rtc: Signature verification fails for XMLs that are not in their canonical form #246
Labels
bug
Something isn't working
component: rtc
component: sii_crypto
crypto particular to the SII (unlike 'crypto')
Comments
glarrain-cdd
added
the
component: sii_crypto
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Even though it is assumed that a canonicalization algorithm is applied before performing the digital signature calculations of the XML, even if it is referenced in the
SignedInfoelement, it does not mean that it was necessarily applied. Unfortunately, the SII does not verify that the XML is in its canonical form, so it is common that several of the AECs accepted by the SII are not normalized (See discussion at #242).For this reason, the signature verification algorithm will fail in those XMLs that, by canonicalizing them before verifying their signature, the normalization introduces changes that modify the content of the XML, e.g. documents containing empty-element tags
The text was updated successfully, but these errors were encountered: