AW: AW: AW: [xmlsec] Problems verifing digest value
Lehnert, Hartmut
Lehnert at secunet.de
Fri Oct 17 08:34:08 PDT 2003
Yes, you're right! (Sorry for not reading
www.w3.org/TR/2001/REC-xml-c14-n20010315 :-( )
But is there any solution for this problem? How can the
in-memory-representation be transformed before calculating the hash value so
that the hash created over the in-memory-representation matches the hash
value created over the canonicalized file representation?
Thank you VERY much for this answer;-)
Hartmut
-----Ursprüngliche Nachricht-----
Von: Aleksey Sanin [mailto:aleksey at aleksey.com]
Gesendet: Freitag, 17. Oktober 2003 17:03
An: Lehnert, Hartmut
Cc: xmlsec at aleksey.com
Betreff: Re: AW: AW: [xmlsec] Problems verifing digest value
Canonicalization does preserve spaces. Read the spec, please.
I guess that you are creating document (or part of it) in memory, sign it,
after that you adding spaces when you are writing document out. And
signature on the result fails, of course.
Now when you sign the document *with spaces* from disk and then verify it
everything works just fine.
Aleksey
Lehnert, Hartmut wrote:
>Hello Aleksey,
>I cannot believe that this can be a problem here, because before
>creating any hashs or signatures the canonicalization is performed at
>first - on all references (I think;-)). So why should it make a
>difference if I create the complete signature node in memory and then
>call "xmlSecDSigCtxSign" (which performs all transformations) or if I
>read the XML file, then create all nodes in memory and then also call
>"xmlSecDSigCtxSign"?
>
>Hartmut
>
>
More information about the xmlsec
mailing list