[xmlsec] Different digest value between .NET implementation and XmlSec?

Chugh, Sanjay schugh@filenet.com
Thu, 9 Oct 2003 13:53:21 -0600 

This is a multi-part message in MIME format.

------_=_NextPart_001_01C38E9E.FE066A5B
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hello, I am in the middle of learning all this business about XmlDigital
signatures and Encryption.
To try and understand things, I've been trying different libraries and
trying to verify results.
I have run into one issue that I was wondering if somebody could shed
some light into.
I have the XML file shown at the bottom of the e-mail.
When I calculate a signature using XmlSec, the digest value generated
is:
<DigestValue>UT4+z2LQyKSxNWWdS7VE8uTo+wE=3D</DigestValue>

However, when I calculate a signature on the same file using .NET, the
digest value is different:
<DigestValue>sUD7jzvAdt3liQEkrpGsJukqftU=3D</DigestValue>

I have tracked it down to the following. The XmlSec library is
calculating the digest on the canonicalized form without the procession
instruction=20
=20
<?xml-stylesheet type=3D"text/xsl" href=3D"myfile.xsl" ?>

at the top of the file. The .NET implementation includes the processing
instruction in it's calculation of the digest. According to what I have
read, I believe that .NET is correct to include the processing
instruction in it's calculation of the digest.
=20
Does anyone know why this should be the case?
=20
Thanks.
=20
-- Sanjay
=20
Here is the Xml file:
=20
<?xml version=3D"1.0"?>
<?xml-stylesheet type=3D"text/xsl" href=3D"myfile.xsl" ?>
<!DOCTYPE sales [
<!ELEMENT sales (region*)>
<!ATTLIST sales quarter CDATA #IMPLIED>
<!ELEMENT region (units, amount)>
<!ATTLIST region name ID #IMPLIED>
<!ELEMENT units (#PCDATA) >
<!ELEMENT amount (#PCDATA) >
]>
<sales quarter=3D"2001-01">
   <region name=3D"Northeast">
      <units>374</units>
      <amount>12500.26</amount>
   </region>
   <region name=3D"Southeast">
      <units>512</units>
      <amount>17692</amount>
   </region>
   <region name=3D"Southwest">
      <units>161</units>
      <amount>8349.72</amount>
   </region>
   <region name=3D"Northwest">
      <units>465</units>
      <amount>15239.6</amount>
   </region>
</sales>


------_=_NextPart_001_01C38E9E.FE066A5B
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Message</TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1264" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial size=3D2>Hello, =
I am in the=20
middle of learning all this business about XmlDigital signatures and=20
Encryption.</FONT></SPAN></DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial size=3D2>To try =
and=20
understand things, I've been trying different libraries and trying to =
verify=20
results.</FONT></SPAN></DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial size=3D2>I have =
run into one=20
issue that I was wondering if somebody could shed some light=20
into.</FONT></SPAN></DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial size=3D2>I have =
the XML file=20
shown at the bottom of the e-mail.</FONT></SPAN></DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial size=3D2>When I =
calculate a=20
signature using XmlSec, the digest value generated =
is:</FONT></SPAN></DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial=20
size=3D2>&lt;DigestValue&gt;UT4+z2LQyKSxNWWdS7VE8uTo+wE=3D&lt;/DigestValu=
e&gt;<BR></FONT></SPAN></DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial =
size=3D2>However, when I=20
calculate a signature on the same file using .NET, the digest value is=20
different:</FONT></SPAN></DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial=20
size=3D2>&lt;DigestValue&gt;sUD7jzvAdt3liQEkrpGsJukqftU=3D&lt;/DigestValu=
e&gt;<BR></FONT></SPAN></DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial size=3D2>I have =
tracked it=20
down to the following. The XmlSec library is calculating the digest on =
the=20
canonicalized form without the procession instruction =
</FONT></SPAN></DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial =
size=3D2>&lt;?xml-stylesheet=20
type=3D"text/xsl" href=3D"myfile.xsl" ?&gt;<BR></DIV></FONT></SPAN>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial size=3D2>at the =
top of the=20
file. The .NET implementation includes the processing instruction in =
it's=20
calculation of the digest. According to what I have read, I believe that =
.NET is=20
correct to include the processing instruction in it's calculation of the =

digest.</FONT></SPAN></DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial size=3D2>Does =
anyone know why=20
this should be the case?</FONT></SPAN></DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial=20
size=3D2>Thanks.</FONT></SPAN></DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial size=3D2>--=20
Sanjay</FONT></SPAN></DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial size=3D2>Here =
is the Xml=20
file:</FONT></SPAN></DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D937574019-09102003><FONT face=3DArial =
size=3D2>&lt;?xml=20
version=3D"1.0"?&gt;<BR>&lt;?xml-stylesheet type=3D"text/xsl" =
href=3D"myfile.xsl"=20
?&gt;<BR>&lt;!DOCTYPE sales [<BR>&lt;!ELEMENT sales=20
(region*)&gt;<BR>&lt;!ATTLIST sales quarter CDATA =
#IMPLIED&gt;<BR>&lt;!ELEMENT=20
region (units, amount)&gt;<BR>&lt;!ATTLIST region name ID=20
#IMPLIED&gt;<BR>&lt;!ELEMENT units (#PCDATA) &gt;<BR>&lt;!ELEMENT amount =

(#PCDATA) &gt;<BR>]&gt;<BR>&lt;sales =
quarter=3D"2001-01"&gt;<BR>&nbsp;&nbsp;=20
&lt;region name=3D"Northeast"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;units&gt;374&lt;/units&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;amount&gt;12500.26&lt;/amount&gt;<BR>&nbsp;&nbsp;=20
&lt;/region&gt;<BR>&nbsp;&nbsp; &lt;region=20
name=3D"Southeast"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;units&gt;512&lt;/units&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;amount&gt;17692&lt;/amount&gt;<BR>&nbsp;&nbsp;=20
&lt;/region&gt;<BR>&nbsp;&nbsp; &lt;region=20
name=3D"Southwest"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;units&gt;161&lt;/units&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;amount&gt;8349.72&lt;/amount&gt;<BR>&nbsp;&nbsp;=20
&lt;/region&gt;<BR>&nbsp;&nbsp; &lt;region=20
name=3D"Northwest"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;units&gt;465&lt;/units&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;amount&gt;15239.6&lt;/amount&gt;<BR>&nbsp;&nbsp;=20
&lt;/region&gt;<BR>&lt;/sales&gt;<BR></FONT></SPAN></DIV></BODY></HTML>
=00
------_=_NextPart_001_01C38E9E.FE066A5B--