SlideShare una empresa de Scribd logo

Tokenauthenticatie en xml signature in detail

Descargar como PPTX, PDF
Marc de Graauw
Marc de Graauw
TecnologíaNoticias y política
1 de 33
Tokenauthenticatie& XML Signaturein detail
Tokenauthenticatie smartcard met private key Certificaat QURX_ EX990011NL token maken SignedInfo maken RSA / SHA sig maken signedData SignedInfo SignatureValue Bericht maken SOAP bericht
Transformatie XML 2 SignedData Verstrekkings- Lijstquery QURX_IN990111NL_01.xml signedData.xsl signedData QURX_IN990111NL_01_signedData.xml
VerstrekkingsLijstquery
signedData X.509 Strong Authentication message id nonce unieke indentificatie van bericht (if duplicate removal has already taken place) notBefore & notAfter time to live security semantics can expire time to store & check nonce addressedParty replay against other receivers Koppeling met bericht BSN voor patiëntgerelateerde berichten Trigger Event Id versieonafhankelijk, itt. InteractionId
signedData.xml (pretty print)
Token versus bestand
Whitespace eruit signedData QURX_IN990111NL_01_signedData.xml remove- whitespace- between- elements.xsl signedData QURX_IN990111NL_01_signedData.xml
Exclusive Canonicalization signedData QURX_IN990111NL_01_signedData.xml excc14n (Oxygen gebruikt) signedData excc14n signedData_ excc14n.xml
Exclusive Canonicalization
Exclusive Canonicalization Dubbele quotes ipv. enkele Namespace declaraties vóór attributen Namespaces alfabetisch rangschikken Linefeed, geen carriage return of CR/LF Geen Byte Order Mark UTF-8
Signed Info element signedData excc14n signedData_ excc14n.xml bits SignedInfo template SHA1 hash wsu Id 160 bits maken SignedInfo Base64 karakters SignedInfo SignedInfo.xml
SHA: Cryptographic hash Wikipedia: A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value.
SHA SHA1 ... SHA256 1995: SHA-1 NSA 2005: zwaktes in SHA-1 ontdekt 2001: SHA-2 (225, 256, 384, 512) 2008 – 12: SHA-3, open competitie SHA-1 input: message maximum (264 − 1) bits output: 160 bits
Base 64 UTF-8: niet alle octets zijn toegestaan! Ergo: binaire data kunnen niet zomaar in XML / UTF-8 Oplossing: bits -> karakters RFC2045 (MIME) alfabet: [A-Z][a-z][0-9]+/
SHA + Base64 Input (bits) SHA1 (160 bits) 4vBP5K5M5llABaWYzxCrKIdjS2I= Base 64
SignedInfo
RSA with SHA SignedInfo (exc c14n) private key bits SHA1 hash 400 bits RSA 160 bits 408 bits ASN.1 DER formaat Base64 3021300906 052b0e0302 1a05000414 karakters 3031300d06 0960864801 6503040201 05000420 SignatureValue SHA 256 -> 464 bits
Sender Receiver “Hello world” “Hello world” SHA-1 hash: 5llABaWYz xCrKIdjS... Public key: MIICHzCCAY ygAwIBAgI..... OK Private key: shhhh..... RSA sig value: c9fVK7vYAdv s2DRZVtS... RSA sig value: c9fVK7vYAdv s2DRZVtS...
Security Services (X.800) Authentication Authorization Data Confidentiality Data Integrity Non-repudiation
Security services
Key usage
SOAP bericht signedData SignedInfo SignatureValue Certificaat verwijzing QURX_ EX990011NL Header maken Header maken authentication Tokens wss:Security Bericht maken SOAP bericht
SOAP bericht
Transformatie XML 2 SignedData Verstrekkings- Lijstquery QURX_IN990111NL_01.xml signedData.xsl signedData QURX_IN990111NL_01_signedData.xml
Whitespace eruit signedData QURX_IN990111NL_01_signedData.xml remove- whitespace- between- elements.xsl signedData QURX_IN990111NL_01_signedData.xml
Exclusive Canonicalization signedData QURX_IN990111NL_01_signedData.xml excc14n (Oxygen gebruikt) signedData excc14n signedData_ excc14n.xml
Signed Info element signedData excc14n signedData_ excc14n.xml bits SignedInfo template SHA1 hash wsu Id 160 bits maken SignedInfo Base64 karakters SignedInfo SignedInfo.xml
RSA with SHA SignedInfo (exc c14n) private key bits SHA1 hash 400 bits RSA 160 bits 160 bits ASN.1 DER formaat Base64 3021300906 052b0e0302 1a05000414 karakters 3031300d06 0960864801 6503040201 05000420 SignatureValue SHA 256 -> 464 bits
SOAP bericht signedData SignedInfo SignatureValue Certificaat verwijzing QURX_ EX990011NL Header maken Header maken authentication Tokens wss:Security Bericht maken SOAP bericht
Tokenauthenticatie smartcard met private key Certificaat QURX_ EX990011NL token maken SignedInfo maken RSA / SHA sig maken signedData SignedInfo SignatureValue Bericht maken SOAP bericht

Recomendados

Apple tree
Apple treeApple tree
Apple tree
Behta Mirjany
 
Road map to tap global opportunities feb 2015
Road map to tap global opportunities feb 2015Road map to tap global opportunities feb 2015
Road map to tap global opportunities feb 2015
CA George Kurian
 
Project mercury
Project mercuryProject mercury
Project mercury
mstcmath
 
Lynx
LynxLynx
Lynx
AimeeJ
 
Branded Facebook Landing Pages
Branded Facebook Landing PagesBranded Facebook Landing Pages
Branded Facebook Landing Pages
marcogiordano
 
Informe conclusiones think tank aplicaciones móviles y turismo
Informe conclusiones think tank aplicaciones móviles y turismoInforme conclusiones think tank aplicaciones móviles y turismo
Informe conclusiones think tank aplicaciones móviles y turismo
Turismo.as
 
Turismo.as, Winning Tourism Strategist
Turismo.as, Winning Tourism StrategistTurismo.as, Winning Tourism Strategist
Turismo.as, Winning Tourism Strategist
Turismo.as
 
Apollo- Megan O'Neil
Apollo- Megan O'NeilApollo- Megan O'Neil
Apollo- Megan O'Neil
mstcmath
 

Recomendados

Apple tree
Apple treeApple tree
Apple tree
Behta Mirjany
 
Road map to tap global opportunities feb 2015
Road map to tap global opportunities feb 2015Road map to tap global opportunities feb 2015
Road map to tap global opportunities feb 2015
CA George Kurian
 
Project mercury
Project mercuryProject mercury
Project mercury
mstcmath
 
Lynx
LynxLynx
Lynx
AimeeJ
 
Branded Facebook Landing Pages
Branded Facebook Landing PagesBranded Facebook Landing Pages
Branded Facebook Landing Pages
marcogiordano
 
Informe conclusiones think tank aplicaciones móviles y turismo
Informe conclusiones think tank aplicaciones móviles y turismoInforme conclusiones think tank aplicaciones móviles y turismo
Informe conclusiones think tank aplicaciones móviles y turismo
Turismo.as
 
Turismo.as, Winning Tourism Strategist
Turismo.as, Winning Tourism StrategistTurismo.as, Winning Tourism Strategist
Turismo.as, Winning Tourism Strategist
Turismo.as
 
Apollo- Megan O'Neil
Apollo- Megan O'NeilApollo- Megan O'Neil
Apollo- Megan O'Neil
mstcmath
 
Elektronische handtekening in de zorg
Elektronische handtekening in de zorgElektronische handtekening in de zorg
Elektronische handtekening in de zorg
Marc de Graauw
 
Authentication and signatures overview
Authentication and signatures overviewAuthentication and signatures overview
Authentication and signatures overview
Marc de Graauw
 
Identiteit in de ict
Identiteit in de ictIdentiteit in de ict
Identiteit in de ict
Marc de Graauw
 
Reliable messaging
Reliable messagingReliable messaging
Reliable messaging
Marc de Graauw
 
Overzicht aorta
Overzicht aortaOverzicht aorta
Overzicht aorta
Marc de Graauw
 
Hl7v3 schema issues
Hl7v3 schema issuesHl7v3 schema issues
Hl7v3 schema issues
Marc de Graauw
 
Hl7v3 and web services
Hl7v3 and web servicesHl7v3 and web services
Hl7v3 and web services
Marc de Graauw
 
XML tekortkomingen en pluspunten
XML tekortkomingen en pluspuntenXML tekortkomingen en pluspunten
XML tekortkomingen en pluspunten
Marc de Graauw
 
Versioning theory
Versioning theoryVersioning theory
Versioning theory
Marc de Graauw
 
Versiecontrole in de keten
Versiecontrole in de ketenVersiecontrole in de keten
Versiecontrole in de keten
Marc de Graauw
 
Unicode
UnicodeUnicode
Unicode
Marc de Graauw
 
Luister niet naar de gebruiker
Luister niet naar de gebruikerLuister niet naar de gebruiker
Luister niet naar de gebruiker
Marc de Graauw
 
Overzicht hl7v3
Overzicht hl7v3Overzicht hl7v3
Overzicht hl7v3
Marc de Graauw
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Más contenido relacionado

Más de Marc de Graauw

Elektronische handtekening in de zorg
Elektronische handtekening in de zorgElektronische handtekening in de zorg
Elektronische handtekening in de zorg
Marc de Graauw
 
Authentication and signatures overview
Authentication and signatures overviewAuthentication and signatures overview
Authentication and signatures overview
Marc de Graauw
 
Hl7v3 and web services
Hl7v3 and web servicesHl7v3 and web services
Hl7v3 and web services
Marc de Graauw
 
XML tekortkomingen en pluspunten
XML tekortkomingen en pluspuntenXML tekortkomingen en pluspunten
XML tekortkomingen en pluspunten
Marc de Graauw
 
Versiecontrole in de keten
Versiecontrole in de ketenVersiecontrole in de keten
Versiecontrole in de keten
Marc de Graauw
 
Luister niet naar de gebruiker
Luister niet naar de gebruikerLuister niet naar de gebruiker
Luister niet naar de gebruiker
Marc de Graauw
 

Más de Marc de Graauw (13)

Elektronische handtekening in de zorg
Elektronische handtekening in de zorgElektronische handtekening in de zorg
Elektronische handtekening in de zorg
 
Authentication and signatures overview
Authentication and signatures overviewAuthentication and signatures overview
Authentication and signatures overview
 
Identiteit in de ict
Identiteit in de ictIdentiteit in de ict
Identiteit in de ict
 
Reliable messaging
Reliable messagingReliable messaging
Reliable messaging
 
Overzicht aorta
Overzicht aortaOverzicht aorta
Overzicht aorta
 
Hl7v3 schema issues
Hl7v3 schema issuesHl7v3 schema issues
Hl7v3 schema issues
 
Hl7v3 and web services
Hl7v3 and web servicesHl7v3 and web services
Hl7v3 and web services
 
XML tekortkomingen en pluspunten
XML tekortkomingen en pluspuntenXML tekortkomingen en pluspunten
XML tekortkomingen en pluspunten
 
Versioning theory
Versioning theoryVersioning theory
Versioning theory
 
Versiecontrole in de keten
Versiecontrole in de ketenVersiecontrole in de keten
Versiecontrole in de keten
 
Unicode
UnicodeUnicode
Unicode
 
Luister niet naar de gebruiker
Luister niet naar de gebruikerLuister niet naar de gebruiker
Luister niet naar de gebruiker
 
Overzicht hl7v3
Overzicht hl7v3Overzicht hl7v3
Overzicht hl7v3
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Último (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Tokenauthenticatie en xml signature in detail

  • 2. Tokenauthenticatie smartcard met private key Certificaat QURX_ EX990011NL token maken SignedInfo maken RSA / SHA sig maken signedData SignedInfo SignatureValue Bericht maken SOAP bericht
  • 3. Transformatie XML 2 SignedData Verstrekkings- Lijstquery QURX_IN990111NL_01.xml signedData.xsl signedData QURX_IN990111NL_01_signedData.xml
  • 5. signedData X.509 Strong Authentication message id nonce unieke indentificatie van bericht (if duplicate removal has already taken place) notBefore & notAfter time to live security semantics can expire time to store & check nonce addressedParty replay against other receivers Koppeling met bericht BSN voor patiëntgerelateerde berichten Trigger Event Id versieonafhankelijk, itt. InteractionId
  • 8. Whitespace eruit signedData QURX_IN990111NL_01_signedData.xml remove- whitespace- between- elements.xsl signedData QURX_IN990111NL_01_signedData.xml
  • 9. Exclusive Canonicalization signedData QURX_IN990111NL_01_signedData.xml excc14n (Oxygen gebruikt) signedData excc14n signedData_ excc14n.xml
  • 11. Exclusive Canonicalization Dubbele quotes ipv. enkele Namespace declaraties vóór attributen Namespaces alfabetisch rangschikken Linefeed, geen carriage return of CR/LF Geen Byte Order Mark UTF-8
  • 12. Signed Info element signedData excc14n signedData_ excc14n.xml bits SignedInfo template SHA1 hash wsu Id 160 bits maken SignedInfo Base64 karakters SignedInfo SignedInfo.xml
  • 13. SHA: Cryptographic hash Wikipedia: A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value.
  • 14. SHA SHA1 ... SHA256 1995: SHA-1 NSA 2005: zwaktes in SHA-1 ontdekt 2001: SHA-2 (225, 256, 384, 512) 2008 – 12: SHA-3, open competitie SHA-1 input: message maximum (264 − 1) bits output: 160 bits
  • 15. Base 64 UTF-8: niet alle octets zijn toegestaan! Ergo: binaire data kunnen niet zomaar in XML / UTF-8 Oplossing: bits -> karakters RFC2045 (MIME) alfabet: [A-Z][a-z][0-9]+/
  • 16. SHA + Base64 Input (bits) SHA1 (160 bits) 4vBP5K5M5llABaWYzxCrKIdjS2I= Base 64
  • 18. RSA with SHA SignedInfo (exc c14n) private key bits SHA1 hash 400 bits RSA 160 bits 408 bits ASN.1 DER formaat Base64 3021300906 052b0e0302 1a05000414 karakters 3031300d06 0960864801 6503040201 05000420 SignatureValue SHA 256 -> 464 bits
  • 19. Sender Receiver “Hello world” “Hello world” SHA-1 hash: 5llABaWYz xCrKIdjS... Public key: MIICHzCCAY ygAwIBAgI..... OK Private key: shhhh..... RSA sig value: c9fVK7vYAdv s2DRZVtS... RSA sig value: c9fVK7vYAdv s2DRZVtS...
  • 20.
  • 21. Security Services (X.800) Authentication Authorization Data Confidentiality Data Integrity Non-repudiation
  • 24. SOAP bericht signedData SignedInfo SignatureValue Certificaat verwijzing QURX_ EX990011NL Header maken Header maken authentication Tokens wss:Security Bericht maken SOAP bericht
  • 26.
  • 27. Transformatie XML 2 SignedData Verstrekkings- Lijstquery QURX_IN990111NL_01.xml signedData.xsl signedData QURX_IN990111NL_01_signedData.xml
  • 28. Whitespace eruit signedData QURX_IN990111NL_01_signedData.xml remove- whitespace- between- elements.xsl signedData QURX_IN990111NL_01_signedData.xml
  • 29. Exclusive Canonicalization signedData QURX_IN990111NL_01_signedData.xml excc14n (Oxygen gebruikt) signedData excc14n signedData_ excc14n.xml
  • 30. Signed Info element signedData excc14n signedData_ excc14n.xml bits SignedInfo template SHA1 hash wsu Id 160 bits maken SignedInfo Base64 karakters SignedInfo SignedInfo.xml
  • 31. RSA with SHA SignedInfo (exc c14n) private key bits SHA1 hash 400 bits RSA 160 bits 160 bits ASN.1 DER formaat Base64 3021300906 052b0e0302 1a05000414 karakters 3031300d06 0960864801 6503040201 05000420 SignatureValue SHA 256 -> 464 bits
  • 32. SOAP bericht signedData SignedInfo SignatureValue Certificaat verwijzing QURX_ EX990011NL Header maken Header maken authentication Tokens wss:Security Bericht maken SOAP bericht
  • 33. Tokenauthenticatie smartcard met private key Certificaat QURX_ EX990011NL token maken SignedInfo maken RSA / SHA sig maken signedData SignedInfo SignatureValue Bericht maken SOAP bericht