none
XAdES signature in Office Documents RRS feed

  • Question

  • Hi,

    I am trying to implement XAdES signature standard to OOXML documents like it is in Office 2010 and above.

    I know that in .NET are some libs, that already works with XAdES (Microsoft.Xades.dll), but no one can support OOXML. So I decided to implement it in C# on my own. This signature must be valid in Office and there is the problem:

    If I create the Manifest part of signature and compute hash from some package part, it is without any problem. My result is the same as in signature made with Office. But if I want to compute hast for rels part (still in Manifest), I cant make the same results like with Office.

    I know from ECMA specification there should be two transformations: Relationships Transform and C14N Transfrom. The first one should choose the elements that should be in final signature

    Example of .rels:

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="R1a8dddcde47042c2" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="/docProps/app.xml"/><Relationship Id="R70ae729cc01b445d" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="/docProps/core.xml"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/package/2006/relationships/digital-signature/origin" Target="_xmlsignatures/origin.sigs"/><Relationship Id="Raa48e93ceeff48a0" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="/word/document.xml"/></Relationships>

    My result after Relationship Transform:

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
      <Relationship Id="Raa48e93ceeff48a0" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="/word/document.xml" />
    </Relationships>

    And than after C14N Transform (I am using System.Security.Cryptography.Xml.XmlDsigC14NTransform):

    <Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
      <Relationship Id="Raa48e93ceeff48a0" Target="/word/document.xml" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument">
      </Relationship>
    </Relationships>

    But hashing of this makes other result than in Office. Does anyone know how exactly is transforming and hashing these parts in Office while XAdES signing or validating done?

    Thanks a lot!

    • Moved by Forrest Guo Tuesday, March 19, 2013 12:58 PM Not a Office dev question
    Saturday, March 16, 2013 12:54 PM

Answers

  • Hi j.rabusic, please take a look at the MS-OFFCRYPTO document. Section 2.5 discusses digital signatures and section 2.5.2.6 addresses XAdES specifically.

     

    Please let me know if you have any other questions related to the protocol documentation. Please note that XAdES is not a Microsoft standard. Any questions specific to that should be directed to a more appropriate forum.


    Josh Curry (jcurry) | Escalation Engineer | Open Specifications Support Team

    Friday, March 22, 2013 6:00 PM
    Moderator

All replies

  • Hi J.rabusic,

    Thank you for posting in the MSDN Forum.

    I'll consult with my colleague on your issue. You'll be informed if there's any update.

    Thank you for your patience and understanding.

    Best regards,


    Quist Zhang [MSFT]
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, March 19, 2013 7:38 AM
  • Hi j.rabusic,

    Thanks for your question.

    Someone from our team will get in touch with you shortly.

    Regards,


    SEBASTIAN CANEVARI - MSFT Escalation Engineer Protocol Documentation Team

    Tuesday, March 19, 2013 5:38 PM
  • Hi j.rabusic, I am the engineer who will be working with you on this issue. I am currently researching the problem and will provide you with an update soon. Thank you for your patience.

    Josh Curry (jcurry) | Escalation Engineer | Open Specifications Support Team

    Wednesday, March 20, 2013 7:17 PM
    Moderator
  • Hi j.rabusic, please take a look at the MS-OFFCRYPTO document. Section 2.5 discusses digital signatures and section 2.5.2.6 addresses XAdES specifically.

     

    Please let me know if you have any other questions related to the protocol documentation. Please note that XAdES is not a Microsoft standard. Any questions specific to that should be directed to a more appropriate forum.


    Josh Curry (jcurry) | Escalation Engineer | Open Specifications Support Team

    Friday, March 22, 2013 6:00 PM
    Moderator