AW: [xmlsec] Problems verifing digest value

Lehnert, Hartmut Lehnert at secunet.de
Thu Oct 16 02:36:12 PDT 2003


Hi Aleksey,
it seems to be clear what mistake I made - but I'm no XML crack, so I still
wonder what the problem is. Can you explain it in more detail?
Thanks
Hartmut

-----Ursprüngliche Nachricht-----
Von: Aleksey Sanin [mailto:aleksey at aleksey.com] 
Gesendet: Mittwoch, 15. Oktober 2003 17:02
An: Lehnert, Hartmut
Cc: xmlsec at aleksey.com
Betreff: Re: [xmlsec] Problems verifing digest value


Check how to you serialize XML document. You *don't* want to format signed
document.

Aleksey

Lehnert, Hartmut wrote:


Hi,
 
I'm using xmlsec with my own crypto lib (smartcard signatures) to generate
XML signatures. The Signature node is generated dynamically - together with
a XAdES Object node containing SignedProperties (e.g. SigningTime). To use
these SignedProperties a Reference node is created below SignedInfo node.
I've also written an OpenSSL based verificator for the output docs of the
first application.
Now comes the problem: When I generate the complete Signature node
dynamically, the hash value for the SignedProperties cannot be reproduced by
the OpenSSL based application, but when I use the output of the first
application as an input with Signature node template (also for the first
application), then the output hash values now can all be verified by the
OpenSSL based application. An example for the input docs with Signature
template is appended to this email.
 
Do you have an idea?
Thank you very much.
Hartmut Lehnert

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 4460 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20031016/e7cbc6dd/attachment.bin


More information about the xmlsec mailing list