Electronic signature
An electronic signature is generated by the algorithm GOST R 34.10-2012 (256 and 512 bits) according to the XMLDSig standard. The Signature section, which contains the XMLDSig-generated EP, is placed in the SgntrSt section inside the SplmtryData section, which is designed to accommodate arbitrary data. Each Signature section contains a link to the section to be signed (s) inside the xml document. The message must be fully signed, including the section
<SplmtryData>
<Envlp>
<SgntrSt>
</SgntrSt>
</Envlp>
</SplmtryData>
General recommendations for generating an XMLDSig signature:
1) You can use a certified combination of the cryptographic provider CryptoPro CSP and the API from Java to it CryptoPro JavaCSP, but you must specify JavaCSP in your software
2)You can use CryptoPro JCP 2.0. There is .jar with examples: samples.jar samples-sources.jar including xmlSign in its distribution.
When you sign with two keys, you should sign only the data. When you sign with the second signature, the first signature is not signed
To avoid the "UnrecoverableKeyException: Get Key failed" error, you need to transfer the keys and certificate from the * .pfx repository to the HDImageStore repository (this will be a folder with 6 * .key files), which Java distinguishes with installed CryptoPro (more details https://www.cryptopro.ru/forum2/default.aspx?g=posts&t=8271)
Examples of implementation and signed documents: https://github.com/alfa-laboratory/iso20022-signature
Signature Formation Example
<CstmrCdtTrfInitn>
...
<SplmtryData>
<Envlp>
<SgntrSt>
<Signature хmlns="http://www.w3.org/2000/09/xmldsig#">
{ЭП #1 …}
</Signature>
<Signature хmlns="http://www.w3.org/2000/09/xmldsig#">
{ЭП #2 …}
</Signature>
</SgntrSt>
</Envlp>
</SplmtryData>
</CstmrCdtTrfInitn>
Example request summary extract with signature
<?xml version="1.0" encoding="UTF-8"?><p:Document xmlns:p="urn:iso:std:iso:20022:tech:xsd:camt.060.001.03" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:camt.060.001.03 xsd/camt.060.001.03.xsd ">
<p:AcctRptgReq>
<p:GrpHdr>
<p:MsgId>MSG_20170830_test_55</p:MsgId>
<p:CreDtTm>2017-05-26T12:00:00</p:CreDtTm>
</p:GrpHdr>
<p:RptgReq>
<p:Id>REQ_20170830_test_55</p:Id>
<p:ReqdMsgNmId>HMQSTASCF</p:ReqdMsgNmId>
<p:Acct>
<p:Id>
<p:Othr>
<p:Id>40702810001300013144</p:Id>
</p:Othr>
</p:Id>
</p:Acct>
<p:AcctOwnr>
<p:Pty>
<p:Nm>ООО "Мир Технологий"</p:Nm>
</p:Pty>
</p:AcctOwnr>
<p:RptgPrd>
<p:FrToDt>
<p:FrDt>2017-02-23</p:FrDt>
<p:ToDt>2017-02-23</p:ToDt>
</p:FrToDt>
<p:FrToTm>
<p:FrTm>00:00:00</p:FrTm>
<p:ToTm>24:00:00</p:ToTm>
</p:FrToTm>
<p:Tp>ALLL</p:Tp>
</p:RptgPrd>
</p:RptgReq>
<p:RptgReq>
<p:Id>REQ_20170830_test_56</p:Id>
<p:ReqdMsgNmId>HMQSTASCF</p:ReqdMsgNmId>
<p:Acct>
<p:Id>
<p:Othr>
<p:Id>40702810100000000921</p:Id>
</p:Othr>
</p:Id>
</p:Acct>
<p:AcctOwnr>
<p:Pty>
<p:Nm>ООО "Мир Технологий"</p:Nm>
</p:Pty>
</p:AcctOwnr>
<p:RptgPrd>
<p:FrToDt>
<p:FrDt>2017-02-23</p:FrDt>
<p:ToDt>2017-02-23</p:ToDt>
</p:FrToDt>
<p:FrToTm>
<p:FrTm>00:00:00</p:FrTm>
<p:ToTm>24:00:00</p:ToTm>
</p:FrToTm>
<p:Tp>ALLL</p:Tp>
</p:RptgPrd>
</p:RptgReq>
<p:SplmtryData>
<p:Envlp>
<SgntrSt>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="sigID1">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411"/>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr3411"/>
<ds:DigestValue>ALQVhJd+YufeR5ebo1dFcv5Fdv0eqSSNWfEOm2soDrU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
S3XOmm7Mm4CnzXRng7gXTuMLuuOsQ1BcKVJz43NZHtd28hnBUR6uojAvQBE4bLhR9lxMioagvQF0
fP81BHvEUw==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIDcjCCAyGgAwIBAgITEgAewCrzlZtxaIf/EAAAAB7AKjAIBgYqhQMCAgMwfzEjMCEGCSqGSIb3
DQEJARYUc3VwcG9ydEBjcnlwdG9wcm8ucnUxCzAJBgNVBAYTAlJVMQ8wDQYDVQQHEwZNb3Njb3cx
FzAVBgNVBAoTDkNSWVBUTy1QUk8gTExDMSEwHwYDVQQDExhDUllQVE8tUFJPIFRlc3QgQ2VudGVy
IDIwHhcNMTcwNzI4MDgxNzIzWhcNMTcxMDI4MDgyNzIzWjCBgDEeMBwGCSqGSIb3DQEJARYPaXZh
bm92QGl2YW4uY29tMRYwFAYDVQQDDA1jZXJ0aWZpY2F0ZTA3MQwwCgYDVQQLDANkZXAxDDAKBgNV
BAoMA29yZzENMAsGA1UEBwwEY2l0eTEOMAwGA1UECAwFc3RhdGUxCzAJBgNVBAYTAlJVMGMwHAYG
KoUDAgITMBIGByqFAwICIwEGByqFAwICHgEDQwAEQHMSlGtvqSHl25faa9kJ2M4PckhXZZReBvRX
dbHwXWB0omjM6mwi2Kt72GdVcg/JJKXG6/xEyOdyXfgGMIsjAYOjggFwMIIBbDAOBgNVHQ8BAf8E
BAMCBsAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFBLW6VyxD2CMbq8kKTZE/7G+dHCF
MB8GA1UdIwQYMBaAFBUxfLCNGt5m1xWcSVKXFyS5AXqDMFkGA1UdHwRSMFAwTqBMoEqGSGh0dHA6
Ly90ZXN0Y2EuY3J5cHRvcHJvLnJ1L0NlcnRFbnJvbGwvQ1JZUFRPLVBSTyUyMFRlc3QlMjBDZW50
ZXIlMjAyLmNybDCBqQYIKwYBBQUHAQEEgZwwgZkwYQYIKwYBBQUHMAKGVWh0dHA6Ly90ZXN0Y2Eu
Y3J5cHRvcHJvLnJ1L0NlcnRFbnJvbGwvdGVzdC1jYS0yMDE0X0NSWVBUTy1QUk8lMjBUZXN0JTIw
Q2VudGVyJTIwMi5jcnQwNAYIKwYBBQUHMAGGKGh0dHA6Ly90ZXN0Y2EuY3J5cHRvcHJvLnJ1L29j
c3Avb2NzcC5zcmYwCAYGKoUDAgIDA0EAL9Hgr5aVBQ1FYVbEHBIjbejchr4RO09Sr05AAORWwGhv
x7BO717qODeZl3uKX4oRaJ6EIZJW0yyvE6VwnE7h+Q==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature></SgntrSt>
</p:Envlp>
</p:SplmtryData>
</p:AcctRptgReq>
</p:Document>