[xmlsec] Xml Signature verification failure

Tsai Kun Lai(Ecom) kltsai at ecomuniversal.com.tw
Tue Jun 17 01:11:51 PDT 2003 

Hi  Aleksey:

  I am trying XPath implementation. I use your xmlsec library(1.0.2),
, to sign a XPath template xml file. And then I paste it onto infomosaic
online verification page
	http://www.infomosaic.net/XMLSign/SecureXMLWSInfo.htm
  
  But the result shows that the digestvalue computation is wrong. In
this case, xpath selects self::* , which contains only the context node
itself, so the nodeset shall be "<Object></Object>". After C14N normalization,
it would be "<Object xmlns="http://www.w3.org/2000/09/xmldsig#"></Object>"
But from the digestvalue, I guess the output before digesting is "<Object></Object>"
(I directly compute "<Object></Object>" with sha1 and derive the same digestvalue.)
Do I mistakenly use your library? Would you like to point out what I make a mistake?
Thank you very much..

						kltsai
							
=====The template Begin====
<?xml version="1.0" encoding="UTF-8"?>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <Reference URI="#d123">
        <Transforms>
        <Transform
Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
              <XPath>
              	self::*
              </XPath>
        </Transform>      
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
        <DigestValue></DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue/>
    <KeyInfo>
	<KeyName/>
    </KeyInfo>
    <Object Id="d123">Wahaha</Object>
  </Signature>
=====The template End====

=====The result Begin====  
<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
      <SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
      <Reference URI="#d123">
        <Transforms>
        <Transform
Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
              <XPath>
              	self::*
              </XPath>
        </Transform>      
        </Transforms>
        <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>ML6emO8sCC9n+vSIVfDIIx1l8Xk=</DigestValue>
      </Reference>
    </SignedInfo>
 
<SignatureValue>ck19sgyCZpJ2L8EUzaGx9weDWhcjcoPIXatPEE7a7xuNOTyFJoI7uOUm
bqS48a6f
wg6fz5O5R7Hh68NJMFrbv1YBonl7frUEjz4SV4L5ZCdOB576NU6H68UqE4tbJLhJ
oVjZgzzg16WPs5A0h2Unltne9ntIrVptnLpirOcx/rIg69NEUaR5888G/QRQ36qv
zAepehrAJ0s6qFyWuMOdoCTrObcZVFSlCs5HHKkLzIxJVrVO0FotEECqAUjiX24r
RM4GDWQHW6Gu5Ot9KJmFCUl5cYssluAzSMaaoNHLU4VjA1UUBaYWzJ/6HpsGutir
IXNTDlMIH1qooBTTwEF1rA==</SignatureValue>
    <KeyInfo>
	<KeyName/>
    </KeyInfo>
    <Object Id="d123">Wahaha</Object>
  </Signature>  
=====The result End====      		
--

More information about the xmlsec mailing list