[xmlsec] Microsoft .NET compatibility
Aleksey Sanin
aleksey at aleksey.com
Mon May 19 11:28:15 PDT 2003
Rob,
Joseph Reagle (W3C XMLDSig Co-chair) was very interested in this
problem. He contacted
MS guys and it seems that the behaiviour you are describing is not what
they expect:
I heard generally that MS uses the XML parser normalization to normalize
\r\n as per the XML 1.0 specification. They do not normalize line feeds in
the XML Digital Signature code. However, they weren't sure about what
exactly was the problem raised on the xmldsig list and I pointed them to
your archives but haven't heard back.
As I wrote you in private mail before, it would be great if you can
provide an example of xml and
source files that show the problem. This will greatly help us to find
the problem and fix it.
With best regards,
Aleksey
Rob Cronin wrote:
>Hi Aleksey,
>
>Okay, I've figured it all out, or at least I think so, and I was hoping you
>could help me in making the next step. Here's what Microsoft does. They
>take the data, remove all of the line feeds (which I thought was part of the
>canonicalization), and create a digest from that using ENC-C14N, but then
>put the data with the line feeds back into the soap request, and add the
>digest into the <SignedInfo> tag. Then they take the <SignedInfo> tag and
>again, remove all of the line feeds in there, sign it, and then put the
>original <SignedInfo> back with the line feeds, and they add the new
>signature. So if I remove all the line feeds from the data and from the
><SignedInfo> tag, xmlsec can verify the signature just fine. Hence this
>document is verified fine by xmlsec
>
>
>
More information about the xmlsec
mailing list