KalkanCryptCOMLib.dll ошибка верификации подписи SignWSSE

При подписывании методом SignWSSE, метод VerifyXML возвращает ошибку
прилогаю подписанную xml
<?xml version="1.0" encoding="UTF-8"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="sig-b3097ad0-8e82-47a9-a258-b13cce2a1923"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap"/> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gost34310-gost34311"/> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gost34311"/> <ds:DigestValue>/3nRYdgL/fHhcZ2AwG44CWpa/lGtrHryxzTEW2/MF7Y=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>DZ5aBwey9l3LW4kxrKl9oft3TSCV3PPNYpbkjQetOM0uMAVlRsouR5h5zNu9xffZ 3jp6+HszfjgMydmbph7S+Q==</ds:SignatureValue> <ds:KeyInfo Id="ki-b3097ad0-8e82-47a9-a258-b13cce2a1924"><wsse:SecurityTokenReference wsu:Id="str-b3097ad0-8e82-47a9-a258-b13cce2a1925"><wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">MIIEtzCCBGGgAwIBAgIUNOdUWjuo7hZjVt1UY3D9IvdSuXkwDQYJKoMOAwoBAQEC BQAwUzELMAkGA1UEBhMCS1oxRDBCBgNVBAMMO9Kw0JvQotCi0KvSmiDQmtCj05jQ m9CQ0J3QlNCr0KDQo9Co0Ksg0J7QoNCi0JDQm9Cr0pogKEdPU1QpMB4XDTIxMDUx NDExMzE1N1oXDTIyMDUxNDExMzE1N1owggFhMSIwIAYDVQQDDBnQotCj0KHQo9Cf 0J7QkiDQodCV0KDQmNCaMRcwFQYDVQQEDA7QotCj0KHQo9Cf0J7QkjEYMBYGA1UE BRMPSUlOODAwNzA3MzAxMjk3MQswCQYDVQQGEwJLWjGBnTCBmgYDVQQKDIGS0JPQ ntCh0KPQlNCQ0KDQodCi0JLQldCd0J3QntCVINCj0KfQoNCV0JbQlNCV0J3QmNCV ICLQnNCY0J3QmNCh0KLQldCg0KHQotCS0J4g0JLQndCj0KLQoNCV0J3QndCY0KUg 0JTQldCbINCg0JXQodCf0KPQkdCb0JjQmtCYINCa0JDQl9CQ0KXQodCi0JDQnSIx GDAWBgNVBAsMD0JJTjk2MDM0MDAwMDUxNDEdMBsGA1UEKgwU0JDQnNCQ0J3QotCQ 0JXQktCY0KcxIjAgBgkqhkiG9w0BCQEWE0dPU1pBS1VQTVZEQE1BSUwuS1owbDAl Bgkqgw4DCgEBAQEwGAYKKoMOAwoBAQEBAQYKKoMOAwoBAwEBAANDAARAVpbe+H2E Ssa32HDVLxEXmEdl/a4HqEtN7CxIPbeZR0TQDBDQd2rHeKa/SEqPj9JRcFT0vhCI CAy3GtnOEc88l6OCAeswggHnMA4GA1UdDwEB/wQEAwIGwDAoBgNVHSUEITAfBggr BgEFBQcDBAYIKoMOAwMEAQIGCSqDDgMDBAECAjAPBgNVHSMECDAGgARbanPpMB0G A1UdDgQWBBT6Hz+tyBfS10PjYb9eRSkaz3dSdDBeBgNVHSAEVzBVMFMGByqDDgMD AgEwSDAhBggrBgEFBQcCARYVaHR0cDovL3BraS5nb3Yua3ovY3BzMCMGCCsGAQUF BwICMBcMFWh0dHA6Ly9wa2kuZ292Lmt6L2NwczBYBgNVHR8EUTBPME2gS6BJhiJo dHRwOi8vY3JsLnBraS5nb3Yua3ovbmNhX2dvc3QuY3JshiNodHRwOi8vY3JsMS5w a2kuZ292Lmt6L25jYV9nb3N0LmNybDBcBgNVHS4EVTBTMFGgT6BNhiRodHRwOi8v Y3JsLnBraS5nb3Yua3ovbmNhX2RfZ29zdC5jcmyGJWh0dHA6Ly9jcmwxLnBraS5n b3Yua3ovbmNhX2RfZ29zdC5jcmwwYwYIKwYBBQUHAQEEVzBVMC8GCCsGAQUFBzAC hiNodHRwOi8vcGtpLmdvdi5rei9jZXJ0L25jYV9nb3N0LmNlcjAiBggrBgEFBQcw AYYWaHR0cDovL29jc3AucGtpLmdvdi5rejANBgkqgw4DCgEBAQIFAANBADnNRE9L JwAMDIGSf2/Ygj7DoY8YOFkfaZdD4A1oRO55p5p5dGSRCHWclcCVQ3WSQPNeoUhT Cxw57BYRXxb6KLE=</wsse:KeyIdentifier></wsse:SecurityTokenReference></ds:KeyInfo> </ds:Signature></wsse:Security></SOAP-ENV:Header> <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> </SOAP-ENV:Header> <soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-BEFF7CB55C69AB1BB514762482966309"> <ns2:SendMessage xmlns:ns2="http://bip.bee.kz/SyncChannel/v10/Types"> <request> <requestInfo> <messageId>1544911984184</messageId> <serviceId>CERTIFICATE</serviceId> <messageDate>2016-10-05T14:46:31.169+06:00</messageDate> <routeId>159</routeId> <sender> <senderId>pep</senderId> <password>******</password> </sender> <sessionId>9b569176-73a2-4168-aab2-0bc0baee0314</sessionId> </requestInfo> <requestData> <data>1 </data> </requestData> </request> </ns2:SendMessage> </soap:Body> </soap:Envelope>

и ошибку верификации:
`XMLSec Initialize - OK.

XML parse doc - OK.

XMLSec verify xml - found 1 sign(s).

XMLSec load trusted certificates - OK.

ERROR 0x0c: XMLSec-error:
func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=280:obj=gost34311:subj=unknown:error=12:invalid data:data and digest do not match

Signature N 1

  • verify error.

ERROR 0x8f00023: XMLSec verify xml - FAILED.
`

Подскажите, где может быть ошибка?

Добрый день!
При подписании методом SignWSSE() необходимо указывать id тега, который подписываете, в переменной signNodeId.

В высланном примере необходимо указать:
signNodeId = “id-BEFF7CB55C69AB1BB514762482966309”;

1 Симпатия

Спасибо, заработало.