<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Thanks for your answer. I was looking
in chapter 3.1 not 2.1 and the sample is confusing.<br>
<br>
<div class="moz-signature">
<div class="moz-signature">
<div class="moz-signature">
<div class="moz-signature"><br>
</div>
</div>
</div>
</div>
Le 18/03/2014 19:08, Alexwell Sandro a écrit :<br>
</div>
<blockquote
cite="mid:CAADRtVw3+vPww8C5t4Uoqhm1XOeuDr5Xy28rgA93BMCKynZMWw@mail.gmail.com"
type="cite">
<div dir="ltr">Canonical XMLVersion 1.0 does not remove linefeeds.
Only normalize. Windows put CRLF and Linux LF. C14N normalize to
LF.<br>
<br>
See <a moz-do-not-send="true"
href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315">http://www.w3.org/TR/2001/REC-xml-c14n-20010315</a><br>
2 XML Canonicalization<br>
2.1 Data Model<br>
...<br>
The XML processor performs the following tasks in order:
<ol>
<li>normalize line feeds</li>
</ol>
<p>...<br>
</p>
<br>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Mar 18, 2014 at 2:49 PM,
François Plou <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:fplou@webank.fr" target="_blank">fplou@webank.fr</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
I am trying to sign an XML document where I add a linefeed
between two nodes.<br>
To my understanding, according canonicalization (1.0), an
xml document like this :<br>
<br>
<node>a</node><br>
<br>
<node>b</node><br>
<br>
must give the same digest and signature value as this one :<br>
<br>
<node>a</node><br>
<node>b</node><br>
<br>
But this is not the case. When I use the option
--store-reference, the output show the extra line feed.<br>
<br>
Below is my xml document :<br>
<br>
<?xml version = "1.0" encoding = "UTF-8"?><br>
<Document xmlns = "urn:iso:std:iso:20022:tech:xsd:acmt.007.001.02"
><br>
<AcctOpngReq><br>
<Refs><br>
<MsgId><br>
<Id>ABC/090928/CCT001</Id><br>
<CreDtTm>2010-09-28T14:07:00</CreDtTm><br>
</MsgId><br>
<PrcId><br>
<Id>ABC/090928/CCT001</Id><br>
<CreDtTm>2010-09-28T14:07:00</CreDtTm><br>
</PrcId><br>
</Refs><br>
<br>
<Acct><br>
<Id><br>
<Othr><br>
<Id>NOREF</Id><br>
</Othr><br>
</Id><br>
<Tp><br>
<Cd>CASH</Cd><br>
</Tp><br>
<Ccy>USD</Ccy><br>
<MnthlyRcvdVal>200000</MnthlyRcvdVal><br>
<MnthlyTxNb>100</MnthlyTxNb><br>
<AvrgBal>10000</AvrgBal><br>
</Acct><br>
<CtrctDts><br>
<TrgtGoLiveDt>2010-10-02</TrgtGoLiveDt><br>
</CtrctDts><br>
<UndrlygMstrAgrmt><br>
<Ref>ABC/Acct/BBBBUS33</Ref><br>
<Vrsn>1.0</Vrsn><br>
</UndrlygMstrAgrmt><br>
<AcctSvcrId><br>
<FinInstnId><br>
<BICFI>BBBBUS33</BICFI><br>
</FinInstnId><br>
</AcctSvcrId><br>
<Org><br>
<FullLglNm>ABC
Corporation</FullLglNm><br>
<CtryOfOpr>US</CtryOfOpr><br>
<RegnDt>1999-09-01</RegnDt><br>
<LglAdr><br>
<StrtNm>Times Square</StrtNm><br>
<BldgNb>7</BldgNb><br>
<PstCd>NY 10036</PstCd><br>
<TwnNm>New York</TwnNm><br>
<Ctry>US</Ctry><br>
</LglAdr><br>
<OrgId><br>
<Othr><br>
<Id>01256485-85</Id><br>
<SchmeNm><br>
<Prtry>TAX</Prtry><br>
</SchmeNm><br>
</Othr><br>
</OrgId><br>
<MainMndtHldr><br>
<Nm>Richard Jones</Nm><br>
<PstlAdr><br>
<AdrTp>HOME</AdrTp><br>
<StrtNm>La Guardia
Drive</StrtNm><br>
<BldgNb>12</BldgNb><br>
<PstCd>NJ 07054</PstCd><br>
<TwnNm>Parsippany</TwnNm><br>
<Ctry>US</Ctry><br>
</PstlAdr><br>
<Id><br>
<DtAndPlcOfBirth><br>
<BirthDt>1960-05-01</BirthDt><br>
<CityOfBirth>New
york</CityOfBirth><br>
<CtryOfBirth>US</CtryOfBirth><br>
</DtAndPlcOfBirth><br>
</Id><br>
</MainMndtHldr><br>
</Org><br>
<DgtlSgntr><br>
<Pty><br>
<Nm>fplou</Nm><br>
</Pty><br>
<Sgntr><br>
<Signature xmlns="<a
moz-do-not-send="true"
href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a>"><br>
<SignedInfo><br>
<CanonicalizationMethod
Algorithm="<a moz-do-not-send="true"
href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
target="_blank">http://www.w3.org/TR/2001/REC-xml-c14n-20010315</a>"/><br>
<SignatureMethod Algorithm="<a
moz-do-not-send="true"
href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
target="_blank">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</a>"/><br>
<Reference URI=""><br>
<Transforms><br>
<Transform Algorithm="<a
moz-do-not-send="true"
href="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
target="_blank">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>"
/><br>
<Transform Algorithm="<a
moz-do-not-send="true"
href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
target="_blank">http://www.w3.org/TR/2001/REC-xml-c14n-20010315</a>"
/><br>
</Transforms><br>
<DigestMethod Algorithm="<a
moz-do-not-send="true"
href="http://www.w3.org/2001/04/xmlenc#sha256"
target="_blank">http://www.w3.org/2001/04/xmlenc#sha256</a>"/><br>
<DigestValue></DigestValue><br>
</Reference><br>
</SignedInfo><br>
<SignatureValue /><br>
<KeyInfo><br>
<KeyValue /><br>
</KeyInfo><br>
</Signature><br>
</Sgntr><br>
</DgtlSgntr><br>
</AcctOpngReq><br>
</Document><br>
<br>
The ouput of --store-references is the following :<br>
<br>
== PreDigest data - start buffer:<br>
<Document xmlns="urn:iso:std:iso:20022:tech:xsd:acmt.007.001.02"><br>
<AcctOpngReq><br>
<Refs><br>
<MsgId><br>
<Id>ABC/090928/CCT001</Id><br>
<CreDtTm>2010-09-28T14:07:00</CreDtTm><br>
</MsgId><br>
<PrcId><br>
<Id>ABC/090928/CCT001</Id><br>
<CreDtTm>2010-09-28T14:07:00</CreDtTm><br>
</PrcId><br>
</Refs><br>
<br>
<Acct><br>
<Id><br>
<Othr><br>
<Id>NOREF</Id><br>
</Othr><br>
</Id><br>
<Tp><br>
<Cd>CASH</Cd><br>
</Tp><br>
<Ccy>USD</Ccy><br>
<MnthlyRcvdVal>200000</MnthlyRcvdVal><br>
<MnthlyTxNb>100</MnthlyTxNb><br>
<AvrgBal>10000</AvrgBal><br>
</Acct><br>
<CtrctDts><br>
<TrgtGoLiveDt>2010-10-02</TrgtGoLiveDt><br>
</CtrctDts><br>
<UndrlygMstrAgrmt><br>
<Ref>ABC/Acct/BBBBUS33</Ref><br>
<Vrsn>1.0</Vrsn><br>
</UndrlygMstrAgrmt><br>
<AcctSvcrId><br>
<FinInstnId><br>
<BICFI>BBBBUS33</BICFI><br>
</FinInstnId><br>
</AcctSvcrId><br>
<Org><br>
<FullLglNm>ABC
Corporation</FullLglNm><br>
<CtryOfOpr>US</CtryOfOpr><br>
<RegnDt>1999-09-01</RegnDt><br>
<LglAdr><br>
<StrtNm>Times
Square</StrtNm><br>
<BldgNb>7</BldgNb><br>
<PstCd>NY
10036</PstCd><br>
<TwnNm>New
York</TwnNm><br>
<Ctry>US</Ctry><br>
</LglAdr><br>
<OrgId><br>
<Othr><br>
<Id>01256485-85</Id><br>
<SchmeNm><br>
<Prtry>TAX</Prtry><br>
</SchmeNm><br>
</Othr><br>
</OrgId><br>
<MainMndtHldr><br>
<Nm>Richard
Jones</Nm><br>
<PstlAdr><br>
<AdrTp>HOME</AdrTp><br>
<StrtNm>La
Guardia Drive</StrtNm><br>
<BldgNb>12</BldgNb><br>
<PstCd>NJ
07054</PstCd><br>
<TwnNm>Parsippany</TwnNm><br>
<Ctry>US</Ctry><br>
</PstlAdr><br>
<Id><br>
<DtAndPlcOfBirth><br>
<BirthDt>1960-05-01</BirthDt><br>
<CityOfBirth>New york</CityOfBirth><br>
<CtryOfBirth>US</CtryOfBirth><br>
</DtAndPlcOfBirth><br>
</Id><br>
</MainMndtHldr><br>
</Org><br>
<DgtlSgntr><br>
<Pty><br>
<Nm>fplou</Nm><br>
</Pty><br>
<Sgntr><br>
<br>
</Sgntr><br>
</DgtlSgntr><br>
</AcctOpngReq><br>
</Document><br>
== PreDigest data - end buffer<br>
== Result - start buffer:<br>
v80V0QWK0r89EhOr4Kh4Q79ofZ/zYw2ReI4s8e0ebW4=<br>
== Result - end buffer<br>
== Manifest References List:<br>
=== list size: 0<br>
== Result - start buffer:<br>
ELC9j9/SaQ3VOcVcZBV4ZFpHsRU7jfc25gHCx9/CyCQBLyNF6yqfzLjTuvg9NAvF<br>
HaDXuKhLvTjtEG1hgvuXXkyKFgJkA+pJrIKcOmpVMcwgR85MpZ/1BumxEeHPtHif<br>
PQp9ngJmQ6PzC7P3FFmDfNGoY3gOyiK/s+IecGtqr+A5JwALFFNkXgEp96DBqF4P<br>
d2HRNH0LbIw0IKQN+BckTOxeLFNQ269fP0AFuFxVp8fVQfhGuMJHlNnr3lX2WHjw<br>
emqcEW4X/0vcFcoKUsvGRRwz7eFYjjMjrghaOWW+byPYQrHFOV7o0wN9UC8TCN9R<br>
YXnL/c3Rx7P+QkX7/f7n4g==<br>
== Result - end buffer<br>
<br>
<br>
If I remove the line feed between :<br>
</Refs><br>
<br>
<Acct><br>
<br>
The output is slightly different :<br>
<br>
== PreDigest data - start buffer:<br>
<Document xmlns="urn:iso:std:iso:20022:tech:xsd:acmt.007.001.02"><br>
<AcctOpngReq><br>
<Refs><br>
<MsgId><br>
<Id>ABC/090928/CCT001</Id><br>
<CreDtTm>2010-09-28T14:07:00</CreDtTm><br>
</MsgId><br>
<PrcId><br>
<Id>ABC/090928/CCT001</Id><br>
<CreDtTm>2010-09-28T14:07:00</CreDtTm><br>
</PrcId><br>
</Refs><br>
<Acct><br>
<Id><br>
<Othr><br>
<Id>NOREF</Id><br>
</Othr><br>
</Id><br>
<Tp><br>
<Cd>CASH</Cd><br>
</Tp><br>
<Ccy>USD</Ccy><br>
<MnthlyRcvdVal>200000</MnthlyRcvdVal><br>
<MnthlyTxNb>100</MnthlyTxNb><br>
<AvrgBal>10000</AvrgBal><br>
</Acct><br>
<CtrctDts><br>
<TrgtGoLiveDt>2010-10-02</TrgtGoLiveDt><br>
</CtrctDts><br>
<UndrlygMstrAgrmt><br>
<Ref>ABC/Acct/BBBBUS33</Ref><br>
<Vrsn>1.0</Vrsn><br>
</UndrlygMstrAgrmt><br>
<AcctSvcrId><br>
<FinInstnId><br>
<BICFI>BBBBUS33</BICFI><br>
</FinInstnId><br>
</AcctSvcrId><br>
<Org><br>
<FullLglNm>ABC
Corporation</FullLglNm><br>
<CtryOfOpr>US</CtryOfOpr><br>
<RegnDt>1999-09-01</RegnDt><br>
<LglAdr><br>
<StrtNm>Times
Square</StrtNm><br>
<BldgNb>7</BldgNb><br>
<PstCd>NY
10036</PstCd><br>
<TwnNm>New
York</TwnNm><br>
<Ctry>US</Ctry><br>
</LglAdr><br>
<OrgId><br>
<Othr><br>
<Id>01256485-85</Id><br>
<SchmeNm><br>
<Prtry>TAX</Prtry><br>
</SchmeNm><br>
</Othr><br>
</OrgId><br>
<MainMndtHldr><br>
<Nm>Richard
Jones</Nm><br>
<PstlAdr><br>
<AdrTp>HOME</AdrTp><br>
<StrtNm>La
Guardia Drive</StrtNm><br>
<BldgNb>12</BldgNb><br>
<PstCd>NJ
07054</PstCd><br>
<TwnNm>Parsippany</TwnNm><br>
<Ctry>US</Ctry><br>
</PstlAdr><br>
<Id><br>
<DtAndPlcOfBirth><br>
<BirthDt>1960-05-01</BirthDt><br>
<CityOfBirth>New york</CityOfBirth><br>
<CtryOfBirth>US</CtryOfBirth><br>
</DtAndPlcOfBirth><br>
</Id><br>
</MainMndtHldr><br>
</Org><br>
<DgtlSgntr><br>
<Pty><br>
<Nm>fplou</Nm><br>
</Pty><br>
<Sgntr><br>
<br>
</Sgntr><br>
</DgtlSgntr><br>
</AcctOpngReq><br>
</Document><br>
== PreDigest data - end buffer<br>
== Result - start buffer:<br>
zYybkjAuafmZgmnEbWItuE4Q1+u76x4I5HExyHThFe0=<br>
== Result - end buffer<br>
== Manifest References List:<br>
=== list size: 0<br>
== Result - start buffer:<br>
VsVLlG0KahJelXvXjo2Ozst5axBXxtWeR4So0P+PAAcOi6ihtTKc5oUUJjIEivbO<br>
rCkdKuT4AFlbPEF8t4ErMAHS6iCP5JplF3zQA1YzVxGzmOQFRtpBookknF5wXu7H<br>
adyr9dIuZPcudAX7ZV0R0iwRIJJwdZQgYvA4HgZJJ3eMlBj8K1Zp5WR4UbbkBacV<br>
/dOnIIpRljd3YwxCnHp7hO6oizGOIkNhGbq6kkJ3ULGxWuT9/xy5IO64AV397PiK<br>
R0VtvNDNXW2WFjLfJ3XBuaVUq2T/GVCB9tcXYPUh67wwqzAyiaHUcymYgg2CZ6kF<br>
3eZvTwOjkVmrY7iYuAsqeQ==<br>
== Result - end buffer<br>
<br>
I am working on latest release of xmlsec and on Unix.<br>
<br>
Is my understanding correct ?<br>
<br>
Thanks.<br>
<br>
Francois<br>
<br>
_______________________________________________<br>
xmlsec mailing list<br>
<a moz-do-not-send="true" href="mailto:xmlsec@aleksey.com"
target="_blank">xmlsec@aleksey.com</a><br>
<a moz-do-not-send="true"
href="http://www.aleksey.com/mailman/listinfo/xmlsec"
target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>