[xmlsec] X509, verification of signature
Highdone Trias
highdonet at adventresources.com
Tue Mar 15 14:48:46 PST 2005
Hi,
If the error is NOT caused by the common reasons, and I do not have access
to the code that does the signature, what suggestion can you give to me?
Highdone Trias
Advent Resources, Inc.
www.adventresources.com
310.241.1500x2214
---------- Original Message -----------
From: Aleksey Sanin <aleksey at aleksey.com>
To: Highdone Trias <highdonet at adventresources.com>
Cc: piotr at fraktal.com.pl, xmlsec at aleksey.com
Sent: Tue, 15 Mar 2005 10:36:44 -0800
Subject: Re: [xmlsec] X509, verification of signature
> The error indicates that one of the digests does not match. There
> are two most common reasons for this error:
> - The document was actually modified (may be, accidentialy). For
> example, spaces or end-of-lines were inserted by a mailer program.
> - The C14N incompatibility either because the of difference in a
> way Phaos and xmlsec do C14N or because the C14N was done from different
> contexts.
>
> If you have access to the code that does the signature, I would suggest
> to do the following:
> - Make sure that document is not changed on the way.
> - Make sure that signature happens from the same context (e.g. inside
> the SOAP stuff).
> - Try C14N instead of exc C14N.
> - Get the c14n output from Phaos right before it digests it and compare
> with what xmlsec does (--store-references option for xmlsec command
> line utility).
>
> Best,
> Aleksey
------- End of Original Message -------
More information about the xmlsec
mailing list