[xmlsec] Microsoft .NET 2.0 compatibility

Aleksey Sanin aleksey at aleksey.com
Wed Oct 29 14:33:28 PST 2008 

Well, I believe that you have to use exc-c14n. The c14n implementation
from .NET is not compatible with the c14n standard.

Aleksey

Name Removed wrote:
> I’ve created a project in Visual Studio that uses libxmlsec, and I’ve 
> used it to successfully verify some of the sample signed documents that 
> are provided with the Online Verifier.  However, a coworker created a 
> signed document for me using Microsoft’s implementation of .NET 2.0, and 
> I can’t verify the signature on it. 
> 
>  
> 
> He sent me the entire X509 certificate chain that he used, including the 
> root certificate, and I successfully loaded each certificate into a keys 
> manager.  When I try to verify the signature, I get this error message:
> 
>  
> 
> func=xmlSecOpenSSLEvpDigestVerify:file=..\..\src\open_ssl\digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid 
> data:data and digest do not match
> 
> Signature is INVALID
> 
>  
> 
> I noticed that, back in a 2004 thread, someone mentioned that 
> Microsoft’s .NET implementation had a problem with c14n, but not with 
> exc-c14n.  Does anyone out there know whether this continues to be a 
> problem?
> 
>  
> 
> Here is the Signature portion of the document I’m trying to work with:
> 
>  
> 
>   <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> 
>     <SignedInfo>
> 
>       <CanonicalizationMethod 
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
> 
>       <SignatureMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> 
>       <Reference URI="">
> 
>         <Transforms>
> 
>           <Transform 
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
> 
>         </Transforms>
> 
>         <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> 
>         <DigestValue>BCxyTVrdNmHOUVJeCyuAoFm3Yfg=</DigestValue>
> 
>       </Reference>
> 
>     </SignedInfo>    
> <SignatureValue>bRfw29/Xz11s+IpE6VrGNHvs2Ry1wx5fQyf+Q2hkjcJxG5TiB5rt/HmMr7T4gXA/J9DfV7BtrLalNnhXhlhZCRs4mv/ek1oukoOC8VuDzOyDlmNhcaggsgIdJkDo9YO3RloqnKWsW3E7dP7+xRq161j/JXmcq1JAko0e097gXx4=</SignatureValue>
> 
>   </Signature>
> 
>  
> 
> Any advice would be appreciated.  Thank you!
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list