ISO 20022 XML Signature Creation Guide

Signature Creation Process Overview

The signature samples on this page were created using a previous version of the Business Application Headers (BAH) and the Business Message Wrapper (BMW) which will be updated in a subsequent release. For now, please refer to myStandards for the correct BAH and BMW.

XML signatures are a type of digital signature applied to an XML data object. There are two types of XML signatures, enveloped and detached. An enveloped signature is where the signature element is contained with the XML element that is being signed, while in a detached signature the signature element is external to the XML element being signed. The ISO 20022 Business Application Header Message Usage Guideline signature creation process uses an enveloped XML signature.

An ISO 20022 XML Business Message consists of two sections - a Business Application Header (BAH) and a Document.

To create an ISO 20022 XML Message signature, three sections of the Business Message need to be manipulated; <AppHdr>, <Document>, and <ds:KeyInfo Id="kid">. These components are transformed, digested individually and then rebuilt and signed using a participant’s ISO signing private key. The end result is a signed ISO 20022 XML message, as denoted in the process flow below.

Signature Creation Process

Create ISO 20022 XML Business Message

The first step of the signature creation process is to create an ISO 20022 XML Business Message.

Remove Business Message Wrapper (BMW)

This step is only applicable for messages which already have the Business Message Wrapper included.

Prior to signing an ISO 20022 message, the BMW (<BizMsg> element) needs to be removed, if it has been added previously. The <BizMsg> element is an ASX construct used to keep the <AppHdr> and <Document> together while in transit and is not part of the ISO 20022 standard. The code snippets below demonstrate the removal of the <BizMsg> element. The <BizMsg> element must be removed so that during signature calculation the <ds:Reference URI=””> has a root element of <AppHdr> and not <BizMsg>.

1 2 3 4 5 6 7 <?xml version="1.0" encoding="UTF-8"?> <BizMsg xmlns="urn:iso:std:iso:20022:tech:xsd:head.002.001.01" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:head.002.001.01 ASX_AU_CHS_comm_802_001_01_head_002_001_01.xsd"> <AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01" xmlns:n1="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 ASX_AU_CHS_comm_801_001_01_head_001_001_01.xsd"> </AppHdr> <Document xmlns="urn:iso:std:iso:20022:tech:xsd:admi.002.001.01" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:admi.002.001.01 ASX_AU_CHS_comm_807_001_01_admi_002_001_01.xsd"> </Document> </BizMsg>
1 2 3 4 5 <?xml version="1.0" encoding="UTF-8"?> <AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01" xmlns:n1="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 ASX_AU_CHS_comm_801_001_01_head_001_001_01.xsd"> </AppHdr> <Document xmlns="urn:iso:std:iso:20022:tech:xsd:admi.002.001.01" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:admi.002.001.01 ASX_AU_CHS_comm_807_001_01_admi_002_001_01.xsd"> </Document>

Transform and digest the Business Application Header (BAH)

The next four sub-process steps explain the process of processing the Business Application Header.

Extract BAH element

As mentioned earlier, the BAH (<AppHdr> element) is part of the Business Message. Thus, the first sub-step is to extract the <AppHdr> element from the Business Message. The code snippets below demonstrate the extraction of the <AppHdr> element.

1 2 3 4 5 <?xml version="1.0" encoding="UTF-8"?> <AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01" xmlns:n1="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 ASX_AU_CHS_comm_801_001_01_head_001_001_01.xsd"> </AppHdr> <Document xmlns="urn:iso:std:iso:20022:tech:xsd:admi.002.001.01" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:admi.002.001.01 ASX_AU_CHS_comm_807_001_01_admi_002_001_01.xsd"> </Document>
1 2 <AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01" xmlns:n1="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 ASX_AU_CHS_comm_801_001_01_head_001_001_01.xsd"> </AppHdr>

Transform <AppHdr> element using c14n and SHA-256 transform

This is an enveloped signature, as indicated by the first line of the transform algorithm. This notifies the library that the signature is contained within the BAH and not outside, and to not include anything within the <Sgntr> element when calculating the digest value.

The <AppHdr> element is transformed using the canonicalization (c14n) algorithm. The code snippets below demonstrate a sample <AppHdr> transformation using the c14n transform. Common cryptography libraries perform canonicalization for the user.

An <AppHdr> digest is created using the SHA-256 algorithm, a Secure Hash Algorithm with a fixed output size of 256 bits. A hash, is a one way function which enables verification of data. Hashes are often used to ensure data acquired is the same as the original data. In order to confirm data was not altered in transit this resultant <AppHdr> digest is compared to the calculated value during the signature verification stage. The code snippet below demonstrates a sample <AppHdr> digest using SHA-256.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 <AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01" xmlns:n1="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 ASX_AU_CHS_comm_801_001_01_head_001_001_01.xsd"> <Fr> <OrgId> <Id> <OrgId> <Othr> <Id>00001</Id> </Othr> </OrgId> </Id> </OrgId> </Fr> <To> <OrgId> <Id> <OrgId> <Othr> <Id>00002</Id> </Othr> </OrgId> </Id> </OrgId> </To> <BizMsgIdr>00001|22222336600</BizMsgIdr> <MsgDefIdr>admi.002.001.01</MsgDefIdr> <BizSvc>comm_807_001_01_!p</BizSvc> <CreDt>2018-03-05T02:55:00.001Z</CreDt> <Sgntr> </Sgntr> <Rltd> <Fr> <OrgId> <Id> <OrgId> <Othr> <Id>00002</Id> </Othr> </OrgId> </Id> </OrgId> </Fr> <To> <OrgId> <Id> <OrgId> <Othr> <Id>00001</Id> </Othr> </OrgId> </Id> </OrgId> </To> <BizMsgIdr>00002|33111660001234567891000</BizMsgIdr> <MsgDefIdr>DRAFTreda.014.001.01</MsgDefIdr> <BizSvc>inte_904_001_01_!p</BizSvc> <CreDt>2018-06-07T06:44:21.123Z</CreDt> </Rltd> </AppHdr>
1 kZop6K4a2XpV3SdWbtAsUoHH62dLIqCjLDDSc3rEfS0=

Insert digest value in <ds:Reference= URI""> element

The resulting <AppHdr> SHA-256 digest is inserted in the <ds:DigestValue> element under <ds:Reference URI=""> element in the <AppHdr>. The code snippets below, on the right, demonstrate a sample <AppHdr>with the SHA-256 element inserted in <ds:DigestValue> under the <ds:Reference URI=””> element

In the below ‘Updated BAH Reference’ code snippet, the URI reference must be specified as “#kid” and cannot be substituted for another value.

1 pTqOsTyDRdNorcnN+abUz0izNZ8iVnGOgSGm6c2G4Yg=
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 <AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01" xmlns:n1="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 ASX_AU_CHS_comm_801_001_01_head_001_001_01.xsd"> <Fr> </Fr> <To> </To> <BizMsgIdr>00001|22222336600</BizMsgIdr> <MsgDefIdr>admi.002.001.01</MsgDefIdr> <BizSvc>comm_807_001_01_!p</BizSvc> <CreDt>2018-03-05T02:55:00.001Z</CreDt> <Sgntr> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#kid"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue></ds:DigestValue> </ds:Reference> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>pTqOsTyDRdNorcnN+abUz0izNZ8iVnGOgSGm6c2G4Yg=</ds:DigestValue> </ds:Reference> <ds:Reference> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue></ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue></ds:SignatureValue> <ds:KeyInfo Id="kid"> <ds:X509Data> <ds:X509Certificate> </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </Sgntr> <Rltd> </Rltd> </AppHdr>

 

Transform and digest of the <Document>

The next four sub-process steps explain the processing of the <Document> element.

Extracting Document element

As mentioned earlier, the <Document> element is part of the Business Message. Thus, the first sub-step is to extract the <Document> from the Business Message. The code snippets below demonstrate the extraction of the <Document>.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 <AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01" xmlns:n1="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 ASX_AU_CHS_comm_801_001_01_head_001_001_01.xsd"> <Fr> <OrgId> <Id> <OrgId> <Othr> <Id>00001</Id> </Othr> </OrgId> </Id> </OrgId> </Fr> <To> <OrgId> <Id> <OrgId> <Othr> <Id>00002</Id> </Othr> </OrgId> </Id> </OrgId> </To> <BizMsgIdr>00001|22222336600</BizMsgIdr> <MsgDefIdr>admi.002.001.01</MsgDefIdr> <BizSvc>comm_807_001_01_!p</BizSvc> <CreDt>2018-03-05T02:55:00.001Z</CreDt> <Sgntr> </Sgntr> <Rltd> <Fr> <OrgId> <Id> <OrgId> <Othr> <Id>00002</Id> </Othr> </OrgId> </Id> </OrgId> </Fr> <To> <OrgId> <Id> <OrgId> <Othr> <Id>00001</Id> </Othr> </OrgId> </Id> </OrgId> </To> <BizMsgIdr>00002|33111660001234567891000</BizMsgIdr> <MsgDefIdr>DRAFTreda.014.001.01</MsgDefIdr> <BizSvc>inte_904_001_01_!p</BizSvc> <CreDt>2018-06-07T06:44:21.123Z</CreDt> </Rltd> </AppHdr> <Document xmlns="urn:iso:std:iso:20022:tech:xsd:admi.002.001.01" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:admi.002.001.01 ASX_AU_CHS_comm_807_001_01_admi_002_001_01.xsd"> <admi.002.001.01> <RltdRef> <Ref>00001|#UNIQUE_ID#</Ref> </RltdRef> <Rsn> <RjctgPtyRsn>0099</RjctgPtyRsn> <RjctnDtTm>2018-06-07T06:44:21.321Z</RjctnDtTm> <RsnDesc>lineNumber: 21; columnNumber: 48; cvc-pattern-valid: Value 'qazwsx' is not facet-valid with respect to pattern '[A-Z]{6,6}[A-Z2-9][A-NP-Z0-9]([A-Z0-9]{3,3}){0,1}' for type 'AnyBICIdentifier'. </RsnDesc> </Rsn> </admi.002.001.01> </Document>
1 2 3 4 5 6 7 8 9 10 11 12 13 <Document xmlns="urn:iso:std:iso:20022:tech:xsd:admi.002.001.01" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:admi.002.001.01 ASX_AU_CHS_comm_807_001_01_admi_002_001_01.xsd"> <admi.002.001.01> <RltdRef> <Ref>00001|#UNIQUE_ID#</Ref> </RltdRef> <Rsn> <RjctgPtyRsn>0099</RjctgPtyRsn> <RjctnDtTm>2018-06-07T06:44:21.321Z</RjctnDtTm> <RsnDesc>lineNumber: 21; columnNumber: 48; cvc-pattern-valid: Value 'qazwsx' is not facet-valid with respect to pattern '[A-Z]{6,6}[A-Z2-9][A-NP-Z0-9]([A-Z0-9]{3,3}){0,1}' for type 'AnyBICIdentifier'. </RsnDesc> </Rsn> </admi.002.001.01> </Document>

 

 

Transform <Document> using c14n and SHA-256 transform

The <Document> is transformed using the canonicalization (c14n) algorithm. The code snippets below demonstrate a sample document transformation using the c14n transform.

A digest of the <Document> is performed using the SHA-256 algorithm, a Secure Hash Algorithm with a fixed output size of 256 bits. The hash is a one way function which enables verification of data. Hashes are often used to ensure data acquired is the same as the original data. In order to confirm data was not altered in transit this resultant <Document> digest is compared to the calculated value during the signature verification stage. The code snippet below demonstrate a sample <Document> transformation using SHA-256.

1 2 3 4 5 6 7 8 9 10 11 12 13 <Document xmlns="urn:iso:std:iso:20022:tech:xsd:admi.002.001.01" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:admi.002.001.01 ASX_AU_CHS_comm_807_001_01_admi_002_001_01.xsd"> <admi.002.001.01> <RltdRef> <Ref>00001|#UNIQUE_ID#</Ref> </RltdRef> <Rsn> <RjctgPtyRsn>0099</RjctgPtyRsn> <RjctnDtTm>2018-06-07T06:44:21.321Z</RjctnDtTm> <RsnDesc>lineNumber: 21; columnNumber: 48; cvc-pattern-valid: Value 'qazwsx' is not facet-valid with respect to pattern '[A-Z]{6,6}[A-Z2-9][A-NP-Z0-9]([A-Z0-9]{3,3}){0,1}' for type 'AnyBICIdentifier'. </RsnDesc> </Rsn> </admi.002.001.01> </Document>
1 NCLNs3OxbrMMuH75tXB8MoMqd8wjjzZ8GzuFpmQxiLI=

Insert digest under <ds:Reference> element

The resulting <Document> SHA-256 digest is inserted in the <ds:DigestValue> element under <ds:Reference> element in the <AppHdr>. The code snippets below, on the right, demonstrate a sample <AppHdr>with the SHA-256 element inserted in <ds:DigestValue> under the <ds:Reference URI> element

1 NCLNs3OxbrMMuH75tXB8MoMqd8wjjzZ8GzuFpmQxiLI=
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 <AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01" xmlns:n1="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 ASX_AU_CHS_comm_801_001_01_head_001_001_01.xsd"> <Fr> </Fr> <To> </To> <BizMsgIdr>00001|22222336600</BizMsgIdr> <MsgDefIdr>admi.002.001.01</MsgDefIdr> <BizSvc>comm_807_001_01_!p</BizSvc> <CreDt>2018-03-05T02:55:00.001Z</CreDt> <Sgntr> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#kid"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue></ds:DigestValue> </ds:Reference> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>kZop6K4a2XpV3SdWbtAsUoHH62dLIqCjLDDSc3rEfS0=</ds:DigestValue> </ds:Reference> <ds:Reference> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>NCLNs3OxbrMMuH75tXB8MoMqd8wjjzZ8GzuFpmQxiLI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue></ds:SignatureValue> <ds:KeyInfo Id="kid"> <ds:X509Data> <ds:X509Certificate> </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </Sgntr> <Rltd> </Rltd> </AppHdr>

 

Insert public key into <ds:X509Certificate> element in BAH

The participant’s ISO signing public key (instructions on how to acquire an ASX signed public key are available on the FTP) is inserted into the <ds:X509Certificate> element of the BAH.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 <AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01" xmlns:n1="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 ASX_AU_CHS_comm_801_001_01_head_001_001_01.xsd"> <Fr> </Fr> <To> </To> <BizMsgIdr>00001|22222336600</BizMsgIdr> <MsgDefIdr>admi.002.001.01</MsgDefIdr> <BizSvc>comm_807_001_01_!p</BizSvc> <CreDt>2018-03-05T02:55:00.001Z</CreDt> <Sgntr> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#kid"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>3cvEZDIV4CSKiW+4+4AQ4fis/kp1P1raw7OM3qM/IVA=</ds:DigestValue> </ds:Reference> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>kZop6K4a2XpV3SdWbtAsUoHH62dLIqCjLDDSc3rEfS0=</ds:DigestValue> </ds:Reference> <ds:Reference> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>NCLNs3OxbrMMuH75tXB8MoMqd8wjjzZ8GzuFpmQxiLI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>oS8Obos6U60Pg2x/Yz/X7/BGHsSF3OYb1I0Ug5PXnz6aG5NgLF1lmegb1qaFB6XWgE/3mh+Ebru4RQga8aGY17Pl92aT/a0NsQUV+rkBdshoYJUp1lwEF/2gKdyUqExT1jZ9IE70Wnr+xbizlDFZhtvWfsyzN+NNnX5fTydxLRUul6eXsUi8RxliaO9n6DDjTSDzjvMwi49Ca+t/2jiwo5PXaDVFDHcD8EXiPwTkz2dihwelyPkseeX9Jxdl3n/ruo8WHxeS3XkEmf7wFP0C4c+bOBN3ef0GML5x8I55A5eiq5qzyJ+XR6y8x+k3rfL+YAkH1TG0y7j3OONVssfG7+M=</ds:SignatureValue> <ds:KeyInfo Id="kid"> <ds:X509Data> <ds:X509Certificate> </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </Sgntr> <Rltd> </Rltd> </AppHdr>
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 <AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01" xmlns:n1="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 ASX_AU_CHS_comm_801_001_01_head_001_001_01.xsd"> <Fr> </Fr> <To> </To> <BizMsgIdr>00001|22222336600</BizMsgIdr> <MsgDefIdr>admi.002.001.01</MsgDefIdr> <BizSvc>comm_807_001_01_!p</BizSvc> <CreDt>2018-03-05T02:55:00.001Z</CreDt> <Sgntr> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#kid"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>3cvEZDIV4CSKiW+4+4AQ4fis/kp1P1raw7OM3qM/IVA=</ds:DigestValue> </ds:Reference> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>kZop6K4a2XpV3SdWbtAsUoHH62dLIqCjLDDSc3rEfS0=</ds:DigestValue> </ds:Reference> <ds:Reference> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>NCLNs3OxbrMMuH75tXB8MoMqd8wjjzZ8GzuFpmQxiLI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>oS8Obos6U60Pg2x/Yz/X7/BGHsSF3OYb1I0Ug5PXnz6aG5NgLF1lmegb1qaFB6XWgE/3mh+Ebru4RQga8aGY17Pl92aT/a0NsQUV+rkBdshoYJUp1lwEF/2gKdyUqExT1jZ9IE70Wnr+xbizlDFZhtvWfsyzN+NNnX5fTydxLRUul6eXsUi8RxliaO9n6DDjTSDzjvMwi49Ca+t/2jiwo5PXaDVFDHcD8EXiPwTkz2dihwelyPkseeX9Jxdl3n/ruo8WHxeS3XkEmf7wFP0C4c+bOBN3ef0GML5x8I55A5eiq5qzyJ+XR6y8x+k3rfL+YAkH1TG0y7j3OONVssfG7+M=</ds:SignatureValue> <ds:KeyInfo Id="kid"> <ds:X509Data> <ds:X509Certificate>MIIFETCCBLegAwIBAgITGAAAAfiqM0nhfd+e7QAAAAAB+DAKBggqhkjOPQQDAjBrMRIwEAYKCZIm iZPyLGQBGRYCcWExEzARBgoJkiaJk/IsZAEZFgNhc3gxGDAWBgoJkiaJk/IsZAEZFghjdXN0b21l cjEmMCQGA1UEAxMdQVNYIEVudGVycHJpc2UgTVZQIElzc3VpbmcgQ0EwHhcNMjAwMjI2MDI1NzI3 WhcNMjIwMjI1MDI1NzI3WjCBgDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMG U3lkbmV5MRQwEgYDVQQKEwtBU1ggUHR5IEx0ZDEQMA4GA1UECxMHQ1NQLUNERTEqMCgGA1UEAxMh QVNYIElTTyBDREUgU2lnbmF0dXJlIENlcnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A MIIBigKCAYEA217NWG95I88zSPMWCv5bT2JGhgPDserCyuBDod8KgVnf5zvzi6OlluSiebGHUSUt BqbYyy9Pc5F78K9VpDvMaa1h3Wi8rgYpH9wDmaSwE1KrWpkXfvG3//396de0theU0lJCET8K7/dc wHuLDS6vK+Y0EWhosIDymlYdPLnzqRIbM/liSQ99LMX5GmG4CPEnPyty/IJJXe5wSUsVGIcugWuh F+iLdWKmfE2ZMvRg/0ONMuf05LPZewLmqL2RFyXJlP76tIycK+r+9axfgmtRVAf7ds3KvfBO0z4S coTXI9+fNO/5KcJfBXsDW4B6FwjnmwTJtdRRpYa2ullHRaXzVPkN+ETeluADzb5jCP4gKwGGdxNA 1baK1wb5YCX29nsIRnNKNVNToLxuPXNCUe0BMe09KyHzgCo4if1CBGP0Fq24YzRevV8JndGkn71u 0XkubdbpmlKIpLQfR0N6IotH+qKlcGKlFJ1sk7XT6ewsS7+58rh2ch1+fmdwjhqIYyzdAgMBAAGj ggHXMIIB0zA6BgkrBgEEAYI3FQcELTArBiMrBgEEAYI3FQiCmJ4lq7B2iZkct7Atg8K7BRaExsEx hZvxcAIBZAIBHzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWg MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFF+h/P9U iHMH1uqZPuvIKZyGGpkZMB8GA1UdIwQYMBaAFFgbAFWc1UbIUaYtZsVCNHf0AaJlMGkGA1UdHwRi MGAwXqBcoFqGWGZpbGU6Ly8vL0RETFRJQ0EyMDEuY3VzdG9tZXIuYXN4LnFhL0NlcnRFbnJvbGwv QVNYJTIwRW50ZXJwcmlzZSUyME1WUCUyMElzc3VpbmclMjBDQS5jcmwwgZEGCCsGAQUFBwEBBIGE MIGBMH8GCCsGAQUFBzAChnNmaWxlOi8vLy9ERExUSUNBMjAxLmN1c3RvbWVyLmFzeC5xYS9DZXJ0 RW5yb2xsL0RETFRJQ0EyMDEuY3VzdG9tZXIuYXN4LnFhX0FTWCUyMEVudGVycHJpc2UlMjBNVlAl MjBJc3N1aW5nJTIwQ0EuY3J0MAoGCCqGSM49BAMCA0gAMEUCIBcF2StMXozV0uATlTrCTWvS1ea5 kS0S1qZqi2NpY7rzAiEAnOALvr5w9l8GrERu27dFAJ9qZiAHrSAoCTJzuIUwd7s= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </Sgntr> <Rltd> </Rltd> </AppHdr>

 

Transform and digest of the <ds:KeyInfo Id=”kid”>

The next four sub-process steps explain the process of processing the <ds:KeyInfo Id=”kid”> element.

Transform <ds:KeyInfo Id-”kid”> element using c14n and SHA-256 transform

The <ds:KeyInfo Id=”kid”> element will need to be transformed using the canonicalization (c14n) algorithm. The code snippets below demonstrate a sample <ds:KeyInfo Id=”kid”> transformation using the c14n transform.

A digest of the <ds:KeyInfo Id=”kid”> is performed using the SHA-256 algorithm, a Secure Hash Algorithm with a fixed output size of 256 bits. The hash is a one way function which enables verification of data. Hashes are often used to ensure data acquired is the same as the original data. In order to confirm data was not altered in transit this resultant <ds:KeyInfo Id="kid"> digest is compared to the calculated value during the signature verification stage. The code snippet below demonstrate a sample <ds:KeyInfo Id=”kid”> transformation using SHA-256.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 <ds:KeyInfo Id="kid"> <ds:X509Data> <ds:X509Certificate>MIIFETCCBLegAwIBAgITGAAAAfiqM0nhfd+e7QAAAAAB+DAKBggqhkjOPQQDAjBrMRIwEAYKCZIm iZPyLGQBGRYCcWExEzARBgoJkiaJk/IsZAEZFgNhc3gxGDAWBgoJkiaJk/IsZAEZFghjdXN0b21l cjEmMCQGA1UEAxMdQVNYIEVudGVycHJpc2UgTVZQIElzc3VpbmcgQ0EwHhcNMjAwMjI2MDI1NzI3 WhcNMjIwMjI1MDI1NzI3WjCBgDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMG U3lkbmV5MRQwEgYDVQQKEwtBU1ggUHR5IEx0ZDEQMA4GA1UECxMHQ1NQLUNERTEqMCgGA1UEAxMh QVNYIElTTyBDREUgU2lnbmF0dXJlIENlcnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A MIIBigKCAYEA217NWG95I88zSPMWCv5bT2JGhgPDserCyuBDod8KgVnf5zvzi6OlluSiebGHUSUt BqbYyy9Pc5F78K9VpDvMaa1h3Wi8rgYpH9wDmaSwE1KrWpkXfvG3//396de0theU0lJCET8K7/dc wHuLDS6vK+Y0EWhosIDymlYdPLnzqRIbM/liSQ99LMX5GmG4CPEnPyty/IJJXe5wSUsVGIcugWuh F+iLdWKmfE2ZMvRg/0ONMuf05LPZewLmqL2RFyXJlP76tIycK+r+9axfgmtRVAf7ds3KvfBO0z4S coTXI9+fNO/5KcJfBXsDW4B6FwjnmwTJtdRRpYa2ullHRaXzVPkN+ETeluADzb5jCP4gKwGGdxNA 1baK1wb5YCX29nsIRnNKNVNToLxuPXNCUe0BMe09KyHzgCo4if1CBGP0Fq24YzRevV8JndGkn71u 0XkubdbpmlKIpLQfR0N6IotH+qKlcGKlFJ1sk7XT6ewsS7+58rh2ch1+fmdwjhqIYyzdAgMBAAGj ggHXMIIB0zA6BgkrBgEEAYI3FQcELTArBiMrBgEEAYI3FQiCmJ4lq7B2iZkct7Atg8K7BRaExsEx hZvxcAIBZAIBHzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWg MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFF+h/P9U iHMH1uqZPuvIKZyGGpkZMB8GA1UdIwQYMBaAFFgbAFWc1UbIUaYtZsVCNHf0AaJlMGkGA1UdHwRi MGAwXqBcoFqGWGZpbGU6Ly8vL0RETFRJQ0EyMDEuY3VzdG9tZXIuYXN4LnFhL0NlcnRFbnJvbGwv QVNYJTIwRW50ZXJwcmlzZSUyME1WUCUyMElzc3VpbmclMjBDQS5jcmwwgZEGCCsGAQUFBwEBBIGE MIGBMH8GCCsGAQUFBzAChnNmaWxlOi8vLy9ERExUSUNBMjAxLmN1c3RvbWVyLmFzeC5xYS9DZXJ0 RW5yb2xsL0RETFRJQ0EyMDEuY3VzdG9tZXIuYXN4LnFhX0FTWCUyMEVudGVycHJpc2UlMjBNVlAl MjBJc3N1aW5nJTIwQ0EuY3J0MAoGCCqGSM49BAMCA0gAMEUCIBcF2StMXozV0uATlTrCTWvS1ea5 kS0S1qZqi2NpY7rzAiEAnOALvr5w9l8GrERu27dFAJ9qZiAHrSAoCTJzuIUwd7s= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo>
1 +PkkQtqY5W12mcVsWYQ/Mec6SQU9B7ulJTAqOBgybGg=

Insert <ds:KeyInfo=”kid”> digest value into <ds:Reference URI="#kid"> element

The resulting <ds:KeyInfo Id="kid"> SHA-256 digest is inserted in the <ds:DigestValue> element under <ds:Reference URI="#kid"> element in the <AppHdr>. The code snippets below, on the right, demonstrate a sample <AppHdr>with the SHA-256 element inserted in <ds:DigestValue> under the <ds:Reference URI=”#kid”> element

1 +PkkQtqY5W12mcVsWYQ/Mec6SQU9B7ulJTAqOBgybGg=
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 <AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01" xmlns:n1="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 ASX_AU_CHS_comm_801_001_01_head_001_001_01.xsd"> <Fr> </Fr> <To> </To> <BizMsgIdr>00001|22222336600</BizMsgIdr> <MsgDefIdr>admi.002.001.01</MsgDefIdr> <BizSvc>comm_807_001_01_!p</BizSvc> <CreDt>2018-03-05T02:55:00.001Z</CreDt> <Sgntr> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#kid"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>+PkkQtqY5W12mcVsWYQ/Mec6SQU9B7ulJTAqOBgybGg=</ds:DigestValue> </ds:Reference> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>kZop6K4a2XpV3SdWbtAsUoHH62dLIqCjLDDSc3rEfS0=</ds:DigestValue> </ds:Reference> <ds:Reference> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>NCLNs3OxbrMMuH75tXB8MoMqd8wjjzZ8GzuFpmQxiLI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue></ds:SignatureValue> <ds:KeyInfo Id="kid"> <ds:X509Data> <ds:X509Certificate>MIIFETCCBLegAwIBAgITGAAAAfiqM0nhfd+e7QAAAAAB+DAKBggqhkjOPQQDAjBrMRIwEAYKCZIm iZPyLGQBGRYCcWExEzARBgoJkiaJk/IsZAEZFgNhc3gxGDAWBgoJkiaJk/IsZAEZFghjdXN0b21l cjEmMCQGA1UEAxMdQVNYIEVudGVycHJpc2UgTVZQIElzc3VpbmcgQ0EwHhcNMjAwMjI2MDI1NzI3 WhcNMjIwMjI1MDI1NzI3WjCBgDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMG U3lkbmV5MRQwEgYDVQQKEwtBU1ggUHR5IEx0ZDEQMA4GA1UECxMHQ1NQLUNERTEqMCgGA1UEAxMh QVNYIElTTyBDREUgU2lnbmF0dXJlIENlcnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A MIIBigKCAYEA217NWG95I88zSPMWCv5bT2JGhgPDserCyuBDod8KgVnf5zvzi6OlluSiebGHUSUt BqbYyy9Pc5F78K9VpDvMaa1h3Wi8rgYpH9wDmaSwE1KrWpkXfvG3//396de0theU0lJCET8K7/dc wHuLDS6vK+Y0EWhosIDymlYdPLnzqRIbM/liSQ99LMX5GmG4CPEnPyty/IJJXe5wSUsVGIcugWuh F+iLdWKmfE2ZMvRg/0ONMuf05LPZewLmqL2RFyXJlP76tIycK+r+9axfgmtRVAf7ds3KvfBO0z4S coTXI9+fNO/5KcJfBXsDW4B6FwjnmwTJtdRRpYa2ullHRaXzVPkN+ETeluADzb5jCP4gKwGGdxNA 1baK1wb5YCX29nsIRnNKNVNToLxuPXNCUe0BMe09KyHzgCo4if1CBGP0Fq24YzRevV8JndGkn71u 0XkubdbpmlKIpLQfR0N6IotH+qKlcGKlFJ1sk7XT6ewsS7+58rh2ch1+fmdwjhqIYyzdAgMBAAGj ggHXMIIB0zA6BgkrBgEEAYI3FQcELTArBiMrBgEEAYI3FQiCmJ4lq7B2iZkct7Atg8K7BRaExsEx hZvxcAIBZAIBHzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWg MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFF+h/P9U iHMH1uqZPuvIKZyGGpkZMB8GA1UdIwQYMBaAFFgbAFWc1UbIUaYtZsVCNHf0AaJlMGkGA1UdHwRi MGAwXqBcoFqGWGZpbGU6Ly8vL0RETFRJQ0EyMDEuY3VzdG9tZXIuYXN4LnFhL0NlcnRFbnJvbGwv QVNYJTIwRW50ZXJwcmlzZSUyME1WUCUyMElzc3VpbmclMjBDQS5jcmwwgZEGCCsGAQUFBwEBBIGE MIGBMH8GCCsGAQUFBzAChnNmaWxlOi8vLy9ERExUSUNBMjAxLmN1c3RvbWVyLmFzeC5xYS9DZXJ0 RW5yb2xsL0RETFRJQ0EyMDEuY3VzdG9tZXIuYXN4LnFhX0FTWCUyMEVudGVycHJpc2UlMjBNVlAl MjBJc3N1aW5nJTIwQ0EuY3J0MAoGCCqGSM49BAMCA0gAMEUCIBcF2StMXozV0uATlTrCTWvS1ea5 kS0S1qZqi2NpY7rzAiEAnOALvr5w9l8GrERu27dFAJ9qZiAHrSAoCTJzuIUwd7s= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </Sgntr> <Rltd> </Rltd> </AppHdr>

 

Actions to the <ds:SignedInfo> element

The result of the digested values - the <AppHdr>, <Document>, and <ds:KeyInfo Id=”kid”> - come together in the <ds:SignedInfo> element.

Transform <ds:<SignedInfo> element using c14n transform

The <ds:SignedInfo> element is transformed using the c14n transformation algorithm. The code snippets below demonstrate a sample <ds:SignedInfo> transformation using the c14n transform.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#kid"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>+PkkQtqY5W12mcVsWYQ/Mec6SQU9B7ulJTAqOBgybGg=</ds:DigestValue> </ds:Reference> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>pTqOsTyDRdNorcnN+abUz0izNZ8iVnGOgSGm6c2G4Yg=</ds:DigestValue> </ds:Reference> <ds:Reference> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>NCLNs3OxbrMMuH75tXB8MoMqd8wjjzZ8GzuFpmQxiLI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo>
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#kid"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>+PkkQtqY5W12mcVsWYQ/Mec6SQU9B7ulJTAqOBgybGg=</ds:DigestValue> </ds:Reference> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>pTqOsTyDRdNorcnN+abUz0izNZ8iVnGOgSGm6c2G4Yg=</ds:DigestValue> </ds:Reference> <ds:Reference> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>NCLNs3OxbrMMuH75tXB8MoMqd8wjjzZ8GzuFpmQxiLI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo>

Sign S<ds:SignedInfo> element using ISO signing private key

The digested <ds:SignedInfo> element is then signed using the participant’s ISO signing private key. The code snippets below demonstrates the signing of the <ds:SignedInfo> with the participant’s ISO signing private key. The generated signature will later be validated using the participant’s ISO signing public key embedded in the message.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#kid"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>+PkkQtqY5W12mcVsWYQ/Mec6SQU9B7ulJTAqOBgybGg=</ds:DigestValue> </ds:Reference> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>pTqOsTyDRdNorcnN+abUz0izNZ8iVnGOgSGm6c2G4Yg=</ds:DigestValue> </ds:Reference> <ds:Reference> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>NCLNs3OxbrMMuH75tXB8MoMqd8wjjzZ8GzuFpmQxiLI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo>
1 yVIwsJR4B/xliOMZaLYdyJDRLfejSn9n6ZLl9Ku1h7f/eNxq6NqRuXF4l5cSTLpPPqWNucrGhexN2Y04qu2+EGElLsNbQ9PMo8sZhVXD/ubI1mMVWbSmlbSEOqRxkE1+H8w10zUiRpAx4wzcHjViZEv0XQUxDkDDAyPcXD6m1cCGY3ntfbBEfXIACFofBcKr4BbfD+KxllJiiDimpEsHGmfLeIdCp8oVKJ8nRw1Nb9T9z80RSs/zCto+EEvrUjI0/9J56/2KYqSMnfIfl/1cCjCz5Pl9uxBk4EbWx0LgVQyBRtg/4ZDAgc/OrMFyHWc4JwL3wgc0Ea5UQg+V5gqS7u98FRS11zsng4fWHlEmDbOsG5W4AC9ZvYMTf5XQgq9EBgCcz7uKcEnj9uFDCtFwpdwiAHPUsVeLDExJBk3MtJwhcX5t5cdsV2XHYcm7HBuiD0GGS2COfOqnEeJXU96UEwqJFvcC69bebf9w5fNkPz+5/h0oPFU4Gx1Qdx+hKoKq

Insert <ds:SignedInfo> signature value into <ds:SignatureValue> element

The result of the signature creation is inserted into the <ds:SignatureValue> element of the <AppHdr>.

1 yVIwsJR4B/xliOMZaLYdyJDRLfejSn9n6ZLl9Ku1h7f/eNxq6NqRuXF4l5cSTLpPPqWNucrGhexN2Y04qu2+EGElLsNbQ9PMo8sZhVXD/ubI1mMVWbSmlbSEOqRxkE1+H8w10zUiRpAx4wzcHjViZEv0XQUxDkDDAyPcXD6m1cCGY3ntfbBEfXIACFofBcKr4BbfD+KxllJiiDimpEsHGmfLeIdCp8oVKJ8nRw1Nb9T9z80RSs/zCto+EEvrUjI0/9J56/2KYqSMnfIfl/1cCjCz5Pl9uxBk4EbWx0LgVQyBRtg/4ZDAgc/OrMFyHWc4JwL3wgc0Ea5UQg+V5gqS7u98FRS11zsng4fWHlEmDbOsG5W4AC9ZvYMTf5XQgq9EBgCcz7uKcEnj9uFDCtFwpdwiAHPUsVeLDExJBk3MtJwhcX5t5cdsV2XHYcm7HBuiD0GGS2COfOqnEeJXU96UEwqJFvcC69bebf9w5fNkPz+5/h0oPFU4Gx1Qdx+hKoKq
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 <AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01" xmlns:n1="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 ASX_AU_CHS_comm_801_001_01_head_001_001_01.xsd"> <Fr> </Fr> <To> </To> <BizMsgIdr>00001|22222336600</BizMsgIdr> <MsgDefIdr>admi.002.001.01</MsgDefIdr> <BizSvc>comm_807_001_01_!p</BizSvc> <CreDt>2018-03-05T02:55:00.001Z</CreDt> <Sgntr> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#kid"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>+PkkQtqY5W12mcVsWYQ/Mec6SQU9B7ulJTAqOBgybGg=</ds:DigestValue> </ds:Reference> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>pTqOsTyDRdNorcnN+abUz0izNZ8iVnGOgSGm6c2G4Yg=</ds:DigestValue> </ds:Reference> <ds:Reference> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>NCLNs3OxbrMMuH75tXB8MoMqd8wjjzZ8GzuFpmQxiLI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>yVIwsJR4B/xliOMZaLYdyJDRLfejSn9n6ZLl9Ku1h7f/eNxq6NqRuXF4l5cSTLpPPqWNucrGhexN2Y04qu2+EGElLsNbQ9PMo8sZhVXD/ubI1mMVWbSmlbSEOqRxkE1+H8w10zUiRpAx4wzcHjViZEv0XQUxDkDDAyPcXD6m1cCGY3ntfbBEfXIACFofBcKr4BbfD+KxllJiiDimpEsHGmfLeIdCp8oVKJ8nRw1Nb9T9z80RSs/zCto+EEvrUjI0/9J56/2KYqSMnfIfl/1cCjCz5Pl9uxBk4EbWx0LgVQyBRtg/4ZDAgc/OrMFyHWc4JwL3wgc0Ea5UQg+V5gqS7u98FRS11zsng4fWHlEmDbOsG5W4AC9ZvYMTf5XQgq9EBgCcz7uKcEnj9uFDCtFwpdwiAHPUsVeLDExJBk3MtJwhcX5t5cdsV2XHYcm7HBuiD0GGS2COfOqnEeJXU96UEwqJFvcC69bebf9w5fNkPz+5/h0oPFU4Gx1Qdx+hKoKq</ds:SignatureValue> <ds:KeyInfo Id="kid"> <ds:X509Data> <ds:X509Certificate>MIIFETCCBLegAwIBAgITGAAAAfiqM0nhfd+e7QAAAAAB+DAKBggqhkjOPQQDAjBrMRIwEAYKCZIm iZPyLGQBGRYCcWExEzARBgoJkiaJk/IsZAEZFgNhc3gxGDAWBgoJkiaJk/IsZAEZFghjdXN0b21l cjEmMCQGA1UEAxMdQVNYIEVudGVycHJpc2UgTVZQIElzc3VpbmcgQ0EwHhcNMjAwMjI2MDI1NzI3 WhcNMjIwMjI1MDI1NzI3WjCBgDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMG U3lkbmV5MRQwEgYDVQQKEwtBU1ggUHR5IEx0ZDEQMA4GA1UECxMHQ1NQLUNERTEqMCgGA1UEAxMh QVNYIElTTyBDREUgU2lnbmF0dXJlIENlcnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A MIIBigKCAYEA217NWG95I88zSPMWCv5bT2JGhgPDserCyuBDod8KgVnf5zvzi6OlluSiebGHUSUt BqbYyy9Pc5F78K9VpDvMaa1h3Wi8rgYpH9wDmaSwE1KrWpkXfvG3//396de0theU0lJCET8K7/dc wHuLDS6vK+Y0EWhosIDymlYdPLnzqRIbM/liSQ99LMX5GmG4CPEnPyty/IJJXe5wSUsVGIcugWuh F+iLdWKmfE2ZMvRg/0ONMuf05LPZewLmqL2RFyXJlP76tIycK+r+9axfgmtRVAf7ds3KvfBO0z4S coTXI9+fNO/5KcJfBXsDW4B6FwjnmwTJtdRRpYa2ullHRaXzVPkN+ETeluADzb5jCP4gKwGGdxNA 1baK1wb5YCX29nsIRnNKNVNToLxuPXNCUe0BMe09KyHzgCo4if1CBGP0Fq24YzRevV8JndGkn71u 0XkubdbpmlKIpLQfR0N6IotH+qKlcGKlFJ1sk7XT6ewsS7+58rh2ch1+fmdwjhqIYyzdAgMBAAGj ggHXMIIB0zA6BgkrBgEEAYI3FQcELTArBiMrBgEEAYI3FQiCmJ4lq7B2iZkct7Atg8K7BRaExsEx hZvxcAIBZAIBHzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWg MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFF+h/P9U iHMH1uqZPuvIKZyGGpkZMB8GA1UdIwQYMBaAFFgbAFWc1UbIUaYtZsVCNHf0AaJlMGkGA1UdHwRi MGAwXqBcoFqGWGZpbGU6Ly8vL0RETFRJQ0EyMDEuY3VzdG9tZXIuYXN4LnFhL0NlcnRFbnJvbGwv QVNYJTIwRW50ZXJwcmlzZSUyME1WUCUyMElzc3VpbmclMjBDQS5jcmwwgZEGCCsGAQUFBwEBBIGE MIGBMH8GCCsGAQUFBzAChnNmaWxlOi8vLy9ERExUSUNBMjAxLmN1c3RvbWVyLmFzeC5xYS9DZXJ0 RW5yb2xsL0RETFRJQ0EyMDEuY3VzdG9tZXIuYXN4LnFhX0FTWCUyMEVudGVycHJpc2UlMjBNVlAl MjBJc3N1aW5nJTIwQ0EuY3J0MAoGCCqGSM49BAMCA0gAMEUCIBcF2StMXozV0uATlTrCTWvS1ea5 kS0S1qZqi2NpY7rzAiEAnOALvr5w9l8GrERu27dFAJ9qZiAHrSAoCTJzuIUwd7s= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </Sgntr> <Rltd> </Rltd> </AppHdr>

 

Add <BizMsg> element back to the signed message

The final step of the Signature Creation process is to add the <BizMsg> element back to the signed message. This ensures the <AppHdr> and <Document> are not separated while in transit.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 <AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01" xmlns:n1="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 ASX_AU_CHS_comm_801_001_01_head_001_001_01.xsd"> <Fr> <OrgId> <Id> <OrgId> <Othr> <Id>00001</Id> </Othr> </OrgId> </Id> </OrgId> </Fr> <To> <OrgId> <Id> <OrgId> <Othr> <Id>00002</Id> </Othr> </OrgId> </Id> </OrgId> </To> <BizMsgIdr>00001|22222336600</BizMsgIdr> <MsgDefIdr>admi.002.001.01</MsgDefIdr> <BizSvc>comm_807_001_01_!p</BizSvc> <CreDt>2018-03-05T02:55:00.001Z</CreDt> <Sgntr> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#kid"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>+PkkQtqY5W12mcVsWYQ/Mec6SQU9B7ulJTAqOBgybGg=</ds:DigestValue> </ds:Reference> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>pTqOsTyDRdNorcnN+abUz0izNZ8iVnGOgSGm6c2G4Yg=</ds:DigestValue> </ds:Reference> <ds:Reference> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>NCLNs3OxbrMMuH75tXB8MoMqd8wjjzZ8GzuFpmQxiLI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>yVIwsJR4B/xliOMZaLYdyJDRLfejSn9n6ZLl9Ku1h7f/eNxq6NqRuXF4l5cSTLpPPqWNucrGhexN2Y04qu2+EGElLsNbQ9PMo8sZhVXD/ubI1mMVWbSmlbSEOqRxkE1+H8w10zUiRpAx4wzcHjViZEv0XQUxDkDDAyPcXD6m1cCGY3ntfbBEfXIACFofBcKr4BbfD+KxllJiiDimpEsHGmfLeIdCp8oVKJ8nRw1Nb9T9z80RSs/zCto+EEvrUjI0/9J56/2KYqSMnfIfl/1cCjCz5Pl9uxBk4EbWx0LgVQyBRtg/4ZDAgc/OrMFyHWc4JwL3wgc0Ea5UQg+V5gqS7u98FRS11zsng4fWHlEmDbOsG5W4AC9ZvYMTf5XQgq9EBgCcz7uKcEnj9uFDCtFwpdwiAHPUsVeLDExJBk3MtJwhcX5t5cdsV2XHYcm7HBuiD0GGS2COfOqnEeJXU96UEwqJFvcC69bebf9w5fNkPz+5/h0oPFU4Gx1Qdx+hKoKq</ds:SignatureValue> <ds:KeyInfo Id="kid"> <ds:X509Data> <ds:X509Certificate>MIIFETCCBLegAwIBAgITGAAAAfiqM0nhfd+e7QAAAAAB+DAKBggqhkjOPQQDAjBrMRIwEAYKCZIm iZPyLGQBGRYCcWExEzARBgoJkiaJk/IsZAEZFgNhc3gxGDAWBgoJkiaJk/IsZAEZFghjdXN0b21l cjEmMCQGA1UEAxMdQVNYIEVudGVycHJpc2UgTVZQIElzc3VpbmcgQ0EwHhcNMjAwMjI2MDI1NzI3 WhcNMjIwMjI1MDI1NzI3WjCBgDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMG U3lkbmV5MRQwEgYDVQQKEwtBU1ggUHR5IEx0ZDEQMA4GA1UECxMHQ1NQLUNERTEqMCgGA1UEAxMh QVNYIElTTyBDREUgU2lnbmF0dXJlIENlcnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A MIIBigKCAYEA217NWG95I88zSPMWCv5bT2JGhgPDserCyuBDod8KgVnf5zvzi6OlluSiebGHUSUt BqbYyy9Pc5F78K9VpDvMaa1h3Wi8rgYpH9wDmaSwE1KrWpkXfvG3//396de0theU0lJCET8K7/dc wHuLDS6vK+Y0EWhosIDymlYdPLnzqRIbM/liSQ99LMX5GmG4CPEnPyty/IJJXe5wSUsVGIcugWuh F+iLdWKmfE2ZMvRg/0ONMuf05LPZewLmqL2RFyXJlP76tIycK+r+9axfgmtRVAf7ds3KvfBO0z4S coTXI9+fNO/5KcJfBXsDW4B6FwjnmwTJtdRRpYa2ullHRaXzVPkN+ETeluADzb5jCP4gKwGGdxNA 1baK1wb5YCX29nsIRnNKNVNToLxuPXNCUe0BMe09KyHzgCo4if1CBGP0Fq24YzRevV8JndGkn71u 0XkubdbpmlKIpLQfR0N6IotH+qKlcGKlFJ1sk7XT6ewsS7+58rh2ch1+fmdwjhqIYyzdAgMBAAGj ggHXMIIB0zA6BgkrBgEEAYI3FQcELTArBiMrBgEEAYI3FQiCmJ4lq7B2iZkct7Atg8K7BRaExsEx hZvxcAIBZAIBHzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWg MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFF+h/P9U iHMH1uqZPuvIKZyGGpkZMB8GA1UdIwQYMBaAFFgbAFWc1UbIUaYtZsVCNHf0AaJlMGkGA1UdHwRi MGAwXqBcoFqGWGZpbGU6Ly8vL0RETFRJQ0EyMDEuY3VzdG9tZXIuYXN4LnFhL0NlcnRFbnJvbGwv QVNYJTIwRW50ZXJwcmlzZSUyME1WUCUyMElzc3VpbmclMjBDQS5jcmwwgZEGCCsGAQUFBwEBBIGE MIGBMH8GCCsGAQUFBzAChnNmaWxlOi8vLy9ERExUSUNBMjAxLmN1c3RvbWVyLmFzeC5xYS9DZXJ0 RW5yb2xsL0RETFRJQ0EyMDEuY3VzdG9tZXIuYXN4LnFhX0FTWCUyMEVudGVycHJpc2UlMjBNVlAl MjBJc3N1aW5nJTIwQ0EuY3J0MAoGCCqGSM49BAMCA0gAMEUCIBcF2StMXozV0uATlTrCTWvS1ea5 kS0S1qZqi2NpY7rzAiEAnOALvr5w9l8GrERu27dFAJ9qZiAHrSAoCTJzuIUwd7s= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </Sgntr> <Rltd> <Fr> <OrgId> <Id> <OrgId> <Othr> <Id>00002</Id> </Othr> </OrgId> </Id> </OrgId> </Fr> <To> <OrgId> <Id> <OrgId> <Othr> <Id>00001</Id> </Othr> </OrgId> </Id> </OrgId> </To> <BizMsgIdr>00002|33111660001234567891000</BizMsgIdr> <MsgDefIdr>DRAFTreda.014.001.01</MsgDefIdr> <BizSvc>inte_904_001_01_!p</BizSvc> <CreDt>2018-06-07T06:44:21.123Z</CreDt> </Rltd> </AppHdr> <Document xmlns="urn:iso:std:iso:20022:tech:xsd:admi.002.001.01" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:admi.002.001.01 ASX_AU_CHS_comm_807_001_01_admi_002_001_01.xsd"> <admi.002.001.01> <RltdRef> <Ref>00001|#UNIQUE_ID#</Ref> </RltdRef> <Rsn> <RjctgPtyRsn>0099</RjctgPtyRsn> <RjctnDtTm>2018-06-07T06:44:21.321Z</RjctnDtTm> <RsnDesc>lineNumber: 21; columnNumber: 48; cvc-pattern-valid: Value 'qazwsx' is not facet-valid with respect to pattern '[A-Z]{6,6}[A-Z2-9][A-NP-Z0-9]([A-Z0-9]{3,3}){0,1}' for type 'AnyBICIdentifier'. </RsnDesc> </Rsn> </admi.002.001.01> </Document>
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 <?xml version="1.0" encoding="UTF-8"?> <BizMsg xmlns="urn:iso:std:iso:20022:tech:xsd:head.002.001.01" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:head.002.001.01 ASX_AU_CHS_comm_802_001_01_head_002_001_01.xsd"> <AppHdr xmlns="urn:iso:std:iso:20022:tech:xsd:head.001.001.01" xmlns:n1="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 ASX_AU_CHS_comm_801_001_01_head_001_001_01.xsd"> <Fr> <OrgId> <Id> <OrgId> <Othr> <Id>00001</Id> </Othr> </OrgId> </Id> </OrgId> </Fr> <To> <OrgId> <Id> <OrgId> <Othr> <Id>00002</Id> </Othr> </OrgId> </Id> </OrgId> </To> <BizMsgIdr>00001|22222336600</BizMsgIdr> <MsgDefIdr>admi.002.001.01</MsgDefIdr> <BizSvc>comm_807_001_01_!p</BizSvc> <CreDt>2018-03-05T02:55:00.001Z</CreDt> <Sgntr> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#kid"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>+PkkQtqY5W12mcVsWYQ/Mec6SQU9B7ulJTAqOBgybGg=</ds:DigestValue> </ds:Reference> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>pTqOsTyDRdNorcnN+abUz0izNZ8iVnGOgSGm6c2G4Yg=</ds:DigestValue> </ds:Reference> <ds:Reference> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>NCLNs3OxbrMMuH75tXB8MoMqd8wjjzZ8GzuFpmQxiLI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>yVIwsJR4B/xliOMZaLYdyJDRLfejSn9n6ZLl9Ku1h7f/eNxq6NqRuXF4l5cSTLpPPqWNucrGhexN2Y04qu2+EGElLsNbQ9PMo8sZhVXD/ubI1mMVWbSmlbSEOqRxkE1+H8w10zUiRpAx4wzcHjViZEv0XQUxDkDDAyPcXD6m1cCGY3ntfbBEfXIACFofBcKr4BbfD+KxllJiiDimpEsHGmfLeIdCp8oVKJ8nRw1Nb9T9z80RSs/zCto+EEvrUjI0/9J56/2KYqSMnfIfl/1cCjCz5Pl9uxBk4EbWx0LgVQyBRtg/4ZDAgc/OrMFyHWc4JwL3wgc0Ea5UQg+V5gqS7u98FRS11zsng4fWHlEmDbOsG5W4AC9ZvYMTf5XQgq9EBgCcz7uKcEnj9uFDCtFwpdwiAHPUsVeLDExJBk3MtJwhcX5t5cdsV2XHYcm7HBuiD0GGS2COfOqnEeJXU96UEwqJFvcC69bebf9w5fNkPz+5/h0oPFU4Gx1Qdx+hKoKq</ds:SignatureValue> <ds:KeyInfo Id="kid"> <ds:X509Data> <ds:X509Certificate>MIIFETCCBLegAwIBAgITGAAAAfiqM0nhfd+e7QAAAAAB+DAKBggqhkjOPQQDAjBrMRIwEAYKCZIm iZPyLGQBGRYCcWExEzARBgoJkiaJk/IsZAEZFgNhc3gxGDAWBgoJkiaJk/IsZAEZFghjdXN0b21l cjEmMCQGA1UEAxMdQVNYIEVudGVycHJpc2UgTVZQIElzc3VpbmcgQ0EwHhcNMjAwMjI2MDI1NzI3 WhcNMjIwMjI1MDI1NzI3WjCBgDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMG U3lkbmV5MRQwEgYDVQQKEwtBU1ggUHR5IEx0ZDEQMA4GA1UECxMHQ1NQLUNERTEqMCgGA1UEAxMh QVNYIElTTyBDREUgU2lnbmF0dXJlIENlcnRpZmljYXRlMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A MIIBigKCAYEA217NWG95I88zSPMWCv5bT2JGhgPDserCyuBDod8KgVnf5zvzi6OlluSiebGHUSUt BqbYyy9Pc5F78K9VpDvMaa1h3Wi8rgYpH9wDmaSwE1KrWpkXfvG3//396de0theU0lJCET8K7/dc wHuLDS6vK+Y0EWhosIDymlYdPLnzqRIbM/liSQ99LMX5GmG4CPEnPyty/IJJXe5wSUsVGIcugWuh F+iLdWKmfE2ZMvRg/0ONMuf05LPZewLmqL2RFyXJlP76tIycK+r+9axfgmtRVAf7ds3KvfBO0z4S coTXI9+fNO/5KcJfBXsDW4B6FwjnmwTJtdRRpYa2ullHRaXzVPkN+ETeluADzb5jCP4gKwGGdxNA 1baK1wb5YCX29nsIRnNKNVNToLxuPXNCUe0BMe09KyHzgCo4if1CBGP0Fq24YzRevV8JndGkn71u 0XkubdbpmlKIpLQfR0N6IotH+qKlcGKlFJ1sk7XT6ewsS7+58rh2ch1+fmdwjhqIYyzdAgMBAAGj ggHXMIIB0zA6BgkrBgEEAYI3FQcELTArBiMrBgEEAYI3FQiCmJ4lq7B2iZkct7Atg8K7BRaExsEx hZvxcAIBZAIBHzAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWg MCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFF+h/P9U iHMH1uqZPuvIKZyGGpkZMB8GA1UdIwQYMBaAFFgbAFWc1UbIUaYtZsVCNHf0AaJlMGkGA1UdHwRi MGAwXqBcoFqGWGZpbGU6Ly8vL0RETFRJQ0EyMDEuY3VzdG9tZXIuYXN4LnFhL0NlcnRFbnJvbGwv QVNYJTIwRW50ZXJwcmlzZSUyME1WUCUyMElzc3VpbmclMjBDQS5jcmwwgZEGCCsGAQUFBwEBBIGE MIGBMH8GCCsGAQUFBzAChnNmaWxlOi8vLy9ERExUSUNBMjAxLmN1c3RvbWVyLmFzeC5xYS9DZXJ0 RW5yb2xsL0RETFRJQ0EyMDEuY3VzdG9tZXIuYXN4LnFhX0FTWCUyMEVudGVycHJpc2UlMjBNVlAl MjBJc3N1aW5nJTIwQ0EuY3J0MAoGCCqGSM49BAMCA0gAMEUCIBcF2StMXozV0uATlTrCTWvS1ea5 kS0S1qZqi2NpY7rzAiEAnOALvr5w9l8GrERu27dFAJ9qZiAHrSAoCTJzuIUwd7s= </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </Sgntr> <Rltd> <Fr> <OrgId> <Id> <OrgId> <Othr> <Id>00002</Id> </Othr> </OrgId> </Id> </OrgId> </Fr> <To> <OrgId> <Id> <OrgId> <Othr> <Id>00001</Id> </Othr> </OrgId> </Id> </OrgId> </To> <BizMsgIdr>00002|33111660001234567891000</BizMsgIdr> <MsgDefIdr>DRAFTreda.014.001.01</MsgDefIdr> <BizSvc>inte_904_001_01_!p</BizSvc> <CreDt>2018-06-07T06:44:21.123Z</CreDt> </Rltd> </AppHdr> <Document xmlns="urn:iso:std:iso:20022:tech:xsd:admi.002.001.01" xsi:schemaLocation="urn:iso:std:iso:20022:tech:xsd:admi.002.001.01 ASX_AU_CHS_comm_807_001_01_admi_002_001_01.xsd"> <admi.002.001.01> <RltdRef> <Ref>00001|#UNIQUE_ID#</Ref> </RltdRef> <Rsn> <RjctgPtyRsn>0099</RjctgPtyRsn> <RjctnDtTm>2018-06-07T06:44:21.321Z</RjctnDtTm> <RsnDesc>lineNumber: 21; columnNumber: 48; cvc-pattern-valid: Value 'qazwsx' is not facet-valid with respect to pattern '[A-Z]{6,6}[A-Z2-9][A-NP-Z0-9]([A-Z0-9]{3,3}){0,1}' for type 'AnyBICIdentifier'. </RsnDesc> </Rsn> </admi.002.001.01> </Document> </BizMsg>