[xmlsec] example 1 always give the same digest value

Aleksey Sanin aleksey at aleksey.com
Tue Sep 24 22:23:19 PDT 2002


You can check xmlsec mailing list for detailed explanation but briefly 
Id attribute
means *nothing* w/o a DTD or schema. In your case, XMLSec always digests an
empty value simply because URI="#msg.194549.signedook" could not be found.
I believe that adding something like
    <!DOCTYPE test [
        <!ATTLIST Data Id ID #IMPLIED>
    ]>
should solve your problem (see xmlsec/docs/examples/dsig3/tests.tmpl 
file for details).
Of course, the DTD may be external or you may add Id attribute manualy by
calling LibXML2 xmlAddID() function after loading the document.

Aleksey.




Derek Lei Liu wrote:

>Hi,
>
>I am trying to use example1 on Solaris. The test xml
>and the private key are attached in following.  I
>tried to use local reference here, but found the
>digested value never changed even I changed the
>content in <Data>.  I am relatively new to this area
>and the project I am working on is rather urgent on
>this part.  I gdb into the test program and found that
>the first time SHA1_Update was called as for
><SignInfo> (signature stuff).  This function is
>supposed to be called for the digested value, right?
>
>thanks
>
>Derek
>
>
>
><?xml version="1.0" encoding="UTF-8"?>
><Top>
><SecondTop id="1">
><Data Id="msg.194549.signedook">
><version>1.0.1</version>
><StudentName>
><StudentID>12111111111</StudentID>
><TotalCredits>111111111111111-11111111</TotalCredits>
></StudentName>
><Course>
><CourseID>English Literature</CourseID>
><date>20020901 17:20:37</date>
></Course>
><State>California</State>
><TX>
><time>20020902 00:13:24</time>
><status>A</status>
><Enroll>Y</Enroll>
></TX>
></Data>
><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
><SignedInfo>
><CanonicalizationMethod
>Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-200103
>15" />
><SignatureMethod
>Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
>/>
><Reference URI="#msg.194549.signedook">
><DigestMethod
>Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
><DigestValue></DigestValue>
></Reference>
></SignedInfo>
><SignatureValue/>
><KeyInfo>
></KeyInfo>
></Signature>
></SecondTop>
></Top>
>
>
>Key:
>==============================
>-----BEGIN RSA PRIVATE KEY-----
>MIIBOwIBAAJBAOfDoFCPxDstNv7rBqK+B9s2kU+S2JX8xWwu8mF/hbNn35EtHCz4
>8sLANc2yFZx4/OaoTTdbCwPEpZlG3G9y6QkCAwEAAQJAA/CFVxk6gq8AElE4aafF
>RmqlCa87U0Fasb4SjKm4QhZnovu+3ipCku2QHjAejTNWDOrV5A6GEWJXMP5GkZDX
>AQIhAP0eADYcJbzGdvg9QinSe73jNKaJSD/EhUh/IOsWVkVRAiEA6mdeHFHUa3x8
>BCu6qq5wUcyOH1ne1HXYvVALYugvWjkCID4D8LdRNCnJUnLFx4Uprem7VjYLYqlF
>BAbcJvuSUHbRAiEAs3DyMIfML4Sag67eNW9YeKY5XnK0DL0ycKpoLQ1FwrECIQCB
>o+JQ0HvhH+v7f21QWTxA6yd+T2cPlKMTUbK6Mn+AdA==
>-----END RSA PRIVATE KEY-----
>
>
>__________________________________________________
>Do you Yahoo!?
>New DSL Internet Access from SBC & Yahoo!
>http://sbc.yahoo.com
>_______________________________________________
>xmlsec mailing list
>xmlsec at aleksey.com
>http://www.aleksey.com/mailman/listinfo/xmlsec
>  
>





More information about the xmlsec mailing list