Dear <span class="gD">Aleksey<br><br>I have a question about Canonicalization and Digest while using xmlsec1 to sign template xml file.<br>According to my understanding of xml signature spec provided by W3C, source xml file needs </span><span class="gD">Canonicalization(applied to the entire xml) </span>before calculating Digest.<br>
<br><span class="gD">The template file looks like this:<br><br><?xml version="1.0"?><br><root xmlns="..."><node></span><span class="gD">text</span><span class="gD"></</span><span class="gD">node</span><span class="gD">><</span><span class="gD">node</span><span class="gD">><</span><span class="gD">node</span><span class="gD">><</span><span class="gD">node</span><span class="gD">></span><span class="gD">text</span><span class="gD"></</span><span class="gD">node</span><span class="gD">><</span><span class="gD">node</span><span class="gD">>dlink</</span><span class="gD">node</span><span class="gD">></</span><span class="gD">node</span><span class="gD">><</span><span class="gD">node</span><span class="gD">>text</</span><span class="gD">node</span><span class="gD">></</span><span class="gD">node</span><span class="gD">></span><span class="gD"><Signature xmlns="<a href="http://www.w3.org/2000/09/xmldsig#">http://www.w3.org/2000/09/xmldsig#</a>"></span><br>
<span class="gD"> <SignedInfo><br> <CanonicalizationMethod Algorithm="<a href="http://www.w3.org/2006/12/xml-c14n11#WithComments">http://www.w3.org/2006/12/xml-c14n11#WithComments</a>"/><br>
<SignatureMethod Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>"/><br> <Reference URI=""><br> <Transforms><br>
<Transform Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>" /><br> </Transforms><br> <DigestMethod Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>"/><br>
<DigestValue></DigestValue><br> </Reference><br> </SignedInfo><br> <SignatureValue /><br> <KeyInfo><br> <KeyValue /><br> </KeyInfo><br>
</Signature></root><br></span><span class="gD">(to verify my understanding, there's no space and line changing between data nodes)<br><br>In the result, xmlsec1 put desired values into proper fields, while the original data remains the same, like:<br>
</span><span class="gD"><br><root xmlns="..."><node></span><span class="gD">text</span><span class="gD"></</span><span class="gD">node</span><span class="gD">><</span><span class="gD">node</span><span class="gD">><</span><span class="gD">node</span><span class="gD">><</span><span class="gD">node</span><span class="gD">></span><span class="gD">text</span><span class="gD"></</span><span class="gD">node</span><span class="gD">><</span><span class="gD">node</span><span class="gD">>dlink</</span><span class="gD">node</span><span class="gD">></</span><span class="gD">node</span><span class="gD">><</span><span class="gD">node</span><span class="gD">>text</</span><span class="gD">node</span><span class="gD">></</span><span class="gD">node</span><span class="gD">></span><span class="gD">...<root><br>
<br>However, I tried to do the </span><span class="gD">Canonicalization with libxml, and the result is like:(neglect signature node)<br><br><?xml version="1.0"?><br><node><br> <node>text</node><br>
<node><br> <node><br> <node>text</node><br> <node>text</node><br> </node><br> <node>text</node><br> </node><br></node><br><br>which leads to different digest value.<br>
Do I misunderstand something, or the way I used xmlsec1 is wrong?<br><br>Thank you <br><br><br>How I </span><span class="gD">do the </span><span class="gD">Canonicalization with libxml:</span><br><span class="gD"> get nodeset by:<br>
xmlXPathEvalExpression("/descendant-or-self::node()",context)<br></span><span class="gD"> then get </span><span class="gD"></span><span class="gD">Canonicalization by:<br> </span><span class="gD">xmlC14NDocSaveTo(doc, xpathresult->nodesetval, 2, NULL, 1, c14noutputbuffer);<br>
xmlDocPtr c14ndoc = xmlParseMemory(c14nbuffer->content,c14nbuffer->use);<br><br></span>