[xmlsec] Different digest value between .NET implementation and XmlSec?

Chugh, Sanjay schugh@filenet.com
Thu, 9 Oct 2003 14:27:54 -0600 

This is a multi-part message in MIME format.

------_=_NextPart_001_01C38EA3.D1A26AE1
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Yes, you are right. The PI node is included in the output.
However, I was trying to understand exactly and "See" on what the digest
value is calculated.
I used the Sign3 example included with XmlSec and some example code from
the MSDN library.
The MSDN library is not using a certificate, just an RSA key, but that
should not matter for the digest value, just the signature value.
After both the examples run, the canonicalized version of the source xml
document is the same in both cases. See below.
However the digest value is different. Just so I could prove to myself
that I understand on what the digest is being calculated on,=20
I took the canonicalized form of the source document and used openssl on
the command line to calculate the digest. The result I got was the same
as the one that I got from the .NET example. I then removed the PI from
the canonicalized document and used openssl on the command line to
calculate the digest again. This time it matched the value calculated
from XmlSec.
=20
I hope I have explained things more clearly.
Off course maybe I am doing something wrong or am not understanding
something.
=20
Here is the canonicalized form of the source document (it is the same as
generated from .NET and from XmlSec):
=20
<?xml-stylesheet type=3D"text/xsl" href=3D"myfile.xsl" ?>
<sales quarter=3D"2001-01">
   <region name=3D"Northeast">
      <units>374</units>
      <amount>12500.26</amount>
   </region>
   <region name=3D"Southeast">
      <units>512</units>
      <amount>17692</amount>
   </region>
   <region name=3D"Southwest">
      <units>161</units>
      <amount>8349.72</amount>
   </region>
   <region name=3D"Northwest">
      <units>465</units>
      <amount>15239.6</amount>
   </region>
</sales>

=20
Thanks,
=20
-- Sanjay
=20
=20
 -----Original Message-----
From: Aleksey Sanin [mailto:aleksey@aleksey.com]=20
Sent: October 9, 2003 2:08 PM
To: Chugh, Sanjay
Cc: xmlsec@aleksey.com
Subject: Re: [xmlsec] Different digest value between .NET implementation
and XmlSec?



	xmlsec uses c14n code from LibXML2. If I just do a c14n for your
file then the processing=20
	instruction node "<?xml-stylesheet type=3D"text/xsl"
href=3D"myfile.xsl" ?>"  is included in the=20
	output:
=09
	    [aleksey@lsh dev]$./libxml2/testC14N  --with-comments a.xml
	    <?xml-stylesheet type=3D"text/xsl" href=3D"myfile.xsl" ?>
	    <sales quarter=3D"2001-01">
	    ...
	    </sales>
=09
	It would be helpfull if you can give a more detailed example
with explanations how are you
	doing signatures in both xmlsec and .net cases.
=09
	With best regards,
	Aleksey
=09
=09


------_=_NextPart_001_01C38EA3.D1A26AE1
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Message</TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2800.1264" name=3DGENERATOR></HEAD>
<BODY text=3D#000000 bgColor=3D#ffffff>
<DIV><SPAN class=3D032281120-09102003><FONT face=3DArial color=3D#0000ff =
size=3D2>Yes,=20
you are right. The PI node is included in the =
output.</FONT></SPAN></DIV>
<DIV><SPAN class=3D032281120-09102003><FONT face=3DArial color=3D#0000ff =

size=3D2>However, I was trying to understand exactly and "See" on what =
the digest=20
value is calculated.</FONT></SPAN></DIV>
<DIV><SPAN class=3D032281120-09102003><FONT face=3DArial color=3D#0000ff =
size=3D2>I used=20
the Sign3 example included with XmlSec and some example code from the =
MSDN=20
library.</FONT></SPAN></DIV>
<DIV><SPAN class=3D032281120-09102003><FONT face=3DArial color=3D#0000ff =
size=3D2>The=20
MSDN library is not using a certificate, just an RSA key, but that =
should not=20
matter for the digest value, just the signature =
value.</FONT></SPAN></DIV>
<DIV><SPAN class=3D032281120-09102003><FONT face=3DArial color=3D#0000ff =
size=3D2>After=20
both the examples run, the canonicalized version of the source xml =
document is=20
the same in both cases. See below.</FONT></SPAN></DIV>
<DIV><SPAN class=3D032281120-09102003><FONT face=3DArial color=3D#0000ff =

size=3D2>However the digest value is different. Just so I could prove to =
myself=20
that I understand on what the digest is being calculated on,=20
</FONT></SPAN></DIV>
<DIV><SPAN class=3D032281120-09102003><FONT face=3DArial color=3D#0000ff =
size=3D2>I took=20
the canonicalized form of the source document and used openssl on the =
command=20
line to calculate the digest. The result I got was the =
same</FONT></SPAN></DIV>
<DIV><SPAN class=3D032281120-09102003><FONT face=3DArial color=3D#0000ff =
size=3D2>as the=20
one that I got from the .NET example. I then removed the PI from the=20
canonicalized document and used openssl on the command line to calculate =
the=20
digest again. This time it matched the value calculated from=20
XmlSec.</FONT></SPAN></DIV>
<DIV><SPAN class=3D032281120-09102003><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D032281120-09102003><FONT face=3DArial color=3D#0000ff =
size=3D2>I hope=20
I have explained things more clearly.</FONT></SPAN></DIV>
<DIV><SPAN class=3D032281120-09102003><FONT face=3DArial color=3D#0000ff =
size=3D2>Off=20
course maybe I am doing something wrong or am not understanding=20
something.</FONT></SPAN></DIV>
<DIV><SPAN class=3D032281120-09102003><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D032281120-09102003><FONT face=3DArial color=3D#0000ff =
size=3D2>Here=20
is the canonicalized form of the source document (it is the same as =
generated=20
from .NET and from XmlSec):</FONT></SPAN></DIV>
<DIV><SPAN class=3D032281120-09102003><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D032281120-09102003><FONT face=3DArial color=3D#0000ff =

size=3D2>&lt;?xml-stylesheet type=3D"text/xsl" href=3D"myfile.xsl" =
?&gt;<BR>&lt;sales=20
quarter=3D"2001-01"&gt;<BR>&nbsp;&nbsp; &lt;region=20
name=3D"Northeast"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;units&gt;374&lt;/units&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;amount&gt;12500.26&lt;/amount&gt;<BR>&nbsp;&nbsp;=20
&lt;/region&gt;<BR>&nbsp;&nbsp; &lt;region=20
name=3D"Southeast"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;units&gt;512&lt;/units&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;amount&gt;17692&lt;/amount&gt;<BR>&nbsp;&nbsp;=20
&lt;/region&gt;<BR>&nbsp;&nbsp; &lt;region=20
name=3D"Southwest"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;units&gt;161&lt;/units&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;amount&gt;8349.72&lt;/amount&gt;<BR>&nbsp;&nbsp;=20
&lt;/region&gt;<BR>&nbsp;&nbsp; &lt;region=20
name=3D"Northwest"&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;units&gt;465&lt;/units&gt;<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=20
&lt;amount&gt;15239.6&lt;/amount&gt;<BR>&nbsp;&nbsp;=20
&lt;/region&gt;<BR>&lt;/sales&gt;<BR></FONT></SPAN></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2></FONT>&nbsp;</DIV>
<DIV><SPAN class=3D032281120-09102003><FONT face=3DArial color=3D#0000ff =

size=3D2>Thanks,</FONT></SPAN></DIV>
<DIV><SPAN class=3D032281120-09102003><FONT face=3DArial color=3D#0000ff =

size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN =
class=3D032281120-09102003>--=20
Sanjay</SPAN></FONT></DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D032281120-09102003></SPAN></FONT><FONT face=3DArial =
color=3D#0000ff=20
size=3D2><SPAN class=3D032281120-09102003></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D032281120-09102003></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial color=3D#0000ff size=3D2><SPAN=20
class=3D032281120-09102003>&nbsp;</SPAN></FONT><FONT face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Aleksey Sanin=20
[mailto:aleksey@aleksey.com] <BR><B>Sent:</B> October 9, 2003 2:08=20
PM<BR><B>To:</B> Chugh, Sanjay<BR><B>Cc:</B>=20
xmlsec@aleksey.com<BR><B>Subject:</B> Re: [xmlsec] Different digest =
value=20
between .NET implementation and XmlSec?<BR><BR></DIV></FONT>
<BLOCKQUOTE style=3D"MARGIN-RIGHT: 0px">xmlsec uses c14n code from =
LibXML2. If I=20
  just do a c14n for your file then the processing <BR>instruction node =
"<SPAN=20
  class=3D937574019-09102003><FONT face=3DArial =
size=3D2>&lt;?xml-stylesheet=20
  type=3D"text/xsl" href=3D"myfile.xsl" ?&gt;"&nbsp; </FONT></SPAN>is =
included in=20
  the <BR>output:<BR><BR>&nbsp;&nbsp;&nbsp; [aleksey@lsh=20
  dev]$./libxml2/testC14N&nbsp; --with-comments =
a.xml<BR>&nbsp;&nbsp;&nbsp;=20
  &lt;?xml-stylesheet type=3D"text/xsl" href=3D"myfile.xsl"=20
  ?&gt;<BR>&nbsp;&nbsp;&nbsp; &lt;sales=20
  quarter=3D"2001-01"&gt;<BR>&nbsp;&nbsp;&nbsp; =
...<BR>&nbsp;&nbsp;&nbsp;=20
  &lt;/sales&gt;<BR><BR>It would be helpfull if you can give a more =
detailed=20
  example with explanations how are you<BR>doing signatures in both =
xmlsec and=20
  .net cases.<BR><BR><SPAN class=3D937574019-09102003><FONT face=3DArial =
size=3D2>With=20
  best =
regards,<BR>Aleksey<BR><BR></BLOCKQUOTE></FONT></SPAN></BODY></HTML>
=00
------_=_NextPart_001_01C38EA3.D1A26AE1--