[xmlsec] Whitespace issues when creating an XML document

Dave Chapman dave at dchapman.com
Mon May 26 13:29:14 PDT 2008 

Aleksey,

Thanks for the reply.

I'm fully aware of the significance of whitespace, and the issue isn't 
that I want "formatted" XML, it's that I want libxml2 to have the same 
representation in RAM as the file will be when it is later written to 
disk - so I can reliably create a signature for it.

But if there's no known solution to that (apart from saving to disk and 
re-reading), then I guess I'll need to take it to the libxml2 devs.

Regards,

Dave.

Aleksey Sanin wrote:
> 1) Spaces are important in XML and XMLDSig
> 2) If you want to have "formatted" XML then you have to add spaces.
> 3) Sorry, but there is no way around it.
> 
> Aleksey
> 
> 
> Dave Chapman wrote:
>> Hi,
>>
>> I've ran into a problem when trying to create and verify a signature 
>> for an XML document created in RAM, but haven't been able to find any 
>> reports of others having similar problems, or any nicer solution than 
>> the workaround I've used.  Most examples/questions seem to relate to 
>> adding signatures to already existing XML documents.
>>
>> The signing code my program uses is based on the sign3.c example, and 
>> the verification is based on verify3.c.
>>
>> My program did the following, and the resulting document failed to 
>> verify (data and digest mismatch):
>>
>> 1) Create the XML document to be signed in RAM using the libxml2 
>> functions xmlNewNode, xmlAddChild, xmlAddProp etc
>>
>> 2) Sign the document with xmlSecDSigCtxSign()
>>
>> 3) Write the document to disk with xmlSaveFormatFileEnc()
>>
>> If I added the verification code to this program between steps 2) and 
>> 3), instead of in a second program, then the verification worked.
>>
>> This lead me to the conclusion that the issue was with libxml2 adding 
>> whitespace to the document when saving it to disk.
>>
>> Adding the workaround of saving the created document to disk, and then 
>> reloading it before calculating and adding the signature fixed the 
>> problem, but I'm hoping there's a nicer solution that avoids this 
>> extra write/read step.
>>
>> This is possibly more of a libxml2 question than xmlsec, but I'm 
>> hoping that someone here has solved this problem previously, and that 
>> having the question in the xmlsec mail archives will help others.
>>
>>
>> Regards,
>>
>> Dave.
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
> 
>

More information about the xmlsec mailing list