I am trying to sign a XML document in a way that gets the same signature as the one produced in the Python code bellow, which I’ve verified is accepted by the web service I need to interface with.
The Elixir code I’m using produces an XML that’s identical to the output from the Python code, with the exception of the signature value.
The standards employed are
- XML enveloped signature
- RSA signature algorithm
- sha256 digest algorithm (with c14n canonicalization)
Isolating just the signature generation, where the issue seems to be, I’ve tried these two alternatives:
def get_signature(xml_string, :erlang) do
{:ok, pem_contents} = File.read("privatekey_pkcs8.pem")
[pem_entry] = :public_key.pem_decode(pem_contents)
{:RSAPrivateKey, :"two-prime", n, e, d, p, q, dp, dq, qinv, _asn1} =
:public_key.pem_entry_decode(pem_entry)
private_key = [e, n, d, p, q, dp, dq, qinv]
:crypto.sign(:rsa, :sha256, xml_string, private_key)
|> Base.encode64()
end
def get_signature(xml_string, :ex_public_key) do
{:ok, private_key} = ExPublicKey.load("rsa_privatekey.pem")
ExPublicKey.sign(xml_string, private_key)
~>> Base.encode64()
end
The .pem
files were generated with:
openssl pkcs12 -in cert_file.p12 -nocerts -out privatekey.pem -nodes
openssl pkcs8 -topk8 -inform PEM -outform PEM -in privatekey.pem -out privatekey_pkcs8.pem -nocrypt
openssl rsa -in privatekey.pem -out rsa_privatekey.pem
Here is the python code that produces an enveloped xml:
def sign(xml_file, cert_file_p12, password):
xml = load_fromfile(xml_file)
cert_data = pkcs12_data(cert_file_p12, password)
signer = signxml.XMLSigner(
method=signxml.methods.enveloped,
signature_algorithm='rsa-sha256',
digest_algorithm='sha256',
c14n_algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315'
)
xml_root = None
if not isinstance(xml, etree._ElementTree):
xml = load_fromfile(xml)
xml_root = xml.getroot()
signed_root = signer.sign(xml_root, key=cert_data['key_str'], cert=cert_data['cert_str'])
return etree.ElementTree(signed_root)
def pkcs12_data(cert_file_p12, password):
password = password.encode('utf-8')
with open(cert_file_p12, 'rb') as fp:
content_pkcs12 = pkcs12.load_pkcs12(fp.read(), password)
pkey = content_pkcs12.key
cert_X509 = content_pkcs12.cert.certificate
key_str = pkey.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption()
)
cert_str = cert_X509.public_bytes(encoding=serialization.Encoding.PEM)
return {
'key_str': key_str,
'cert_str': cert_str
}
Things I’ve already tryied and tested
- Generated a separate digest and passed it to
:crypto.sign
as{:digest, digest_value}
, but the results remained unchanged. - I compared the digest with the one generated by the Python code, and they are identical. This confirms that the signed document and the results of the canonicalization process are consistent.
- Verified the padding scheme used by
signxml
: it’s PKCS#1 v1.5. This is also the default for:crypto.sign
. Additionally, I explicitly set it using the option[{:rsa_padding, :rsa_pkcs1_padding}]
. - Updated both Elixir and Erlang to their latest versions (Elixir 1.15.4-otp-26).
- Checked the Python
key_str
, and it matches the value inprivatekey_pkcs8.pem
.
I’m unsure of what other approaches to take, aside from resorting to calling signxml
from the shell, which I’d prefer not to do. Any insights or suggestions would be highly appreciated.