Signing

Annex A: Example LTV-SDO

356 views August 17, 2017 September 12, 2017 4

The following is an example LTV-SDO, included to illustrate the format in use.

Note that several values are shortened for readability, and that the formats of identifiers, log entries and similar may be different in a real-world application.

<?xml version="1.0" encoding="UTF-8"?>
<ltv:LtvSdo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
            xmlns:ltv="https://id.signicat.com/definitions/xsd/LtvSdo-1.0"
            xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="root">
    <ltv:Description>
        <ltv:SignerDescription>
            <ltv:SignerDisplayName>Pseudonym</ltv:SignerDisplayName>
            <ltv:SignerUniqueId>9208-2002-2-207175795269</ltv:SignerUniqueId>
            <ltv:SignerNationalId>1112703751</ltv:SignerNationalId>
            <ltv:SignerNationality>DK</ltv:SignerNationality>
            <ltv:SignerNationalIdType>CPR</ltv:SignerNationalIdType>
            <ltv:Attribute Name="unique-id" NameSpace="nemid">9208-2002-2-
                207175795269
            </ltv:Attribute>
            <ltv:Attribute Name="subject-dn" NameSpace="nemid">
                CN=Pseudonym+serialnumber=PID:9208-2002-2-207175795269,O=Ingen
                organisatorisk tilknytning,C=DK
            </ltv:Attribute>
            <ltv:Attribute Name="cpr" NameSpace="nemid">1112703751</ltv:Attribute>
            <ltv:Attribute Name="serialnumber"
                           NameSpace="nemid">1275249435
            </ltv:Attribute>
            <ltv:Attribute Name="issuer-dn" NameSpace="nemid">CN=TRUST2408 Systemtest
                VIII CA, O=TRUST2408, C=DK
            </ltv:Attribute>
        </ltv:SignerDescription>
        <ltv:DocumentDescription>
            <ltv:DocumentMimeType>application/pdf</ltv:DocumentMimeType>
            <ltv:DocumentTitle>Aksept</ltv:DocumentTitle>
            <ltv:DocumentDigest alg="http://www.w3.org/2001/04/xmlenc#sha256">
                DTEifuOt60mWYy8WaS00THvM3VizLZMu5ysGMhnw3R4=
            </ltv:DocumentDigest>
        </ltv:DocumentDescription>
        <ltv:SignatureDescription>
            <ltv:SignatureTypeFriendlyName>NemID</ltv:SignatureTypeFriendlyName>
            <ltv:SignatureFormatFriendlyName>XML
                Signature
            </ltv:SignatureFormatFriendlyName>
            <xades:SigningTime>2013-02-23T12:03:34.000+01:00</xades:SigningTime>
        </ltv:SignatureDescription>
    </ltv:Description>

    <ltv:PackagingPolicyIdentifier>urn:signicat:packagingpolicy:ltv:nemid:1.0:1.0
    </ltv:Packag
            ingPolicyIdentifier>
    <ltv:NativeSignature>
        <ltv:NativeSdo Format="urn:ksi:names:SAML:2.0:df:xmldsig"
                       MimeType="application/x-xml-dsig" Version="1.0">
            PD94bWwgdmVyc2lvbj0iMS4(...)uYXR1cmU+
        </ltv:NativeSdo>
        <ltv:NativeSignatureQualifyingProperties>
            <xades:SigningTime>2013-02-23T12:04:05.411+01:00</xades:SigningTime>
            <xades:RevocationValues>
                <xades:CRLValues>

                    <xades:EncapsulatedCRLValue>MIICy(...)nE5ixI0bdO9An5mTw==</xades:EncapsulatedCRLValue>
                </xades:CRLValues>
                <xades:OCSPValues>

                    <xades:EncapsulatedOCSPValue>MIIHSzCB(...)YZmftsPRI/WSvvPw=</xades:EncapsulatedOCSPValue>
                </xades:OCSPValues>
            </xades:RevocationValues>
        </ltv:NativeSignatureQualifyingProperties>
    </ltv:NativeSignature>
    <ltv:AdditionalInfo>
        <ltv:SignerAttributes>
            <ltv:Attribute Name="pidCprReply"
                           NameSpace="nemid">PHNv(...)W52ZWxvcGU+
            </ltv:Attribute>
        </ltv:SignerAttributes>
    </ltv:AdditionalInfo>
    <ltv:SignatureContext>
        <ltv:SignatureCreationContext Type="nemid">
            <ltv:Component Name="server-os" Version="Linux-2.6.18-164.2.1.el5"/>
            <ltv:Component Name="DocumentViewerModule" Version="1.3.9"/>
            <ltv:Component Name="server-java" Version="Sun Microsystems Inc.-1.6.0_37"/>
            <ltv:Component Name="DocumentProviderModule" Version="1.3.9"/>
            <ltv:Component Name="NemIdModule" Version="2.4.4-SNAPSHOT"/>
            <ltv:Component Name="user-agent"
                           Version="Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:19.0)
Gecko/20100101 Firefox/19.0"/>
            <ltv:Component Name="DetectorModule" Version="2.2.4"/>
            <ltv:Component Name="Signicat Services Portal" Version="1.16.0"/>
            <ltv:Component Name="client-java" Version="1.7.0_15"/>
        </ltv:SignatureCreationContext>
        <ltv:SignatureVerificationContext Type="nemid">
            <ltv:Component Name="server-os" Version="Linux-2.6.18-164.2.1.el5"/>
            <ltv:Component Name="ooapi" Version="ooapi-signicat-custom-1.81.3.V4.jar"/>
            <ltv:Component Name="server-java" Version="Sun Microsystems Inc.-1.6.0_37"/>
            <ltv:Component Name="NemIdModule" Version="2.4.4-SNAPSHOT"/>
            <ltv:Component Name="Signicat Services Portal" Version="1.16.0"/>
        </ltv:SignatureVerificationContext>
        <ltv:ExternalContext>
            <ltv:ExternalReference>This is the external reference</ltv:ExternalReference>
        </ltv:ExternalContext>
    </ltv:SignatureContext>
    <ltv:AuditTrails>
        <ltv:SignatureCreationAuditTrail>
            (omitted)
        </ltv:SignatureCreationAuditTrail>
        <ltv:SignatureVerificationAuditTrail>
            (omitted)
        </ltv:SignatureVerificationAuditTrail>
    </ltv:AuditTrails>
    <ds:Signature Id="xmldsig-c00c04bd-00cc-4dd5-ab26-a5316f308424"
                  xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-
20010315"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsasha256"/>
            <ds:Reference Id="xmldsig-c00c04bd-00cc-4dd5-ab26-a5316f308424-ref0"
                          URI="#root">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#envelopedsignature"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

                <ds:DigestValue>UUT0MEhhOvQ2HsANGbgO3+HgANuAqfEh/7MA5+jUsLQ=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference Type="http://uri.etsi.org/01903#SignedProperties"
                          URI="#xmldsig-c00c04bd-00cc-4dd5-ab26-a5316f308424-
signedprops">
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

                <ds:DigestValue>gtpFIa2Y2zBTJIPQNaf3KS8ewAprCFxYcwFowZh98fY=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue Id="xmldsig-c00c04bd-00cc-4dd5-ab26-a5316f308424-sigvalue">
            ThUoeVI(...)0TseMWT/9g==
        </ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>
                    MIIEm(...)jwcek=
                </ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
        <ds:Object>
            <xades:QualifyingProperties
                    xmlns:xades141="http://uri.etsi.org/01903/v1.4.1#"
                    Target="#xmldsig-c00c04bd-00cc-4dd5-ab26-
a5316f308424"
                    xmlns:xades="http://uri.etsi.org/01903/v1.3.2#">
                <xades:SignedProperties Id="xmldsig-c00c04bd-00cc-4dd5-ab26-a5316f308424-
signedprops">
                    <xades:SignedSignatureProperties>
                        <xades:SigningTime>2013-02-
                            23T12:04:05.795+01:00
                        </xades:SigningTime>
                        <xades:SigningCertificate>
                            <xades:Cert>
                                <xades:CertDigest>
                                    <ds:DigestMethod
                                            Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

                                    <ds:DigestValue>BNefJx2p3KXrapT9vjuviJ7BwNdUFID2mKp36R5UV5c=</ds:DigestValue>
                                </xades:CertDigest>
                                <xades:IssuerSerial>
                                    <ds:X509IssuerName>CN=Buypass Class 3 Test4 CA
                                        1,O=Buypass,C=NO
                                    </ds:X509IssuerName>

                                    <ds:X509SerialNumber>269856267150500156063753</ds:X509SerialNumber>
                                </xades:IssuerSerial>
                            </xades:Cert>
                            <xades:Cert>
                                <xades:CertDigest>
                                    <ds:DigestMethod
                                            Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>

                                    <ds:DigestValue>+lWn7dbCYHG8ZOw/PiDdjw18toH/4vmjrLgTYgY3Cj8=</ds:DigestValue>
                                </xades:CertDigest>
                                <xades:IssuerSerial>
                                    <ds:X509IssuerName>CN=Buypass Class 3 Test4 CA
                                        1,O=Buypass,C=NO
                                    </ds:X509IssuerName>
                                    <ds:X509SerialNumber>1</ds:X509SerialNumber>
                                </xades:IssuerSerial>
                            </xades:Cert>
                        </xades:SigningCertificate>
                    </xades:SignedSignatureProperties>
                </xades:SignedProperties>
                <xades:UnsignedProperties>
                    <xades:UnsignedSignatureProperties>
                        <xades:CertificateValues>

                            <xades:EncapsulatedX509Certificate>MIIDQTCC(...)8iu3q</xades:EncapsulatedX509Certificate>
                        </xades:CertificateValues>
                        <xades:RevocationValues>
                            <xades:OCSPValues>

                                <xades:EncapsulatedOCSPValue>MIICDQoBAK(...)VJcUTg==</xades:EncapsulatedOCSPValue>
                            </xades:OCSPValues>
                        </xades:RevocationValues>
                    </xades:UnsignedSignatureProperties>
                </xades:UnsignedProperties>
            </xades:QualifyingProperties>
        </ds:Object>
    </ds:Signature>
</ltv:LtvSdo>

Was this helpful?