[xmlsec] XML Sig

Gregor Ibic gregor.ibic at intelicom.si
Thu Oct 31 23:47:17 PST 2002 

Hi, Aleksey!

Sure Im interesting in participating with crpypto abstration. Have been
doing a lot of crypro stuff with different API's for a long time (MS
cryptoapi, cryptlib, openssl, ...) so probably I could help.

But for this xmlsig Im really puzzled.
Let use this xml for test. Im verifying digests for now. If I digest this
xml I get the same digest with MS Cryptoapi and with xmlsig (openssl). But
if I rearange Object element :-> check second xml document

*************************************************

<?xml version="1.0" encoding="UTF-8" ?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/>
    <Reference URI="#object">
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
      <DigestValue></DigestValue>
    </Reference>
  </SignedInfo>
  <SignatureValue>
  </SignatureValue>
  <KeyInfo>
    <KeyName></KeyName>
  </KeyInfo>
  <Object Id="object"><Request>abcš</Request></Object>
</Signature>


*************************************************

<?xml version="1.0" encoding="UTF-8" ?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/>
    <Reference URI="#object">
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
      <DigestValue></DigestValue>
    </Reference>
  </SignedInfo>
  <SignatureValue>
  </SignatureValue>
  <KeyInfo>
    <KeyName></KeyName>
  </KeyInfo>
  <Object Id="object">
     <Request>abcš</Request>
  </Object>
</Signature>

*************************************************


Then the signature is not the same any more. I do a C14N on <Object> node
before doing digest. Is this OK? If I get xml signature standard right it
specifies that SignInfo have to be C14N but not data objects.


Regards,
Gregor

More information about the xmlsec mailing list