4 Replies Latest reply on Dec 15, 2010 5:52 AM by SForrest96

    Signature Status using Verify XML Signature

    Ryan Ivan D'Souza

      Hello all,

       

      We are trying to achieve a reception of fax documents (TIFF) followed verification for the Identity of the Signer and the validity of data (tampering) using Verify XML Signature.

       

      As far as the indentity goes we're through and able to get the status as TRUSTED or UNKNOWN. However we've hit a road block looking to verify if the data has been tampered. We're expecting to get the status (signatureStatus) as VALIDANDMODIFIED, VALIDANDNOTMODIFIED, etc. but we only get false.

       

      I would like to highlight that the above works fine with PDF Signature verification, in which case we input the PDF file too. This might give the LC service a reference to verify the status of the data. While for XML signature verification we just input what is a "XML Document". I believe it should contain both the form data and the signature details. Not sure about he format though.

       

      Note: Please refer to the attached document (Problem Verifying XML Signature.doc) for a details of the problem at hand.

       

      Thanks

      Ryan

        • 1. Re: Signature Status using Verify XML Signature
          SForrest96 Level 4

          Ryan

           

          When using the "Verify XML Signature" operation, you will not receive a signatureStatus of "VALIDANDMODIFIED" or "VALIDANDUNMODIFIED".  The  "Verify XML Signature" returns one of two possible signature statuses... "true" or "false"

           

          From the help for XMLSignatureVerificationResult:

           

          signatureStatus

          A boolean value that indicates whether the signature that is  used to sign a PDF document is valid or not. A value of true means  that the signature is valid. A value of false means that the  signature is invalid.

           

          Regards

          Steve

          1 person found this helpful
          • 2. Re: Signature Status using Verify XML Signature
            Ryan Ivan D'Souza Level 1

            Hey Steve,

             

            Thanks for the tip. So now I'm clear that I am not getting an exception. However, the LC service is returning 'false'everytime. Which brings me back to my question about the XML to be provided as input to the LC service.

             

            I'm attaching a copy of the xml input as below. To break it up for you the XML on the whole consists of 2 parts - the form data and the signature data. The signature data format is fine and it gets verified correctly by the service. I just need someone to check the data part (see snippet below, the data part is highlighted).

             

            Note: I concat all the fields in my form into a single field formdata and sign it.

             

            <xfa:data xmlns:xfa="http://www.xfa.org/schema/xfa-data/1.0/">
                <form1>
                    <main1>
                        <formdata>I JUST SIGNED ONE FIELD, SO THIS LINE IS THE DATA</formdata>
                    </main1>
                </form1>

                <signatures>

                 ...
                </signatures>
            </xfa:data>

             

            Cheers

            Ryan

            • 3. Re: Signature Status using Verify XML Signature
              Abhishek110486

              Hi All,

               

              Will explain somebody the difference between the signature status for xml sign verification and pdf sign verificaton?

               

              In PDF signature verification, signature status provide "VALIDANDMODIFIED" output. It means pdf document has altered.

               

              In case of XML sign verification signature status will provide "false" and "true" output. Is it providing the status of data tampering with the document.

               

              I have change the value of data in xml signature template which is generated after signature and passed this xml to xml sign verification process. Still i am getting signature status true.

               

              If i change the digest value then process is giving error as NON serializable

               

              What is the imporatance of signature status in xml signature verification process?

               

              Regards

              Abhishek

              • 4. Re: Signature Status using Verify XML Signature
                SForrest96 Level 4

                Abhishek

                 

                If the signature status of an XML signature is "true", then data and signature have NOT changed.  If the signature status of an XML signature is "false", then something is the data HAS changed.  XML signatures are either "TRUE" (valid and unmodified), or "FALSE" (this could mean that the signature is invalid and\or the data has been modified)

                 

                Regards

                Steve