<div dir="ltr">Canonical XMLVersion 1.0 does not remove linefeeds. Only normalize. Windows put CRLF and Linux LF. C14N normalize to LF.<br><br>See <a href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315">http://www.w3.org/TR/2001/REC-xml-c14n-20010315</a><br>
2 XML Canonicalization<br>2.1 Data Model<br>...<br>The XML processor performs the following tasks in order:
<ol><li>normalize line feeds</li></ol><p>...<br></p><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Mar 18, 2014 at 2:49 PM, François Plou <span dir="ltr"><<a href="mailto:fplou@webank.fr" target="_blank">fplou@webank.fr</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
I am trying to sign an XML document where I add a linefeed between two nodes.<br>
To my understanding, according canonicalization (1.0), an xml document like this :<br>
<br>
<node>a</node><br>
<br>
<node>b</node><br>
<br>
must give the same digest and signature value as this one :<br>
<br>
<node>a</node><br>
<node>b</node><br>
<br>
But this is not the case. When I use the option --store-reference, the output show the extra line feed.<br>
<br>
Below is my xml document :<br>
<br>
<?xml version = "1.0" encoding = "UTF-8"?><br>
<Document xmlns = "urn:iso:std:iso:20022:tech:<u></u>xsd:acmt.007.001.02" ><br>
<AcctOpngReq><br>
<Refs><br>
<MsgId><br>
<Id>ABC/090928/CCT001</Id><br>
<CreDtTm>2010-09-28T14:07:00</<u></u>CreDtTm><br>
</MsgId><br>
<PrcId><br>
<Id>ABC/090928/CCT001</Id><br>
<CreDtTm>2010-09-28T14:07:00</<u></u>CreDtTm><br>
</PrcId><br>
</Refs><br>
<br>
<Acct><br>
<Id><br>
<Othr><br>
<Id>NOREF</Id><br>
</Othr><br>
</Id><br>
<Tp><br>
<Cd>CASH</Cd><br>
</Tp><br>
<Ccy>USD</Ccy><br>
<MnthlyRcvdVal>200000</<u></u>MnthlyRcvdVal><br>
<MnthlyTxNb>100</MnthlyTxNb><br>
<AvrgBal>10000</AvrgBal><br>
</Acct><br>
<CtrctDts><br>
<TrgtGoLiveDt>2010-10-02</<u></u>TrgtGoLiveDt><br>
</CtrctDts><br>
<UndrlygMstrAgrmt><br>
<Ref>ABC/Acct/BBBBUS33</Ref><br>
<Vrsn>1.0</Vrsn><br>
</UndrlygMstrAgrmt><br>
<AcctSvcrId><br>
<FinInstnId><br>
<BICFI>BBBBUS33</BICFI><br>
</FinInstnId><br>
</AcctSvcrId><br>
<Org><br>
<FullLglNm>ABC Corporation</FullLglNm><br>
<CtryOfOpr>US</CtryOfOpr><br>
<RegnDt>1999-09-01</RegnDt><br>
<LglAdr><br>
<StrtNm>Times Square</StrtNm><br>
<BldgNb>7</BldgNb><br>
<PstCd>NY 10036</PstCd><br>
<TwnNm>New York</TwnNm><br>
<Ctry>US</Ctry><br>
</LglAdr><br>
<OrgId><br>
<Othr><br>
<Id>01256485-85</Id><br>
<SchmeNm><br>
<Prtry>TAX</Prtry><br>
</SchmeNm><br>
</Othr><br>
</OrgId><br>
<MainMndtHldr><br>
<Nm>Richard Jones</Nm><br>
<PstlAdr><br>
<AdrTp>HOME</AdrTp><br>
<StrtNm>La Guardia Drive</StrtNm><br>
<BldgNb>12</BldgNb><br>
<PstCd>NJ 07054</PstCd><br>
<TwnNm>Parsippany</TwnNm><br>
<Ctry>US</Ctry><br>
</PstlAdr><br>
<Id><br>
<DtAndPlcOfBirth><br>
<BirthDt>1960-05-01</BirthDt><br>
<CityOfBirth>New york</CityOfBirth><br>
<CtryOfBirth>US</CtryOfBirth><br>
</DtAndPlcOfBirth><br>
</Id><br>
</MainMndtHldr><br>
</Org><br>
<DgtlSgntr><br>
<Pty><br>
<Nm>fplou</Nm><br>
</Pty><br>
<Sgntr><br>
<Signature xmlns="<a href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/<u></u>09/xmldsig#</a>"><br>
<SignedInfo><br>
<CanonicalizationMethod Algorithm="<a href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" target="_blank">http://www.w3.org/<u></u>TR/2001/REC-xml-c14n-20010315</a>"<u></u>/><br>
<SignatureMethod Algorithm="<a href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" target="_blank">http://www.w3.org/<u></u>2001/04/xmldsig-more#rsa-<u></u>sha256</a>"/><br>
<Reference URI=""><br>
<Transforms><br>
<Transform Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" target="_blank">http://www.w3.org/<u></u>2000/09/xmldsig#enveloped-<u></u>signature</a>" /><br>
<Transform Algorithm="<a href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" target="_blank">http://www.w3.org/<u></u>TR/2001/REC-xml-c14n-20010315</a>" /><br>
</Transforms><br>
<DigestMethod Algorithm="<a href="http://www.w3.org/2001/04/xmlenc#sha256" target="_blank">http://www.w3.org/<u></u>2001/04/xmlenc#sha256</a>"/><br>
<DigestValue></DigestValue><br>
</Reference><br>
</SignedInfo><br>
<SignatureValue /><br>
<KeyInfo><br>
<KeyValue /><br>
</KeyInfo><br>
</Signature><br>
</Sgntr><br>
</DgtlSgntr><br>
</AcctOpngReq><br>
</Document><br>
<br>
The ouput of --store-references is the following :<br>
<br>
== PreDigest data - start buffer:<br>
<Document xmlns="urn:iso:std:iso:20022:<u></u>tech:xsd:acmt.007.001.02"><br>
<AcctOpngReq><br>
<Refs><br>
<MsgId><br>
<Id>ABC/090928/CCT001</Id><br>
<CreDtTm>2010-09-28T14:07:00</<u></u>CreDtTm><br>
</MsgId><br>
<PrcId><br>
<Id>ABC/090928/CCT001</Id><br>
<CreDtTm>2010-09-28T14:07:00</<u></u>CreDtTm><br>
</PrcId><br>
</Refs><br>
<br>
<Acct><br>
<Id><br>
<Othr><br>
<Id>NOREF</Id><br>
</Othr><br>
</Id><br>
<Tp><br>
<Cd>CASH</Cd><br>
</Tp><br>
<Ccy>USD</Ccy><br>
<MnthlyRcvdVal>200000</<u></u>MnthlyRcvdVal><br>
<MnthlyTxNb>100</MnthlyTxNb><br>
<AvrgBal>10000</AvrgBal><br>
</Acct><br>
<CtrctDts><br>
<TrgtGoLiveDt>2010-10-02</<u></u>TrgtGoLiveDt><br>
</CtrctDts><br>
<UndrlygMstrAgrmt><br>
<Ref>ABC/Acct/BBBBUS33</Ref><br>
<Vrsn>1.0</Vrsn><br>
</UndrlygMstrAgrmt><br>
<AcctSvcrId><br>
<FinInstnId><br>
<BICFI>BBBBUS33</BICFI><br>
</FinInstnId><br>
</AcctSvcrId><br>
<Org><br>
<FullLglNm>ABC Corporation</FullLglNm><br>
<CtryOfOpr>US</CtryOfOpr><br>
<RegnDt>1999-09-01</RegnDt><br>
<LglAdr><br>
<StrtNm>Times Square</StrtNm><br>
<BldgNb>7</BldgNb><br>
<PstCd>NY 10036</PstCd><br>
<TwnNm>New York</TwnNm><br>
<Ctry>US</Ctry><br>
</LglAdr><br>
<OrgId><br>
<Othr><br>
<Id>01256485-85</Id><br>
<SchmeNm><br>
<Prtry>TAX</Prtry><br>
</SchmeNm><br>
</Othr><br>
</OrgId><br>
<MainMndtHldr><br>
<Nm>Richard Jones</Nm><br>
<PstlAdr><br>
<AdrTp>HOME</AdrTp><br>
<StrtNm>La Guardia Drive</StrtNm><br>
<BldgNb>12</BldgNb><br>
<PstCd>NJ 07054</PstCd><br>
<TwnNm>Parsippany</TwnNm><br>
<Ctry>US</Ctry><br>
</PstlAdr><br>
<Id><br>
<DtAndPlcOfBirth><br>
<BirthDt>1960-05-01</BirthDt><br>
<CityOfBirth>New york</CityOfBirth><br>
<CtryOfBirth>US</CtryOfBirth><br>
</DtAndPlcOfBirth><br>
</Id><br>
</MainMndtHldr><br>
</Org><br>
<DgtlSgntr><br>
<Pty><br>
<Nm>fplou</Nm><br>
</Pty><br>
<Sgntr><br>
<br>
</Sgntr><br>
</DgtlSgntr><br>
</AcctOpngReq><br>
</Document><br>
== PreDigest data - end buffer<br>
== Result - start buffer:<br>
v80V0QWK0r89EhOr4Kh4Q79ofZ/<u></u>zYw2ReI4s8e0ebW4=<br>
== Result - end buffer<br>
== Manifest References List:<br>
=== list size: 0<br>
== Result - start buffer:<br>
ELC9j9/<u></u>SaQ3VOcVcZBV4ZFpHsRU7jfc25gHCx<u></u>9/CyCQBLyNF6yqfzLjTuvg9NAvF<br>
HaDXuKhLvTjtEG1hgvuXXkyKFgJkA+<u></u>pJrIKcOmpVMcwgR85MpZ/<u></u>1BumxEeHPtHif<br>
PQp9ngJmQ6PzC7P3FFmDfNGoY3gOyi<u></u>K/s+IecGtqr+<u></u>A5JwALFFNkXgEp96DBqF4P<br>
d2HRNH0LbIw0IKQN+<u></u>BckTOxeLFNQ269fP0AFuFxVp8fVQfh<u></u>GuMJHlNnr3lX2WHjw<br>
emqcEW4X/<u></u>0vcFcoKUsvGRRwz7eFYjjMjrghaOWW<u></u>+byPYQrHFOV7o0wN9UC8TCN9R<br>
YXnL/c3Rx7P+QkX7/f7n4g==<br>
== Result - end buffer<br>
<br>
<br>
If I remove the line feed between :<br>
</Refs><br>
<br>
<Acct><br>
<br>
The output is slightly different :<br>
<br>
== PreDigest data - start buffer:<br>
<Document xmlns="urn:iso:std:iso:20022:<u></u>tech:xsd:acmt.007.001.02"><br>
<AcctOpngReq><br>
<Refs><br>
<MsgId><br>
<Id>ABC/090928/CCT001</Id><br>
<CreDtTm>2010-09-28T14:07:00</<u></u>CreDtTm><br>
</MsgId><br>
<PrcId><br>
<Id>ABC/090928/CCT001</Id><br>
<CreDtTm>2010-09-28T14:07:00</<u></u>CreDtTm><br>
</PrcId><br>
</Refs><br>
<Acct><br>
<Id><br>
<Othr><br>
<Id>NOREF</Id><br>
</Othr><br>
</Id><br>
<Tp><br>
<Cd>CASH</Cd><br>
</Tp><br>
<Ccy>USD</Ccy><br>
<MnthlyRcvdVal>200000</<u></u>MnthlyRcvdVal><br>
<MnthlyTxNb>100</MnthlyTxNb><br>
<AvrgBal>10000</AvrgBal><br>
</Acct><br>
<CtrctDts><br>
<TrgtGoLiveDt>2010-10-02</<u></u>TrgtGoLiveDt><br>
</CtrctDts><br>
<UndrlygMstrAgrmt><br>
<Ref>ABC/Acct/BBBBUS33</Ref><br>
<Vrsn>1.0</Vrsn><br>
</UndrlygMstrAgrmt><br>
<AcctSvcrId><br>
<FinInstnId><br>
<BICFI>BBBBUS33</BICFI><br>
</FinInstnId><br>
</AcctSvcrId><br>
<Org><br>
<FullLglNm>ABC Corporation</FullLglNm><br>
<CtryOfOpr>US</CtryOfOpr><br>
<RegnDt>1999-09-01</RegnDt><br>
<LglAdr><br>
<StrtNm>Times Square</StrtNm><br>
<BldgNb>7</BldgNb><br>
<PstCd>NY 10036</PstCd><br>
<TwnNm>New York</TwnNm><br>
<Ctry>US</Ctry><br>
</LglAdr><br>
<OrgId><br>
<Othr><br>
<Id>01256485-85</Id><br>
<SchmeNm><br>
<Prtry>TAX</Prtry><br>
</SchmeNm><br>
</Othr><br>
</OrgId><br>
<MainMndtHldr><br>
<Nm>Richard Jones</Nm><br>
<PstlAdr><br>
<AdrTp>HOME</AdrTp><br>
<StrtNm>La Guardia Drive</StrtNm><br>
<BldgNb>12</BldgNb><br>
<PstCd>NJ 07054</PstCd><br>
<TwnNm>Parsippany</TwnNm><br>
<Ctry>US</Ctry><br>
</PstlAdr><br>
<Id><br>
<DtAndPlcOfBirth><br>
<BirthDt>1960-05-01</BirthDt><br>
<CityOfBirth>New york</CityOfBirth><br>
<CtryOfBirth>US</CtryOfBirth><br>
</DtAndPlcOfBirth><br>
</Id><br>
</MainMndtHldr><br>
</Org><br>
<DgtlSgntr><br>
<Pty><br>
<Nm>fplou</Nm><br>
</Pty><br>
<Sgntr><br>
<br>
</Sgntr><br>
</DgtlSgntr><br>
</AcctOpngReq><br>
</Document><br>
== PreDigest data - end buffer<br>
== Result - start buffer:<br>
zYybkjAuafmZgmnEbWItuE4Q1+<u></u>u76x4I5HExyHThFe0=<br>
== Result - end buffer<br>
== Manifest References List:<br>
=== list size: 0<br>
== Result - start buffer:<br>
VsVLlG0KahJelXvXjo2Ozst5axBXxt<u></u>WeR4So0P+<u></u>PAAcOi6ihtTKc5oUUJjIEivbO<br>
rCkdKuT4AFlbPEF8t4ErMAHS6iCP5J<u></u>plF3zQA1YzVxGzmOQFRtpBookknF5w<u></u>Xu7H<br>
adyr9dIuZPcudAX7ZV0R0iwRIJJwdZ<u></u>QgYvA4HgZJJ3eMlBj8K1Zp5WR4Ubbk<u></u>BacV<br>
/<u></u>dOnIIpRljd3YwxCnHp7hO6oizGOIkN<u></u>hGbq6kkJ3ULGxWuT9/<u></u>xy5IO64AV397PiK<br>
R0VtvNDNXW2WFjLfJ3XBuaVUq2T/<u></u>GVCB9tcXYPUh67wwqzAyiaHUcymYgg<u></u>2CZ6kF<br>
3eZvTwOjkVmrY7iYuAsqeQ==<br>
== Result - end buffer<br>
<br>
I am working on latest release of xmlsec and on Unix.<br>
<br>
Is my understanding correct ?<br>
<br>
Thanks.<br>
<br>
Francois<br>
<br>
______________________________<u></u>_________________<br>
xmlsec mailing list<br>
<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a><br>
<a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/<u></u>mailman/listinfo/xmlsec</a><br>
</blockquote></div><br></div>