We Keep Coding

php openssl asymmetric decrypt

I was hopping someone could help me to understand how to decrypt a xml file that was previously encrypted with a public key. The file is devided into two sections, the AuthenticatedPublic section and the AuthenticatedPrivate section, inside the latter, there are specific tags like CipherValue, X509Certificate that are suppose to be decrypted with my private key. The steps i have tried were:
Parse the entire xml file with XmlToArray.
Got one of the tags i need to decrypt, which was the cyphervalue.
Then i tried many things like trying to to decrypt using:(i´m using php, so this is inside a function)
openssl rsautl -decrypt -inkey "'.$privkey.'" -in "'.$tag.'" -out decrypted.xml
But the result is an empty decrypted.xml file. I have also tried converting to base64, and then tried to decrypt also, but then i reach an error:
rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error:.\crypto\rsa\rsa_pk1.c:273:
5612:error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed:.\crypto\rsa\rsa_eay.c:602:
In fact, i´m not really sure if this is the way to decrypt the xml. Any thoughts?
Thanks for your time, Regards
EDIT
Has Pak Uula suggested, below is a more detailed information about my xml file, please note that i have hide some of the data for obvious reasons:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<DCinemaSecurityMessage xmlns="http://www.smpte-ra.org/schemas/430-3/2006/ETM" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:enc="http://www.w3.org/2001/04/xmlenc#">
<AuthenticatedPublic Id="ID_AuthenticatedPublic">
...(keys hidded for brevity)
<RequiredExtensions>
<KDMRequiredExtensions xmlns="http://www.smpte-ra.org/schemas/430-1/2006/KDM">
...(keys hidded for brevity)
....(below some of the keys that i need to decrypt)
<CompositionPlaylistId>urn:uuid:d932f6a0-094b-etc-etc-etc</CompositionPlaylistId>
<ContentTitleText>...</ContentTitleText>
..
<AuthorizedDeviceInfo>
<DeviceListIdentifier>urn:uuid:31949239-a1f9-etc-etc-etc</DeviceListIdentifier>
<DeviceList>
<CertificateThumbprint>2jmj7l5rSw0yVb/vlW-etc-etc-etc</CertificateThumbprint>
</DeviceList>
</AuthorizedDeviceInfo>
<KeyIdList>
<TypedKeyId>
<KeyType>MDIK</KeyType>
<KeyId>urn:uuid:154727b3-890c-etc-etc-etc</KeyId>
</TypedKeyId>
<TypedKeyId>
<KeyType>MDAK</KeyType>
<KeyId>urn:uuid:682c2ff0-9b1d-etc-etc-etc</KeyId>
</TypedKeyId>
</KeyIdList>
</KDMRequiredExtensions>
</RequiredExtensions>
<NonCriticalExtensions />
</AuthenticatedPublic>
<AuthenticatedPrivate Id="ID_AuthenticatedPrivate">
<enc:EncryptedKey xmlns:enc="http://www.w3.org/2001/04/xmlenc#">
...(keys hidded for brevity)
....(below some of the keys that i need to decrypt)
<enc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
<enc:CipherData>
<enc:CipherValue>lwYdkG5Q5wfW/S7UzZDtnJMcAng3w3ketzkh68y1BeX+okNEj48b5rSWUC/4mNhT
N2QsHxOCkvKDavIGGSAP23tdp0VtdeHTNAszcgK4Xzc8VHGUEiswONCOxTzNWuwj
...etc etc
zfHceeHN50b8vzM/Rt/jTUq54eC3nE+lP3eTXbLj/YvpPo8H45Sti9YP9WZixGHz
Uvf6Go31+3JwsXXIUl3O+w==</enc:CipherValue>
</enc:CipherData>
</enc:EncryptedKey>
<enc:EncryptedKey xmlns:enc="http://www.w3.org/2001/04/xmlenc#">
<enc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
<enc:CipherData>
<enc:CipherValue>TvC1LCspgTsXqM1b8ClPCtAkAdXXzxe+Av7LMxYtUaqUbd8HeBuaS1cx3WwoVRDr
TWcrBEnv24GbIB5ygcMFW3DlGsXfmWJGnRNx/6xT/U15RQPgoD9AP4WFEHxthzP0
...etc etc
1ajG5lDjEu4TqjdL7DPGNu9HfI9boerJ5FUFQ/fMdD4xbDHdc4DgIQdTUgLFGHJz
RwOyfOAcSNoO/fpAkMXoEw==</enc:CipherValue>
</enc:CipherData>
</enc:EncryptedKey>
</AuthenticatedPrivate>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
<ds:Reference URI="#ID_AuthenticatedPublic">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>KJ37JaHCdMo5dq3TmIaxF+A+lpuoVG-etc-etc-etc</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#ID_AuthenticatedPrivate">
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
<ds:DigestValue>rcIAaHZoc80XqB70S2oZEp6IziDrVgwt-etc-etc-etc</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>hcOaWg8mzwc61XkyqXxy6+cuuGtrsDjTVzFeSv4ZAs6INQBTYChGiHD00lE8ud02
uG/bbjcqHiMVAFdhZIjw1xIs0FrAh3EdO7eJtiyGl1CpK9z5X9VXizkkhf4wWAZS
....etc etc
0i9iV4sMJlZn4j9glWiTgA==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>dnQualifier=4py0tKtJ07bHLNbK-etc-etc-etc,OU=...,O=...,CN=...</ds:X509IssuerName>
<ds:X509SerialNumber>167201700</ds:X509SerialNumber>
</ds:X509IssuerSerial>
<ds:X509Certificate>MIIEZDCCA0ygAwIBAgIECfdLpDANBgkqhkiG9w0BAQsFADBzMRIwEAYDVQQDEwku
VmltcDE2MDQxEzARBgNVBAoTCi5EQy5DQS5SdVMxITAfBgNVBAsTGC5DbGlwc3Rl
ci5GQk1TLkRDLkNBLlJ1UzElMCMGA1UELhMcNHB5MHRLdEowN2JITE5iS2VwdTRG
-etc-etc-etc
/g07WLzKPQmLxR8I/8GhdyI3Nez+16rJPKMJ3eUV7qLuvA1B2VQ93jBzC4fVvzfI
xFYzYV2RO+VquC/dcgPHKLZPhR1Rp4zP74lGAPIloQa1kpVzjoGypK7QDWLFg+IG
XBtw1dtscIywnqTxYXaxXwic9OlQ2mcmMS7sh2ke2xB9CLYD9JmjPaV71A4J2Y2Y
eF6WeFKIzkKp0fJffqDbFFvKfap3K9e000K/Yno5fFurWW/fagdGEHAXB0zHCj7k
d14u2vegqToKdMsybcA5RngZ7YWYQZKJ
</ds:X509Certificate>
</ds:X509Data>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>dnQualifier=wiwAlHjwPoipV-etc-etc-etc,OU=....,O=....,CN=...</ds:X509IssuerName>
<ds:X509SerialNumber>9714</ds:X509SerialNumber>
</ds:X509IssuerSerial>
<ds:X509Certificate>MIIELDCCAxSgAwIBAgICJfIwDQYJKoZIhvcNAQELBQAwajESMBAGA1UEAxMJLkNs
aXBzdGVyMRMwEQYDVQQKEwouREMuQ0EuUnVTMRgwFgYDVQQLEw8uRkJNUy5EQy5D
QS5SdVMxJTAjBgNVBC4THHdpd0FsSGp3UG9pcFY1d3ZEd1pZMFhUYWlNTT0wHhcN
-etc-etc-etc
fiZ3Ljj0uayRAaJtOpflj8RYgWgf2oQvA3vIdc35J2WCea9xm+MLBjycJeaHqgcb
h1hh4qWtaINElm2sdf1p8/feBU0vBV/4ey0TR86tF0FhuVBCg4v9HqrFMY+m4/xJ
wyMCysIxr7ZgszAMOgarYD6JfhNGWm+1VAyI7lR/VspPj6FV0hVOwCb9QZHA/c1Z
5vMeW+Wx3C+1q4HBYHm+ryc7lTt045w7HilTig07g0K6DMaf8G3V5kxZpOQcVWn3
iNFT6Fzg+bE9YD2FdhnVOQ==
</ds:X509Certificate>
</ds:X509Data>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>dnQualifier=JknMF1MuF3k1Jg-etc-etc-etc=,OU=...,O=...,CN=...</ds:X509IssuerName>
<ds:X509SerialNumber>9712</ds:X509SerialNumber>
</ds:X509IssuerSerial>
<ds:X509Certificate>MIIEGjCCAwKgAwIBAgICJfAwDQYJKoZIhvcNAQELBQAwYTEOMAwGA1UEAxMFLkZC
TVMxEzARBgNVBAoTCi5EQy5DQS5SdVMxEzARBgNVBAsTCi5EQy5DQS5SdVMxJTAj
BgNVBC4THEprbk1GMU11RjNrMUpnL2JFZm1uWjVpNnlmcz0wHhcNMTUxMDAxMDAw
-etc-etc-etc
+mMkPdu2GuXJj4BBQY0ayoixrSyHg3stATcdeEbU1WESEsmztT8coXMLrd3/W0I6
ahe/dQyOSnZtv8RBL/Zb3Mnih+BQGSbiKlpWNoev71/r5JxA4/grffAfeFjnWy8E
zhAKe9wGx+wR+yQhSBUTHtGE/cA9NfOvOnRvO3BEXsfcJASFXITayaZ7MxP3Mgl/
4RnNxmgKFVY62LLZRo+DmXHhnilVBxrk1YEtBq/mb9R7SYtI5AmfL+B0TUJWGQ==
</ds:X509Certificate>
</ds:X509Data>
<ds:X509Data>
<ds:X509IssuerSerial>
<ds:X509IssuerName>dnQualifier=JknMF1MuF3k1Jg-etc-etc-etc,OU=...,O=....,CN=....</ds:X509IssuerName>
<ds:X509SerialNumber>9711</ds:X509SerialNumber>
</ds:X509IssuerSerial>
<ds:X509Certificate>MIIEETCCAvmgAwIBAgICJe8wDQYJKoZIhvcNAQELBQAwYTEOMAwGA1UEAxMFLkZC
TVMxEzARBgNVBAoTCi5EQy5DQS5SdVMxEzARBgNVBAsTCi5EQy5DQS5SdVMxJTAj
BgNVBC4THEprbk1GMU11RjNrMUpnL2JFZm1uWjVpNnlmcz0wHhcNMTUxMDAxMDAw
-etc-etc-etc
iFwmmsU6j0BosEVv/NcdmyoZ68rY0xrjSiCLY7lreHec58ZFXOxNKQsfNJGriyrg
30nMPjp/tgaHK6RZ+XL8sRX9NY+ySBeS/uQtCeH5CtCavIwPrurv5BUbzNmIB5FK
m4wvtXmfVcxTnL4lYHvyhqieDsm+Uwv7Fwt03ygqXeW5IPCs7nqcLwYzhm/7Mn5d
3YBiLH4B0+W2Mq5px0Hrm/2pOVEXv67mbSgdGsHnAYu/f0xN2A==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</DCinemaSecurityMessage>

SOAP Security WSEE & WSU PHP Request

I have been racking my brains and have been googling all day but have come to nothing, I am using an API that uses the
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd and http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd and signature values here is an example of the header i am trying to send in my request
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-91553746A32F6E86A9152119298361091">REMOVED</wsse:BinarySecurityToken>
<ds:Signature Id="SIG-91553746A32F6E86A9152119298361195" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ser ser1 soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#id-91553746A32F6E86A9152119298361094">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="ser ser1" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>HG6Tb/IJfVWj4ZC1guDubIrFk4nw1IgoPavDqkSCrLM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue></ds:SignatureValue>
<ds:KeyInfo Id="KI-91553746A32F6E86A9152119298361092">
<wsse:SecurityTokenReference wsu:Id="STR-91553746A32F6E86A9152119298361093">
<wsse:Reference URI="#X509-91553746A32F6E86A9152119298361091" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
Is there someone out there that can help me build this using SOAP request in PHP.... i'm stumped.

IdP initiated SSO with SimplesamlPHP

I am having trouble implementing an IdP initiated login with SimplesamlPHP.
Understanding what I have to do from the documentation is not the easiest thing.
I am redirecting the user to the IdP server and after logging in, the server sends the SP an XML file which includes the email user's address, ID and other data.
This looks like a successful login but at this point I don't know what to do with that XML. Should i parse it myself or use simplesaml for that?
How do i validate the signature?
Here is the XML I am receiving:
<samlp:Response Destination="http://example.com/auth/acs" ID="HK1goP6OuzQs2Xrd-CN9gAkRt0Z" IssueInstant="2016-05-25T13:52:32.075Z" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">Stage-az:sp:MediEventsregapp</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#HK1goP6OuzQs2Xrd-CN9gAkRt0Z">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>anIASGQuZD+Z7oBVc/VJ9TuTDCcddHOkUHJuo4KGE4o=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>Pw5N1U+IxXAkCARDLFHkSyinhCqy5jJ8ljkJRfVSCzWl9z/gZb87aSGs+1XH+yJJs9wOKlSisnaNBHDOPocoweqXMCePskQp0d46GX8FKLKrFPwNeyta/MnC+y2ujT/mRbd8znTkXt9ZKS2WNZbQuAgRP+4mIh+C4R0J7xjzBgPhJR+IpaAeSlFuI3oS2ggh5+fe68BQtreEAcwc4ehbt93SQA5ryXgVAWRX4COeuETj/4t5dVhk1f34JdUSO0n13U6xRheAyGJJ7njRMntNQCAGkcB6F7GEK0bEnLFTfImYhJOascURyjWUnCqyZbWt5SBKUNdWL1P90W2b17eqmg==</ds:SignatureValue>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:Assertion ID="VFBGJiVRjw.GE4s8KVI2G0oyIOv" IssueInstant="2016-05-25T13:52:32.106Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Issuer>Stage-az:sp:MediEventsregapp</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">john.smith#example.com</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2016-05-25T13:57:32.106Z" Recipient="http://example.com/auth/acs"/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2016-05-25T13:47:32.106Z" NotOnOrAfter="2016-05-25T13:57:32.106Z">
<saml:AudienceRestriction>
<saml:Audience>Stage-az:sp:MediEventsregapp</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2016-05-25T13:52:32.106Z" SessionIndex="VFBGJiVRjw.GE4s8KVI2G0oyIOv">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
<saml:Attribute Name="PRID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">kyjh364</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>

simpleSAMLphp gives you the functions that you need in order to validate and process the SAMLResponse.
The IdP should be sending the SAMLResponse to the Service Provider's Assertion Consumer URL where the state is saved. All you need to do is to create a php file and use the following methods:
https://simplesamlphp.org/docs/stable/simplesamlphp-sp-api

sImplexml_load_string doesn't fully load XAdES-BES signature XML

I've got XML containing XAdES-BES digita signature:
<?xml version="1.0" encoding="UTF-8"?>
<Signatures Id="ID-222cf3cf-0f0b-49d2-b7cb-4cf47bb373cb">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="ID-9a61610b-c8e3-4201-bf41-a174cbc21634">
<ds:SignedInfo Id="ID-8ebe3e85-1413-4fec-a14c-7264546ab770">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference Id="ID-e751928b-6823-47ad-a5ae-b7ccdf301751" URI="#ID-e37958b8-134c-4f51-9b25-8274fd1edce7">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>Z7q3zqS5FTNPP/mj0rDmUV5PdZQ=</ds:DigestValue>
</ds:Reference>
<ds:Reference Id="ID-396858b0-7e4b-42e1-ba5f-18368f90f0df" URI="#ID-90b9721b-1d1c-4104-ae2c-ebb6b251cf2b" Type="http://uri.etsi.org/01903#SignedProperties">
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>H7EeV4pPoJ6WhWFnVSo3WNu3Yj8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue Id="ID-949000f9-85bc-435e-b387-8f7aa5551d75">a0cc/hQYjmwQC8ssBzolLyArUqOVi+s6cP+lbxku69qGleBUroQlvD6o+GpIxSJB6wlWwic3YjuxDxn9
mfW2jCLYEEM1RB277ChnHASakC+vbBP03LWC+GxsOe0seKMVsCc0EPwS5kk5RfvrUN6sTxWSW/2MOIXG
4fW1cAtjh1SjDN9Ij38SIuWpW8guJ9EGEVyTUuTiZ5dbpHfxftgKfHmr16aMpXk0ta46X2UuGTQRB+E/
0W+RpLqdmTP5VG0CxT8Z2H4n6puGL0yC20SsZZDethL/Vnr67EXTPmHFUwoZOGNu+0IFdBJW4HvLA5rF
czL82MOsCoFXqzMVxGxiqw==</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>AL4k+zz02RytjonBY0af0dfuuDJhNg0dypClqzkLyyLjkTa9QUbtdtA20lRuogjFqb6CVpqQ/PEdXDK5
bN6qGBQGsmdqkgru6A8aAc57QawEcbEL+rDue1L+mqM/JVnr+DAWOehITd8HzS0JQTQcxF1Lv0L1GNbJ
P8/bo8Coj2EVtKZ9tBI9+AZUdZ11uKBYj9uvKy0VGufjoljIIrQASIft4nw8a/WF+beEYOrl3PqnBcAo
Lc/CJiNsnsASws0a/EKuaP3vQbIo36s7FVH7U4x/8ypcAPsmtgi9LbH+v9Ugc2CiCj7krJIT3X9EwkjC
FUq+MykmVvfW0D0bOTP2X5k=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
<ds:X509Data>
<ds:X509Certificate>MIIGETCCBPmgAwIBAgIUaQ+g3SS0YfvHQus43mbJ+4FSYegwDQYJKoZIhvcNAQEFBQAwczELMAkGA1UE
BhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6ZW5pb3dhIFMuQS4xJDAiBgNVBAMMG0NP
UEUgU1pBRklSIC0gS3dhbGlmaWtvd2FueTEUMBIGA1UEBRMLTnIgd3Bpc3U6IDYwHhcNMTUxMDA4MTIw
MDAwWhcNMTYxMDA4MTIwMDAwWjB2MQswCQYDVQQGEwJQTDEbMBkGA1UEBRMSUEVTRUw6IDg2MDYxMzE0
Mzk3MR8wHQYDVQQDDBZLYW1pbCBTZWJhc3RpYW4gTWlqYWN6MRgwFgYDVQQqDA9LYW1pbCBTZWJhc3Rp
YW4xDzANBgNVBAQMBk1pamFjejCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL4k+zz02Ryt
jonBY0af0dfuuDJhNg0dypClqzkLyyLjkTa9QUbtdtA20lRuogjFqb6CVpqQ/PEdXDK5bN6qGBQGsmdq
kgru6A8aAc57QawEcbEL+rDue1L+mqM/JVnr+DAWOehITd8HzS0JQTQcxF1Lv0L1GNbJP8/bo8Coj2EV
tKZ9tBI9+AZUdZ11uKBYj9uvKy0VGufjoljIIrQASIft4nw8a/WF+beEYOrl3PqnBcAoLc/CJiNsnsAS
ws0a/EKuaP3vQbIo36s7FVH7U4x/8ypcAPsmtgi9LbH+v9Ugc2CiCj7krJIT3X9EwkjCFUq+MykmVvfW
0D0bOTP2X5kCAwEAAaOCApgwggKUMAwGA1UdEwEB/wQCMAAwggFPBgNVHSABAf8EggFDMIIBPzCCATsG
CSqEaAGG9yMBATCCASwwgd0GCCsGAQUFBwICMIHQDIHNRGVrbGFyYWNqYSB0YSBqZXN0IG/Fm3dpYWRj
emVuaWVtIHd5ZGF3Y3ksIMW8ZSB0ZW4gY2VydHlmaWthdCB6b3N0YcWCIHd5ZGFueSBqYWtvIGNlcnR5
ZmlrYXQga3dhbGlmaWtvd2FueSB6Z29kbmllIHogd3ltYWdhbmlhbWkgdXN0YXd5IG8gcG9kcGlzaWUg
ZWxla3Ryb25pY3pueW0gb3JheiB0b3dhcnp5c3rEhWN5bWkgamVqIHJvenBvcnrEhWR6ZW5pYW1pLjBK
BggrBgEFBQcCARY+aHR0cDovL3d3dy5lbGVrdHJvbmljem55cG9kcGlzLnBsL2luZm9ybWFjamUvZG9r
dW1lbnR5LWktdW1vd3kwCQYDVR0JBAIwADAhBgNVHREEGjAYgRZrYW1pbC5taWphY3pAZ21haWwuY29t
MA4GA1UdDwEB/wQEAwIGQDCBsAYDVR0jBIGoMIGlgBTMQSp2mC5KehnakTbf2H85P9TCrqF3pHUwczEL
MAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6ZW5pb3dhIFMuQS4xJDAiBgNV
BAMMG0NPUEUgU1pBRklSIC0gS3dhbGlmaWtvd2FueTEUMBIGA1UEBRMLTnIgd3Bpc3U6IDaCFH18c1x7
vNOu01acH+WfGYiAcun0MEAGA1UdHwQ5MDcwNaAzoDGGL2h0dHA6Ly9lbGVrdHJvbmljem55cG9kcGlz
LnBsL2NybC9jcmxfb3prNTIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAP0zddWprl5hpXiIiMGcC5D7ob
/nj3wvfOUm0QCf7+ZEorfr6EC96B6F/cNtZ1wXtAQXkf5Zm3gPhbKXY6XWM2NDWadZrDV9zV75Ab06dQ
5qmDfuMGTfPUdH3+QBmW7YnniWPCGuMzGNlP9DpZ45YrgRnwlsZSHMhX0HiEeDfYKAkGhIaJ7lcPlZrj
zWBdhUOgYm06pYf8NEKVWzu808iIHIvCBot0ADcZ8ypxDyQsco/RSRGY0EO8FATCH3j2Oe/+7FGRjRQK
XczBsKu6G8GQ6b/eGuWD7NNAuBX4UJu9jXRo9mzo7zKj01/SPfE4kHTHfHr9yi9BBkzAmaAxQpT5</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<ds:Object>
<xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="ID-04b0ddeb-914c-419f-acb2-780dae2ee890" Target="#ID-9a61610b-c8e3-4201-bf41-a174cbc21634">
<xades:SignedProperties Id="ID-90b9721b-1d1c-4104-ae2c-ebb6b251cf2b">
<xades:SignedSignatureProperties>
<xades:SigningTime>2015-12-08T13:37:16Z</xades:SigningTime>
<xades:SigningCertificate>
<xades:Cert>
<xades:CertDigest>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>+6UE5SSks6Cn6++o8CAkSO/NMWk=</ds:DigestValue>
</xades:CertDigest>
<xades:IssuerSerial>
<ds:X509IssuerName>serialNumber=Nr wpisu: 6,CN=COPE SZAFIR - Kwalifikowany,O=Krajowa Izba Rozliczeniowa S.A.,C=PL</ds:X509IssuerName>
<ds:X509SerialNumber>599792555331422089182929030726347827824527827432</ds:X509SerialNumber>
</xades:IssuerSerial>
</xades:Cert>
</xades:SigningCertificate>
</xades:SignedSignatureProperties>
<xades:SignedDataObjectProperties>
<xades:DataObjectFormat ObjectReference="#ID-e751928b-6823-47ad-a5ae-b7ccdf301751">
<xades:Description>Dokument w formacie xml [XML]</xades:Description>
<xades:MimeType>text/plain</xades:MimeType>
<xades:Encoding>http://www.w3.org/2000/09/xmldsig#base64</xades:Encoding>
</xades:DataObjectFormat>
</xades:SignedDataObjectProperties>
</xades:SignedProperties>
</xades:QualifyingProperties>
</ds:Object>
<ds:Object Encoding="http://www.w3.org/2000/09/xmldsig#base64" Id="ID-e37958b8-134c-4f51-9b25-8274fd1edce7" MimeType="text/plain">PFRyZXNjUGlzbWE+DQogIDxTeWduYXR1cmFBa3Q+QUJDWFlaMTIzPC9TeWduYXR1cmFBa3Q+DQogIDxQ
b2RtaW90eT4NCiAgICA8UG9kbWlvdD4NCiAgICAgIDxPc29iYUZpenljem5hPg0KICAgICAgICA8SW1p
ZT5KYW51c3o8L0ltaWU+DQogICAgICAgIDxOYXp3aXNrbz5Ob3dhazwvTmF6d2lza28+DQogICAgICAg
IDxPem5hY3plbmllPg0KICAgICAgICAgIDxQZXNlbD44OTEwMDEwMDYxNjwvUGVzZWw+DQogICAgICAg
IDwvT3puYWN6ZW5pZT4NCiAgICAgIDwvT3NvYmFGaXp5Y3puYT4NCiAgICA8L1BvZG1pb3Q+DQogIDwv
UG9kbWlvdHk+DQogIDxQb2RzdGF3YVByYXduYT4NCiAgICA8UG9kc3Rhd2E+UFBfMDA0PC9Qb2RzdGF3
YT4NCiAgPC9Qb2RzdGF3YVByYXduYT4NCjwvVHJlc2NQaXNtYT4=</ds:Object>
</ds:Signature>
</Signatures>
When I load it with simplexml_load_string, var_dump shows:
object(SimpleXMLElement)#212 (1) {
["#attributes"] => array(1) {
["Id"] => string(39) "ID-222cf3cf-0f0b-49d2-b7cb-4cf47bb373cb"
}
}
There's no nested nodes of "Signatures" data.
However, when I remove "ds" namespaces from tags, it works great.
How can I get them without changing document?

Thanks to the michi's comment, I found a solution. Namespaced nodes should be accessed differently than nodes without namespace.
So, basing on the example above, when I want to use Signature node, I can do it like this:
$xml = simplexml_load_string($content);
$signatureNode = $xml->children('ds', true)->Signature;

xmldsig php do not add signing info in XML

sorry of my English :) .
I neeed to write signing block in XML like it:
ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gost34310-gost34311"/>
<ds:Reference>
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gost34311"/>
<ds:DigestValue>drvEZVSz3nSXHVI6+iRSDXZDGud9Ay56LLfMkpQkRp4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>/4ASSFXCsdsdMuwM9kw0riDbhhtLR/+UKZKNO51HbACu5DM
SLmmAmp5FwFHdsGtBQ==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
I find this in GIT : https://github.com/Maks3w/xmldsig
my code is:
$data = new DOMDocument();
$data->load(__DIR__ . '/newdata.xml');
$xmlTool = new FR3D\XmlDSig\Adapter\XmlseclibsAdapter();
$xmlTool->setPrivateKey(file_get_contents('C:\xampp\htdocs\EgovPayments\private1.pem'));
$publicKey=$xmlTool->getPublicKey();
//echo 'public key is:'.$publicKey;
$xmlTool->setPublicKey($publicKey);
$xmlTool->addTransform(FR3D\XmlDSig\Adapter\AdapterInterface::ENVELOPED);
$xmlTool->setCanonicalMethod('http://www.w3.org/2001/10/xml-exc-c14n#');
$xmlTool->sign($data);
$data->saveXML();
But nothing changed in newdata.xml, how it work with xmldsig in PHP?
thx

The function DOMDocument::saveXML() returns string. It is not to update file.
http://php.net/manual/en/domdocument.savexml.php

i've got the same problem - but find the following function "insertSignature" in the seclib.
if you use the Adapter add the following line to the end of the verify-function:
$objXMLSecDSig->insertSignature($data->getElementsByTagName("Security")->item(0));