[xmlsec] Signature verification
Aleksey Sanin
aleksey@aleksey.com
Sun, 03 Nov 2002 14:40:52 -0800
I would change my word: the RSA signature MIGHT be different (and DSA is
still MUST).
However, I have to admit that in the XMLDSig case RSA signatures will be
the same
because a const FF padding is used
http://www.w3.org/TR/xmldsig-core/#sec-SignatureAlg
Sorry for confusion, last time I read this spec few months ago and
forgot details.
I would recommend you to check that you use correct padding and the
signature format
in MS Cryptoapi. I would not be surprised if there are some flags needs
to be set.
There is not command line option to print out the digest before
signature but you can set
a break point in "xmlSecSignRsaSha1Sign" function in the rsa.c file just
before RSA_sign() call.
Aleksey
Gregor Ibic wrote:
>Sure that I compare base64 values. They should not be different!!!
>I compute the signature on the same document with same algorithm, only with
>MS Cryptoapi.
>I use the same key for signing so it has to be the same signature.
>Im using RSA and SHA1 for signature.
>
>Sure I try to verify it. It fail, cause signature is different.
>I just wanted to know how to print digest of SignatureInfo?
>
>Regards,
>Gregor
>
>_______________________________________________
>xmlsec mailing list
>xmlsec@aleksey.com
>http://www.aleksey.com/mailman/listinfo/xmlsec
>
>