Hello all,
We are trying to achieve a reception of fax documents (TIFF) followed verification for the Identity of the Signer and the validity of data (tampering) using Verify XML Signature.
As far as the indentity goes we're through and able to get the status as TRUSTED or UNKNOWN. However we've hit a road block looking to verify if the data has been tampered. We're expecting to get the status (signatureStatus) as VALIDANDMODIFIED, VALIDANDNOTMODIFIED, etc. but we only get false.
I would like to highlight that the above works fine with PDF Signature verification, in which case we input the PDF file too. This might give the LC service a reference to verify the status of the data. While for XML signature verification we just input what is a "XML Document". I believe it should contain both the form data and the signature details. Not sure about he format though.
Note: Please refer to the attached document (Problem Verifying XML Signature.doc) for a details of the problem at hand.
Thanks
Ryan
Views
Replies
Total Likes
Ryan
When using the "Verify XML Signature" operation, you will not receive a signatureStatus of "VALIDANDMODIFIED" or "VALIDANDUNMODIFIED". The "Verify XML Signature" returns one of two possible signature statuses... "true" or "false"
From the help for XMLSignatureVerificationResult:
A boolean
value that indicates whether the signature that is used to sign a PDF document is valid or not. A value of true
means that the signature is valid. A value of false
means that the signature is invalid.
Regards
Steve
Hey Steve,
Thanks for the tip. So now I'm clear that I am not getting an exception. However, the LC service is returning 'false'everytime. Which brings me back to my question about the XML to be provided as input to the LC service.
I'm attaching a copy of the xml input as below. To break it up for you the XML on the whole consists of 2 parts - the form data and the signature data. The signature data format is fine and it gets verified correctly by the service. I just need someone to check the data part (see snippet below, the data part is highlighted).
Note: I concat all the fields in my form into a single field formdata and sign it.
<xfa:data xmlns:xfa="http://www.xfa.org/schema/xfa-data/1.0/">
<form1>
<main1>
<formdata>I JUST SIGNED ONE FIELD, SO THIS LINE IS THE DATA</formdata>
</main1>
</form1>
<signatures>
...
</signatures>
</xfa:data>
Cheers
Ryan
Views
Replies
Total Likes
Hi All,
Will explain somebody the difference between the signature status for xml sign verification and pdf sign verificaton?
In PDF signature verification, signature status provide "VALIDANDMODIFIED" output. It means pdf document has altered.
In case of XML sign verification signature status will provide "false" and "true" output. Is it providing the status of data tampering with the document.
I have change the value of data in xml signature template which is generated after signature and passed this xml to xml sign verification process. Still i am getting signature status true.
If i change the digest value then process is giving error as NON serializable
What is the imporatance of signature status in xml signature verification process?
Regards
Abhishek
Views
Replies
Total Likes
Abhishek
If the signature status of an XML signature is "true", then data and signature have NOT changed. If the signature status of an XML signature is "false", then something is the data HAS changed. XML signatures are either "TRUE" (valid and unmodified), or "FALSE" (this could mean that the signature is invalid and\or the data has been modified)
Regards
Steve
Views
Replies
Total Likes