[xmlsec] Signature verification

Aleksey Sanin aleksey@aleksey.com
Sun, 03 Nov 2002 14:40:52 -0800


I would change my word: the RSA signature MIGHT be different (and DSA is 
still MUST).
However, I have to admit that in the XMLDSig case RSA signatures will be 
the same
because a const FF padding is used
    http://www.w3.org/TR/xmldsig-core/#sec-SignatureAlg
Sorry for confusion, last time I read this spec few months ago and 
forgot details.

I would recommend you to check that you use correct padding and the 
signature format
in MS Cryptoapi. I would not be surprised if there are some flags needs 
to be set.

There is not command line option to print out the digest before 
signature but you can set
a break point in "xmlSecSignRsaSha1Sign" function in the rsa.c file just 
before RSA_sign() call.


Aleksey

Gregor Ibic wrote:

>Sure that I compare base64 values. They should not be different!!!
>I compute the signature on the same document with same algorithm, only with
>MS Cryptoapi.
>I use the same key for signing so it has to be the same signature.
>Im using RSA and SHA1 for signature.
>
>Sure I try to verify it. It fail, cause signature is different.
>I just wanted to know how to print digest of SignatureInfo?
>
>Regards,
>Gregor
>
>_______________________________________________
>xmlsec mailing list
>xmlsec@aleksey.com
>http://www.aleksey.com/mailman/listinfo/xmlsec
>  
>