[xmlsec] Bad digest in #Manifest
Aleksey Sanin
aleksey at aleksey.com
Thu Apr 3 09:37:13 PDT 2014
Try "--store-references" option to see what exactly was signed. Just
looking at the file, the DigestValue inside the #Manifest subtree looks
suspicious.
Aleksey
On 4/3/14, 5:46 AM, François Plou wrote:
> Hi,
>
> I am facing an issue trying to sign an xml document which makes
> reference to an external file.
> xmlsec1 gives me a digest for the URI=#Manifest which is not verified by
> tool like Apache XML Security.
> I am pretty sure there is something missing in the XML document I give
> to xmlsec but can't figure what.
>
> I sign the document named acmt.007.001.02_1.skel.1sign.object2.xml.
> The command I use is : xmlsec1 -- sign --output fpl.xml --privkey <key>
> acmt.007.001.02_1.skel.1sign.object2.xml
> The output document is fpl.xml
>
> The digest which is not the same as the one computed by Apache XML
> Security is 2jmj7l5rSw0yVb/vlWAYkK/YBwk=
> Apache Security is expecting M3eHHYZ3d//5HW/Gp583TrV/K4I=
>
> I found that the expecting digest match the manifest3.xml file enclosed
> (I built it manually).
> So it seems xmlsec is not creating the same manifest part.
>
> Do you have any idea what can be wrong in my
> acmt.007.001.02_1.skel.1sign.object2.xml file ? Do I need to add a
> transform ?
>
> Thanks for your help.
>
> Francois
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
More information about the xmlsec
mailing list