; NOKEYINFO = 0; KEYVALUE = 1; CERTIFICATES = 2; PURGE = 4; DSIGNS = "xmlns:ds=’http://www.w3.org/2000/09/xmldsig#’"; PROV_RSA_FULL = 1; // Change this key container name to your own if necessary. RSA_KEY = "MyRSAFullKeys"; csp = PROV_RSA_FULL; key = RSA_KEY; infile = "signature_template.sign.rsa.xml"; if (InitXML()) { if (LoadXML(infile)) { alert("Sign with fwWriteKeyInfo = NOKEYINFO:"); SignXML(NOKEYINFO); alert("Sign with fwWriteKeyInfo = KEYVALUE:"); SignXML(KEYVALUE|PURGE); alert("Sign with fwWriteKeyInfo = CERTIFICATES:"); SignXML(CERTIFICATES); alert("Sign with fwWriteKeyInfo = CERTIFICATES|PURGE:"); SignXML(CERTIFICATES|PURGE); alert("Sign with fwWriteKeyInfo = PURGE:"); SignXML(PURGE); } } ///////// Helper functions. ///////// function alert(str) { WScript.echo(str); } ///////// Set the signature for signing. //////// function InitXML() { try { xmldoc = new ActiveXObject("Msxml2.DOMDOcument.5.0"); xmldsig= new ActiveXObject("Msxml2.MXDigitalSignature.5.0"); } catch (e) { alert("Installation of mxsml5 is required to run this app.\n"); return false; } xmldoc.async = false; xmldoc.preserveWhiteSpace = true; xmldoc.validateOnParse = false; xmldoc.resolveExternals = false; return true; } function LoadXML(file) { if (xmldoc == null) { alert("must instantiate xml dom\n"); return false; } if (!xmldoc.load(file)) { alert("Can’t load "+ file + "\n"); return false; } xmldoc.setProperty("SelectionNamespaces", DSIGNS); xmldsig.signature = xmldoc.selectSingleNode(".//ds:Signature"); return true; } function SignXML(fwWriteKeyInfo) { if (!xmldsig.signature) { alert("Invalid signature template\n"); return false; } var oKey = xmldsig.createKeyFromCSP(csp, "", key, 0); if (!oKey) { alert("Invalid key.\n"); return false; } var oSignedKey = xmldsig.sign(oKey,fwWriteKeyInfo); if (!oSignedKey) { alert("sign failed.\n"); return false; } alert("The specified data was signed successfully.\n"+ "Resultant signature:\n"+ xmldoc.xml + "\n"); return true; } Try It! Ensure that you have completed all the procedures in Getting Started with XML Digital Signatures. Copy the XML signature template from Resource Files, and paste it into a text file. Save the file as signature_template.sign.rsa.xml. Copy the JScript listing above, and paste it into a text file. Save the file as sign.js, in the same directory where you saved signature_template.sign.rsa.xml. From a command prompt, navigate to this directory, then type "cscript sign.js". Note Under operating systems other than Windows 2000 or Windows XP, you might need to install Windows Scripting Host (to run cscript.exe or wscript.exe), if it is not already installed. Verify that your output is the similar to that listed in the Output topic. | ||||
| ||||
| Так предлагает делать MS. Microsoft XML Core Services (MSXML) 5.0 for Microsoft Office - Digital Signatures JScript Source: sign.js var xmldoc, xmldsig, infile; var szResult = ""; NOKEYINFO = 0; KEYVALUE = 1; CERTIFICATES = 2; PURGE = 4; DSIGNS = "xmlns:ds=’http://www.w3.org/2000/09/xmldsig#’"; PROV_RSA_FULL = 1; // Change this key container name to your own if necessary. RSA_KEY = "MyRSAFullKeys"; csp = PROV_RSA_FULL; key = RSA_KEY; infile = "signature_template.sign.rsa.xml"; if (InitXML()) { if (LoadXML(infile)) { alert("Sign with fwWriteKeyInfo = NOKEYINFO:"); SignXML(NOKEYINFO); alert("Sign with fwWriteKeyInfo = KEYVALUE:"); SignXML(KEYVALUE|PURGE); alert("Sign with fwWriteKeyInfo = CERTIFICATES:"); SignXML(CERTIFICATES); alert("Sign with fwWriteKeyInfo = CERTIFICATES|PURGE:"); SignXML(CERTIFICATES|PURGE); alert("Sign with fwWriteKeyInfo = PURGE:"); SignXML(PURGE); } } ///////// Helper functions. ///////// function alert(str) { WScript.echo(str); } ///////// Set the signature for signing. //////// function InitXML() { try { xmldoc = new ActiveXObject("Msxml2.DOMDOcument.5.0"); xmldsig= new ActiveXObject("Msxml2.MXDigitalSignature.5.0"); } catch (e) { alert("Installation of mxsml5 is required to run this app.\n"); return false; } xmldoc.async = false; xmldoc.preserveWhiteSpace = true; xmldoc.validateOnParse = false; xmldoc.resolveExternals = false; return true; } function LoadXML(file) { if (xmldoc == null) { alert("must instantiate xml dom\n"); return false; } if (!xmldoc.load(file)) { alert("Can’t load "+ file + "\n"); return false; } xmldoc.setProperty("SelectionNamespaces", DSIGNS); xmldsig.signature = xmldoc.selectSingleNode(".//ds:Signature"); return true; } function SignXML(fwWriteKeyInfo) { if (!xmldsig.signature) { alert("Invalid signature template\n"); return false; } var oKey = xmldsig.createKeyFromCSP(csp, "", key, 0); if (!oKey) { alert("Invalid key.\n"); return false; } var oSignedKey = xmldsig.sign(oKey,fwWriteKeyInfo); if (!oSignedKey) { alert("sign failed.\n"); return false; } alert("The specified data was signed successfully.\n"+ "Resultant signature:\n"+ xmldoc.xml + "\n"); return true; } Try It! Ensure that you have completed all the procedures in Getting Started with XML Digital Signatures. Copy the XML signature template from Resource Files, and paste it into a text file. Save the file as signature_template.sign.rsa.xml. Copy the JScript listing above, and paste it into a text file. Save the file as sign.js, in the same directory where you saved signature_template.sign.rsa.xml. From a command prompt, navigate to this directory, then type "cscript sign.js". Note Under operating systems other than Windows 2000 or Windows XP, you might need to install Windows Scripting Host (to run cscript.exe or wscript.exe), if it is not already installed. Verify that your output is the similar to that listed in the Output topic. | ||||
| ||||
| Так предлагает делать MS. Microsoft XML Core Services (MSXML) 5.0 for Microsoft Office - Digital Signatures JScript Source: sign.js var xmldoc, xmldsig, infile; var szResult = ""; NOKEYINFO = 0; KEYVALUE = 1; CERTIFICATES = 2; PURGE = 4; DSIGNS = "xmlns:ds=’http://www.w3.org/2000/09/xmldsig#’"; PROV_RSA_FULL = 1; // Change this key container name to your own if necessary. RSA_KEY = "MyRSAFullKeys"; csp = PROV_RSA_FULL; key = RSA_KEY; infile = "signature_template.sign.rsa.xml"; if (InitXML()) { if (LoadXML(infile)) { alert("Sign with fwWriteKeyInfo = NOKEYINFO:"); SignXML(NOKEYINFO); alert("Sign with fwWriteKeyInfo = KEYVALUE:"); SignXML(KEYVALUE|PURGE); alert("Sign with fwWriteKeyInfo = CERTIFICATES:"); SignXML(CERTIFICATES); alert("Sign with fwWriteKeyInfo = CERTIFICATES|PURGE:"); SignXML(CERTIFICATES|PURGE); alert("Sign with fwWriteKeyInfo = PURGE:"); SignXML(PURGE); } } ///////// Helper functions. ///////// function alert(str) { WScript.echo(str); } ///////// Set the signature for signing. //////// function InitXML() { try { xmldoc = new ActiveXObject("Msxml2.DOMDOcument.5.0"); xmldsig= new ActiveXObject("Msxml2.MXDigitalSignature.5.0"); } catch (e) { alert("Installation of mxsml5 is required to run this app.\n"); return false; } xmldoc.async = false; xmldoc.preserveWhiteSpace = true; xmldoc.validateOnParse = false; xmldoc.resolveExternals = false; return true; } function LoadXML(file) { if (xmldoc == null) { alert("must instantiate xml dom\n"); return false; } if (!xmldoc.load(file)) { alert("Can’t load "+ file + "\n"); return false; } xmldoc.setProperty("SelectionNamespaces", DSIGNS); xmldsig.signature = xmldoc.selectSingleNode(".//ds:Signature"); return true; } function SignXML(fwWriteKeyInfo) { if (!xmldsig.signature) { alert("Invalid signature template\n"); return false; } var oKey = xmldsig.createKeyFromCSP(csp, "", key, 0); if (!oKey) { alert("Invalid key.\n"); return false; } var oSignedKey = xmldsig.sign(oKey,fwWriteKeyInfo); if (!oSignedKey) { alert("sign failed.\n"); return false; } alert("The specified data was signed successfully.\n"+ "Resultant signature:\n"+ xmldoc.xml + "\n"); return true; } Try It! Ensure that you have completed all the procedures in Getting Started with XML Digital Signatures. Copy the XML signature template from Resource Files, and paste it into a text file. Save the file as signature_template.sign.rsa.xml. Copy the JScript listing above, and paste it into a text file. Save the file as sign.js, in the same directory where you saved signature_template.sign.rsa.xml. From a command prompt, navigate to this directory, then type "cscript sign.js". Note Under operating systems other than Windows 2000 or Windows XP, you might need to install Windows Scripting Host (to run cscript.exe or wscript.exe), if it is not already installed. Verify that your output is the similar to that listed in the Output topic. | ||||
timda