[xmlsec] XMLDSIG and MS CryptoAPI problem...

Csaba CSABAI csaba.csabai at saveas.hu
Tue Jul 8 10:24:57 PDT 2003 

Ok, then a bit more understandable, I hope: I want to write a program, what is able to generate itself an XMLDSIG without any other programs (means:xmlsec, xml-security,etc.) This program would use MS CryptoAPI for the crypto engine. The signature verify tools has a response, on the Signature what was generated by the program, its not ok. This is true, since I want to generate from the same content an xml signature, then out of the <SignatureValue> field, everything is identical with the good XML. Therefore sure, that the mistake IS the generated signature. I have looked other signatures generated by other programs (for ex. xmlsec). I did figure out, it is not the digest what have to be set by the CryptoAPI:CryptSignHash as an input (as hash data), but something else! (is it possible that there is something to vary on the source data?)
Finally, the major question is: if I see it correctly, that - the digitally signed hash and the hash in the <DigestValue> is not the same?

Csibi



> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
> Sent: 2003. július 8. 17:43
> To: xmlsec at aleksey.com
> Subject: Re: [xmlsec] XMLDSIG and MS CryptoAPI problem...
> 
> 
> 
> >Yesterday I tried to write a mail about the case 
> "XMLDSIG/MSCryptoAPI", 
> >as I can see it wasn't forwarded;
> >
> You have to be subscribed to the mailing list to post to it. 
> Otherwise, 
> you'll have to wait till I would
> have time to go thru the spam garbage and manually allow this.
> 
> >but it isn't a problem, because I was
> >able to step ahead. I think I am almost there, the "xmldsig" 
> generator 
> >is almost done, based on the "MS CryptoAPI", however I am 
> confronting 
> >now a new error.
> >
> I am not sure I clear understand what are you trying to do. 
> <DigestValue/> contains the digested
> result of processing <Reference/> element (with all transforms!). The 
> signature is applied later to
> the canonicalized <SignedInfo/> element. I would be happy to help you 
> but I just don't understand
> your questions (hint, take a look at XML DSig spec for details on 
> Signature generation).
> 
> Aleksey
> 
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
>

More information about the xmlsec mailing list