Unsolved XML Digital Signature Verification RSA-SHA256
-
I am trying to implement XML digital signature verification inside a Qt application, but i am not able to find a solution for it. Does Qt has inbuilt libraries for this purpose?(I tried but not able to find anything that is useful for the purpose like QSslSocket, QSslKey, QSslCertificate, etc.).
I also tried to use other external libraries like xmlsec but I don't know how exactly to use it. Could some one please guide me in this?
The XML file looks something like this:
<UAPermission lastUpdated="" permissionArtifactId="" ttl="" txnId=""><Permission><Owner operatorId=""><Pilot uaplNo="" validTo=""/></Owner><FlightDetails><UADetails uinNo="Dx0001"/><FlightPurpose frequency="" shortDesc="Provisional test"/><PayloadDetails payloadDetails="Not specified" payloadWeight="Not specified"/><FlightParameters flightEndTime="2020-10-13T21:57:38.869657+05:30" flightStartTime="2020-10-13T20:57:38.869657+05:30" frequenciesUsed=""><Coordinates><Coordinate latitude="12.934158" longitude="77.609316"/><Coordinate latitude="12.934796" longitude="77.609852"/><Coordinate latitude="12.934183" longitude="77.610646"/><Coordinate latitude="12.933551" longitude="77.6101"/><Coordinate latitude="12.934158" longitude="77.609316"/></Coordinates></FlightParameters></FlightDetails></Permission><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>3AA68X5DBRYsDoA5GkoycYvABXEQO+udWnvWQ=</DigestValue></Reference></SignedInfo><SignatureValue>SInWyV9Tnw1Pl71/1GT6VR20wQ2mOJvpnnqRbU8Z6HmXV5tkCmm9R5hbJJmi+3jss+LvGc84IH7cI7DJjnqfgH75F0jDRBMza8s2oR+fO15BV/L5bTgZtLi2UfmbFOf2LEe+gRfj/nO1uRzckfcvr7xzqpn5jVhfTDE7embs45330xlmGFd9uOx0ZrjXeaT+s7+Ju5YdWNzFi/D+r0VKAo4ssMjAx0Tz5y/v4MlnDMg/htuP27XR8ilXZzoiE6QgmQO/431TUYj3ro0gmziH8v5Aav3nhec525mSQP+IUBvMamgH8Q4I8J2+UOKt7Ct/beMOHg4zvUgg==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIC8TCCAdmgAwIBAgIJAJRDnqfLydHvMA0GCSqGSIb3DQEBCwUAMA8xDTALBgNV
BAMMBHRlc3QwHhcNMTkwMzI2MDcxMTQzWhcNMjkwMzIzMDcxMTQzWjAPMQ0wCwYD
VQQDDAR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq51cjR/m
cgd0nWO33O3SM84yu3DRdaG8OMYSqzPixY5R+D8niOTVLZvOtaFROSneP1JmUAca
Bn5sFhsFxgpJX8O6ee0m9PqLL+LKjexEs5dZ85IG8GqF+UJABaKfBeTPOgI5NAwo
yZPBphzxsra1fH2OV2roaCf4ErMnYluuyeyVfFlHTVgC5+VX2wvO+o6pYUuzdNq
CvgYwZrMEDCXm+08iZk/qpLgqgUCQTs8qGu/Y0d/EqwGmv9xN8tyxX+IbaeQM7uz
tN8PbMf8wY40OqdgNmgaVmMR4mfAO2XJiryR5Y8JACDGf3dhmcDrdtfmNjaHR109
o2/wUPhSdWB/3QIDAQABo1AwTjAdBgNVHQ4EFgQUR4p2KJJXG5cZ8STI66RG6l2o
7yowHwYDVR0jBBgwFoAUR4p2KJJXG5cZ8STI66RG6l2o7yowDAYDVR0TBAUwAwEB
/zANBgkqhkiG9w0BAQsFAAOCAQEAV3uurlHMtyopefBpdGj59eLWCrpRYJLKbDtL
FCj+tY1/uiwogUMNsEEHEBeEdwM+PIPuzWZ4tSYQ+SvdCCt4/6e9x+c2/1mZKhnR
zL/s9o70RyWZXQO+Dz43B5aIIy/qARUhLxU2NVL42q90pInIh/ltT02IVkcibwDn
sM4XJhsSyvQlRyYXdPzDeBjEOVYFpafLbC/7a5FBuNwfNKEMWhOj6AELnC8fWb3m
aNevhjSH5amGU2XrUp6yIdWUL2HuW7ReSer93Lg6iYbQsC+r2kH
pNcpntHJLsd9E1cwzWCJiEM9zK4GXqKV/QDUdPC6FYfEf+ti9A==
</X509Certificate></X509Data></KeyInfo></Signature></UAPermission> -
No, Qt has no support for such kind of things.
-
@saikop said in XML Digital Signature Verification RSA-SHA256:
I also tried to use other external libraries like xmlsec
What have you attempted so far with such library and Qt?
Have you checked the documentation about using external libraries with Qt?
-
I stumbled upon this topic while looking for a similar solution. Since it didn't exist, we created it:
https://github.com/planed-es/QXmlSec
It uses
xmlsec-openssl
to verify or generate XML digital signature usingQSslKey
(and we also have our own types, asQSslKey
doesn't support all the formats supported by xmlsec) andQDomDocument
. I sure hope this will be helpful for other developers !