[xmlsec] Different digest value between .NET implementation and XmlSec?

Chugh, Sanjay schugh at filenet.com
Thu Oct 9 13:27:54 PDT 2003


Yes, you are right. The PI node is included in the output.
However, I was trying to understand exactly and "See" on what the digest
value is calculated.
I used the Sign3 example included with XmlSec and some example code from
the MSDN library.
The MSDN library is not using a certificate, just an RSA key, but that
should not matter for the digest value, just the signature value.
After both the examples run, the canonicalized version of the source xml
document is the same in both cases. See below.
However the digest value is different. Just so I could prove to myself
that I understand on what the digest is being calculated on, 
I took the canonicalized form of the source document and used openssl on
the command line to calculate the digest. The result I got was the same
as the one that I got from the .NET example. I then removed the PI from
the canonicalized document and used openssl on the command line to
calculate the digest again. This time it matched the value calculated
from XmlSec.
 
I hope I have explained things more clearly.
Off course maybe I am doing something wrong or am not understanding
something.
 
Here is the canonicalized form of the source document (it is the same as
generated from .NET and from XmlSec):
 
<?xml-stylesheet type="text/xsl" href="myfile.xsl" ?>
<sales quarter="2001-01">
   <region name="Northeast">
      <units>374</units>
      <amount>12500.26</amount>
   </region>
   <region name="Southeast">
      <units>512</units>
      <amount>17692</amount>
   </region>
   <region name="Southwest">
      <units>161</units>
      <amount>8349.72</amount>
   </region>
   <region name="Northwest">
      <units>465</units>
      <amount>15239.6</amount>
   </region>
</sales>

 
Thanks,
 
-- Sanjay
 
 
 -----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
Sent: October 9, 2003 2:08 PM
To: Chugh, Sanjay
Cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] Different digest value between .NET implementation
and XmlSec?



	xmlsec uses c14n code from LibXML2. If I just do a c14n for your
file then the processing 
	instruction node "<?xml-stylesheet type="text/xsl"
href="myfile.xsl" ?>"  is included in the 
	output:
	
	    [aleksey at lsh dev]$./libxml2/testC14N  --with-comments a.xml
	    <?xml-stylesheet type="text/xsl" href="myfile.xsl" ?>
	    <sales quarter="2001-01">
	    ...
	    </sales>
	
	It would be helpfull if you can give a more detailed example
with explanations how are you
	doing signatures in both xmlsec and .net cases.
	
	With best regards,
	Aleksey
	
	

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20031009/83707b54/attachment.htm


More information about the xmlsec mailing list