[xmlsec] XML Sig
Aleksey Sanin
aleksey at aleksey.com
Fri Nov 1 00:02:29 PST 2002
If you re using xmlsec command line utility tool then you might use
"--print-all" option to see
what exactly XMLSec digests and signs. I know almost nothing about MS
Crypto API.
Does it supports XMLDsig or it's only low level crypto functions
(rsa/dsa/hmac/sha/...)?
In the second case, I don't understand what do you mean by "the same
digest with MS Cryptoapi
and with xmlsig". If you are digesting the text by itself then most
likely you have different
"end-of-line" symbols.
BTW, I do see at least one problem with your document. Please read the
section 3.2 of the FAQ:
http://www.aleksey.com/xmlsec/faq.htm
Aleksey
Gregor Ibic wrote:
>Hi, Aleksey!
>
>Sure Im interesting in participating with crpypto abstration. Have been
>doing a lot of crypro stuff with different API's for a long time (MS
>cryptoapi, cryptlib, openssl, ...) so probably I could help.
>
>But for this xmlsig Im really puzzled.
>Let use this xml for test. Im verifying digests for now. If I digest this
>xml I get the same digest with MS Cryptoapi and with xmlsig (openssl). But
>if I rearange Object element :-> check second xml document
>
>*************************************************
>
><?xml version="1.0" encoding="UTF-8" ?>
><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <Reference URI="#object">
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue></DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>
> </SignatureValue>
> <KeyInfo>
> <KeyName></KeyName>
> </KeyInfo>
> <Object Id="object"><Request>abcš</Request></Object>
></Signature>
>
>
>*************************************************
>
><?xml version="1.0" encoding="UTF-8" ?>
><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <Reference URI="#object">
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue></DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>
> </SignatureValue>
> <KeyInfo>
> <KeyName></KeyName>
> </KeyInfo>
> <Object Id="object">
> <Request>abcš</Request>
> </Object>
></Signature>
>
>*************************************************
>
>
>Then the signature is not the same any more. I do a C14N on <Object> node
>before doing digest. Is this OK? If I get xml signature standard right it
>specifies that SignInfo have to be C14N but not data objects.
>
>
>Regards,
>Gregor
>
>_______________________________________________
>xmlsec mailing list
>xmlsec at aleksey.com
>http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
More information about the xmlsec
mailing list