none
Signing a word document - SignedInfo Hash Calculation RRS feed

  • Question

  • Hello, 

    I am working on an android application using Java. In my application I need to sign the docx file. I am following the open xml structure and I could unarchive the docx and calculate the hashes of all the required files. I have used a X509 certificate on the Windows version of Word and in android to confirm whether the values are both the same. Indeed they are exactly matching.

    But now when the time has to come to create the SignedInfo, the values generated by the code and the values generated by Word are different. I have tried many permutations, canonicalization etc but I am not able to calculate the hash of any of the Object elements of sig1.xml. 

    I would really appreciate if you can help me to achieve this task by telling us what values in the signature xml file we need to hash to calculate the signedinfo DigestValues.
    Friday, August 18, 2017 3:36 PM

All replies

  • Hello,

    I am working on an android application using Java. In my application I need to sign the docx file. I am following the open xml structure and I could unarchive docx and calculate hashes of all the required files. I have used a X509 certificate on Windows version of Word and in android to confirm whether the values are same. Indeed they are exactly matching.

    But now when time has to come to create SignedInfo the values generated by code and values generated by Word are different. I have tried many permutations, canonicalization etc but I am not able to calculate hash of any of the Object elements of sig1.xml.

    I would really appreciate if anyone can help me to achieve this task.

    Monday, August 14, 2017 3:29 PM
  • Hello,

    Do you use Open XML SDK to sign or create the signedinfo? I suggest you download Open XML SDK Tool and create two documents. One is signed and the other is not and then compare the two files using Open XML SDK Tool.

    E.g.

    using DocumentFormat.OpenXml.Packaging;
    
    namespace GeneratedCode
    {
        public class GeneratedClass
        {
            // Adds child parts and generates content of the specified part.
            public void CreateDigitalSignatureOriginPart(DigitalSignatureOriginPart part)
            {
                XmlSignaturePart xmlSignaturePart1 = part.AddNewPart<XmlSignaturePart>("rId1");
                GenerateXmlSignaturePart1Content(xmlSignaturePart1);
    
                GeneratePartContent(part);
    
            }
    
            // Generates content of xmlSignaturePart1.
            private void GenerateXmlSignaturePart1Content(XmlSignaturePart xmlSignaturePart1)
            {
                System.Xml.XmlTextWriter writer = new System.Xml.XmlTextWriter(xmlSignaturePart1.GetStream(System.IO.FileMode.Create), System.Text.Encoding.UTF8);
                writer.WriteRaw("<?xml version=\"1.0\" encoding=\"UTF-8\"?><Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\" Id=\"idPackageSignature\"><SignedInfo><CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/><SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"/><Reference Type=\"http://www.w3.org/2000/09/xmldsig#Object\" URI=\"#idPackageObject\"><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><DigestValue>zKiZFUOw62cXf4glzWVJxrLUviSmkXYtJdHpiZgaQYU=</DigestValue></Reference><Reference Type=\"http://www.w3.org/2000/09/xmldsig#Object\" URI=\"#idOfficeObject\"><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><DigestValue>ByMV32mhclcQ3YOWWGfwBcHGtAcx6lC8JiQWzZxhjsQ=</DigestValue></Reference><Reference Type=\"http://uri.etsi.org/01903#SignedProperties\" URI=\"#idSignedProperties\"><Transforms><Transform Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><DigestValue>tIZBcGdb45a2F1Cq026NNDNCS7FOZ9S6b0KVR4ZGv5k=</DigestValue></Reference></SignedInfo><SignatureValue>MbKmtXywDbbmd+KIxt1Olom5PyFCPvvHPVZuM+o6tPE6MEktPZR6kF8GOfh5JKNpahBENRG8GrDJ\r\nMdaEU+gBy6nErcxKl4XQa1jyxKuFwE2HXYEhIH+8oKZXKObKz6CraUTwPks+pKFaEPVuINDYBhTT\r\nD66lSDKiQFbThQP21sc=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIB3TCCAUagAwIBAgIQXI+LBMNaL4tCmemx8u8pUzANBgkqhkiG9w0BAQsFADAtMSswKQYDVQQDHiIAUwBVAEMAQwBVAEwARQBOAFQAXABjAGUAbABlAHMAdABlMB4XDTE2MDgyNTEwMDA1NVoXDTE3MDgyNTE2MDA1NVowLTErMCkGA1UEAx4iAFMAVQBDAEMAVQBMAEUATgBUAFwAYwBlAGwAZQBzAHQAZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtw8M98rm2S9Ie2ZaSZkvyeM+EAitKyaGmByhTbDcgNNzamkoFr+bqhwyFXkLXoDPY3rqL/DLLGikLcqUhCtLaZweGGluK5qstSzTKmVxWSkN1Z1v/O/kz1yYKS00CJDAw4PuQ4zaXPC54Z8DEUiGWNznVq3P3sjZwm2U5xLF8qsCAwEAATANBgkqhkiG9w0BAQsFAAOBgQCdmLmAb9TtOD2LwvUzzZKX3I3XL7uF2m5kdpj+c65RIrD5+oookOcY7p1zAYMJ6GiXlGTdGOObjN9EV7cPYDd9ZvBrDk05l0XIVUxfC5J8bke1l+Kxi4fyxqtbpqp6t9ClFeLHuv69IaboZ/lgnBu6VrLIyCs/M+hWjfhOg4z1jA==</X509Certificate></X509Data></KeyInfo><Object Id=\"idPackageObject\"><Manifest><Reference URI=\"/_rels/.rels?ContentType=application/vnd.openxmlformats-package.relationships+xml\"><Transforms><Transform Algorithm=\"http://schemas.openxmlformats.org/package/2006/RelationshipTransform\"><mdssi:RelationshipReference xmlns:mdssi=\"http://schemas.openxmlformats.org/package/2006/digital-signature\" SourceId=\"rId1\"/></Transform><Transform Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><DigestValue>Mq3mDDWudLiaQFa1psBgLG+/en7p7r8re0MtlxnuiUI=</DigestValue></Reference><Reference URI=\"/word/_rels/document.xml.rels?ContentType=application/vnd.openxmlformats-package.relationships+xml\"><Transforms><Transform Algorithm=\"http://schemas.openxmlformats.org/package/2006/RelationshipTransform\"><mdssi:RelationshipReference xmlns:mdssi=\"http://schemas.openxmlformats.org/package/2006/digital-signature\" SourceId=\"rId5\"/><mdssi:RelationshipReference xmlns:mdssi=\"http://schemas.openxmlformats.org/package/2006/digital-signature\" SourceId=\"rId4\"/><mdssi:RelationshipReference xmlns:mdssi=\"http://schemas.openxmlformats.org/package/2006/digital-signature\" SourceId=\"rId3\"/><mdssi:RelationshipReference xmlns:mdssi=\"http://schemas.openxmlformats.org/package/2006/digital-signature\" SourceId=\"rId2\"/><mdssi:RelationshipReference xmlns:mdssi=\"http://schemas.openxmlformats.org/package/2006/digital-signature\" SourceId=\"rId6\"/></Transform><Transform Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/></Transforms><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><DigestValue>G59MeXFoAJcdeqMJ9ypLktGMooL+jp8k/jI1F8/YcvU=</DigestValue></Reference><Reference URI=\"/word/document.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml\"><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><DigestValue>9N3gK383JiQASH5t9LckV4KHhsFMytO+laPVq+OmiVw=</DigestValue></Reference><Reference URI=\"/word/fontTable.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.fontTable+xml\"><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><DigestValue>jOzG33twUnToApbjKaLa+1/MTaXTrntKpvN11BnJvbM=</DigestValue></Reference><Reference URI=\"/word/settings.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml\"><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><DigestValue>41AK0311bs5JePFjei/orbqYNQk2Hgdro8+04K/cSRs=</DigestValue></Reference><Reference URI=\"/word/styles.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml\"><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><DigestValue>OleFKgAc4Qh6U0pEEhH5TMXCrDFa/cg/s5csFsYNH3o=</DigestValue></Reference><Reference URI=\"/word/theme/theme1.xml?ContentType=application/vnd.openxmlformats-officedocument.theme+xml\"><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><DigestValue>cKcNhElHcsGFXsbC+aFuD8bMQb2wzjdDVj7ZQ7Y+B7g=</DigestValue></Reference><Reference URI=\"/word/webSettings.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.webSettings+xml\"><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><DigestValue>Xg3hEfvJ+Z2rkGfrnNiD+pFqrxlY1D1O8Hz9BaIymlQ=</DigestValue></Reference></Manifest><SignatureProperties><SignatureProperty Id=\"idSignatureTime\" Target=\"#idPackageSignature\"><mdssi:SignatureTime xmlns:mdssi=\"http://schemas.openxmlformats.org/package/2006/digital-signature\"><mdssi:Format>YYYY-MM-DDThh:mm:ssTZD</mdssi:Format><mdssi:Value>2017-08-15T02:54:17Z</mdssi:Value></mdssi:SignatureTime></SignatureProperty></SignatureProperties></Object><Object Id=\"idOfficeObject\"><SignatureProperties><SignatureProperty Id=\"idOfficeV1Details\" Target=\"#idPackageSignature\"><SignatureInfoV1 xmlns=\"http://schemas.microsoft.com/office/2006/digsig\"><SetupID></SetupID><SignatureText></SignatureText><SignatureImage/><SignatureComments>TEST</SignatureComments><WindowsVersion>10.0</WindowsVersion><OfficeVersion>16.0</OfficeVersion><ApplicationVersion>16.0</ApplicationVersion><Monitors>1</Monitors><HorizontalResolution>1600</HorizontalResolution><VerticalResolution>900</VerticalResolution><ColorDepth>32</ColorDepth><SignatureProviderId>{00000000-0000-0000-0000-000000000000}</SignatureProviderId><SignatureProviderUrl></SignatureProviderUrl><SignatureProviderDetails>9</SignatureProviderDetails><SignatureType>1</SignatureType></SignatureInfoV1><SignatureInfoV2 xmlns=\"http://schemas.microsoft.com/office/2006/digsig\"><Address1></Address1><Address2></Address2></SignatureInfoV2></SignatureProperty></SignatureProperties></Object><Object><xd:QualifyingProperties xmlns:xd=\"http://uri.etsi.org/01903/v1.3.2#\" Target=\"#idPackageSignature\"><xd:SignedProperties Id=\"idSignedProperties\"><xd:SignedSignatureProperties><xd:SigningTime>2017-08-15T02:54:17Z</xd:SigningTime><xd:SigningCertificate><xd:Cert><xd:CertDigest><DigestMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"/><DigestValue>hnDlvaydpNu/i+LAIlZDO8dobuJ4QIWU+1NvFArDKIE=</DigestValue></xd:CertDigest><xd:IssuerSerial><X509IssuerName>CN=SUCCULENT\\celeste</X509IssuerName><X509SerialNumber>123034293695288903056325239537417529683</X509SerialNumber></xd:IssuerSerial></xd:Cert></xd:SigningCertificate><xd:SignaturePolicyIdentifier><xd:SignaturePolicyImplied/></xd:SignaturePolicyIdentifier><xd:SignatureProductionPlace><xd:City></xd:City><xd:StateOrProvince></xd:StateOrProvince><xd:PostalCode></xd:PostalCode><xd:CountryName></xd:CountryName></xd:SignatureProductionPlace><xd:SignerRole><xd:ClaimedRoles><xd:ClaimedRole>celeste</xd:ClaimedRole></xd:ClaimedRoles></xd:SignerRole></xd:SignedSignatureProperties><xd:SignedDataObjectProperties><xd:CommitmentTypeIndication><xd:CommitmentTypeId><xd:Identifier>http://uri.etsi.org/01903/v1.2.2#ProofOfOrigin</xd:Identifier><xd:Description>Created and approved this document</xd:Description></xd:CommitmentTypeId><xd:AllSignedDataObjects/><xd:CommitmentTypeQualifiers><xd:CommitmentTypeQualifier>TEST</xd:CommitmentTypeQualifier></xd:CommitmentTypeQualifiers></xd:CommitmentTypeIndication></xd:SignedDataObjectProperties></xd:SignedProperties></xd:QualifyingProperties></Object></Signature>");
                writer.Flush();
                writer.Close();
            }
    
            // Generates content of part.
            private void GeneratePartContent(DigitalSignatureOriginPart part)
            {
                System.IO.Stream data = GetBinaryDataStream(partData);
                part.FeedData(data);
                data.Close();
            }
    
            #region Binary Data
            private string partData = "";
    
            private System.IO.Stream GetBinaryDataStream(string base64String)
            {
                return new System.IO.MemoryStream(System.Convert.FromBase64String(base64String));
            }
    
            #endregion
    
        }
    }
    
     

    You could also use the tool to compare your document signed by code with document signed by Word to check the difference.

    Regards,

    Celeste


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, August 15, 2017 3:00 AM
    Moderator
  • No. I can not use Open XML SDK as I am working on Android application and and the SDK is missing on that platform. I am using plain Java to create the required files with required structure.

    I am stuck at a point where I need to calculate the hashes of all Object elements in the sig1.xml and I am getting no clue for doing it.

    Also I can not use the javax packages for xml digsig as those packages are missing on android platform. And after completing this on android I need to repeat the same story on iOS platform as well. I am really interested in knowing the logic behind calculating the hashes of Object elements. 

    • Edited by pythoncpp Tuesday, August 15, 2017 3:09 PM
    Tuesday, August 15, 2017 3:06 PM
  • Hello,

    This forum is for issues when using Open XML SDK. Sorry that your question is out of scope. You may post on android forum or java forum for the issue.

    Besides, the following articles might be helpful.

    Understanding XML Digital Signature

    XML Signature Syntax and Processing

    The Digital Signing Framework of the Open Packaging Conventions

    You could download ECMA-376-2 from http://www.ecma-international.org/publications/standards/Ecma-376.htm to get information about digital signatures in Open XML format files. If you have any questions about Open XML format or Open Specifications, you may post on the forum listed in https://msdn.microsoft.com/zh-cn/openspecifications/cc816063?f=255&MSPPError=-2147217396

    Regards,

    Celeste


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, August 16, 2017 2:42 AM
    Moderator
  • Hello, 

    I am working on an android application using Java. In my application I need to sign the docx file. I am following the open xml structure and I could unarchive the docx and calculate the hashes of all the required files. I have used a X509 certificate on the Windows version of Word and in android to confirm whether the values are both the same. Indeed they are exactly matching.<u1:p></u1:p>

    But now when the time has to come to create the SignedInfo, the values generated by the code and the values generated by Word are different. I have tried many permutations, canonicalization etc but I am not able to calculate the hash of any of the Object elements of sig1.xml. 

    I would really appreciate if you can help me to achieve this task by telling us what values in the signature xml file we need to hash to calculate the signedinfo DigestValues.

    Friday, August 18, 2017 2:47 PM
  • Hello,

    Word Object Model and Open XML library could not help for your requirement. Your issue is out of scope. You may post on android forum or java forum for the issue.

    Regards,

    Celeste


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, August 21, 2017 3:35 AM
    Moderator