[xmlsec] FW: Invalid Signature - possible whitespace handling
problem
Rich Salz
rsalz at datapower.com
Thu Nov 20 12:27:36 PST 2003
> Behaviour is very predictable. If any tabs or CRs or LFs are disturbed
> within the SignedInfo element or any of its child elements, verification
> fails. The rest of the signature elements are not affected by tab CR or LF
> removal or insertion.
Not sure what you mean by "disturbed," but adding or removing whitespace
will significantly change the content of SignedInfo, and break the
signature. Changing CR to LF and vice-versa will not.
> Knowing you, this is probably exactly what the specification call for. Is
> this so ?
Yes.
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
More information about the xmlsec
mailing list