问题描述

我正在尝试验证具有数字签名的MS Word * .docx文件.为了进行验证，我必须计算引用节点的摘要，并检查它是否与签名(sig1.xml)中给出的摘要相同.我找不到有关ti如何执行关系转换以计算摘要的信息.

I'm trying to validate a MS Word *.docx file with digital signature. In order to do validation, i have to calculate digest of referenced nodes and to check if it is same as one given in the signature (sig1.xml). I can't find info about how ti implement relationship transformation in order to calculate that digest.

签名XML(sig1.xml)的部分如下:

the part of signature XML (sig1.xml) is as follows:

<Object Id="idPackageObject" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature">
<Manifest><Reference URI="/_rels/.rels?ContentType=application/vnd.openxmlformats-package.relationships+xml">
<Transforms><Transform Algorithm="http://schemas.openxmlformats.org/package/2006/RelationshipTransform">
<mdssi:RelationshipReference SourceId="rId1"/></Transform>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>1vWU/YTF/7t6ZjnE44gAFTbZvvA=</DigestValue>....(next ref node ....)..
<Reference URI="/word/document.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>s2yQEJrQSfC0YoRe1hvm+IGBpJQ=</DigestValue></Reference>.....More Reference Nodes.....

/_ rels/.rels文件本身:

/_rels/.rels file himself:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
<Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="docProps/app.xml"/>
<Relationship Id="rId2" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="docProps/core.xml"/>
<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="word/document.xml"/>
<Relationship Id="rId4" Type="http://schemas.openxmlformats.org/package/2006/relationships/digital-signature/origin" Target="_xmlsignatures/origin.sigs"/>
</Relationships>

所以我需要计算/_rels/.rels的SHA1，但是在计算之前，我必须应用关系变换和C14N.

So i need to calculate SHA1 of /_rels/.rels, but before calculation i must apply relationship transform and C14N.

当我正在计算不带关系变换的节点的摘要时(例如:此节点)

When i'm calculating digest of node with no relationship transform(of this node, for example:)

<Reference URI="/word/document.xml?ContentType=application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>s2yQEJrQSfC0YoRe1hvm+IGBpJQ=</DigestValue>
</Reference>

一切都很好，只要对引用的URI(在这种情况下为/word/document.xml)进行SHA1处理，就可以得到与给定int签名节点相同的哈希值.但是，当涉及到具有关系转换的节点时，计算永远不会给出与签名中所述相同的值.

everything is fine, just doing SHA1 of referred URI(/word/document.xml in this case) gives me same hash as one given int the signature node. But when it comes to node with relationship transform - calculations never gives same value as stated in the signature.

一般来说，我的问题是在哪里可以找到有关此关系转换的信息以及如何实现它?

My Question in general is where to find info about this relationship transform and how to implement it ?

谢谢

乔治

推荐答案

有关转换以及这种情况下的关系转换的主要信息源可以在ECMA的" Office Open XML文件格式—开放包装约定"中找到. "文件.链接此处.

The main source of information on transforms, and relationship transforms in this case, can be found in ECMA's "Office Open XML File Formats — Open Packaging Conventions" paper. Link here.

重要部分是13.2.4.24.

The section of importance is 13.2.4.24.

Relationship Transform应该创建.rels文件的副本，在这种情况下为"/_rels/.rels"，并删除所有与 SourceId Relationship 节点. >.该文件是最终经过哈希处理并创建摘要的文件.

Relationship Transform should create a copy of the .rels file, in this case "/_rels/.rels" and remove all Relationship nodes that don't match with SourceId. This file is what is eventually hashed and creates the digest.

在第3步准备规范化"中也指出:

Under step 3, "Prepare for canonicalization" it also states:

因为我们要在同一包中的文件之间创建关系，所以我们将其值为"内部".您需要先添加此属性，然后再对其进行哈希处理.

Because we are creating a relationship between files in the same package, we have the value of "Internal". You need to add this attribute before you hash it.

因此在转换和c14n之后，您应该具有:

So after the transform and c14n, you should have:

<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Target="word/document.xml" TargetMode="Internal" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument"></Relationship></Relationships>

注意::如果您使用的是Unix系统，请注意换行符，OPC使用CRLF而不是LF.

NOTE: If you are using a unix system, be aware of linebreaks, the OPC uses CRLF not LF.

这篇关于XML关系转换算法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！