<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <tt>Hi!</tt><tt><br>
    </tt><tt><br>
    </tt><tt>I have a signed xml file with Xades information</tt><tt><br>
    </tt><tt>I try to verify the signature with:</tt><tt><br>
    </tt><tt><br>
      $ xmlsec1 --verify --id-attr:Id Bordereau --id-attr:Id Signature
      --id-attr:Id SignedProperties --node-id IDC1141029105800p0100
      test.xml<br>
    </tt><tt>func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid
      data:data and digest do not match</tt><tt><br>
    </tt><tt>FAIL</tt><tt><br>
    </tt><tt>SignedInfo References (ok/all): 1/2</tt><tt><br>
    </tt><tt><br>
    </tt><tt>The first part of the signature is validate by xmlsec1</tt><tt><br>
    </tt><tt>but it seems that xmlsec1 can't access to the second part
      (Xades information)</tt><tt><br>
    </tt><tt><br>
    </tt><tt>If I use the "</tt><tt>--store-references" flags</tt>, I
    can see the "PreDigest data" of the first part, but xmlsec1 never
    displays the "PreDigest data" of the second part<br>
    <br>
    Here an extract of the file<br>
            <Bordereau Id="<b>B01201462</b>"><br>
                <BlocBordereau><br>
                ...<br>
                <ds:Signature Id="IDC1141029105800p0100"><br>
                    <ds:SignedInfo><br>
                        <ds:CanonicalizationMethod
    Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/10/xml-exc-c14n#">"http://www.w3.org/2001/10/xml-exc-c14n#"</a>/><br>
                        <ds:SignatureMethod
    Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">"http://www.w3.org/2000/09/xmldsig#rsa-sha1"</a>/><br>
                        <ds:Reference URI="#<b>B01201462</b>"><br>
                            <ds:Transforms><br>
                                <ds:Transform
    Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">"http://www.w3.org/2000/09/xmldsig#enveloped-signature"</a>/><br>
                                <ds:Transform
    Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/10/xml-exc-c14n#">"http://www.w3.org/2001/10/xml-exc-c14n#"</a>/><br>
                            </ds:Transforms><br>
                            <ds:DigestMethod
    Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#sha1">"http://www.w3.org/2000/09/xmldsig#sha1"</a>/><br>
                           
<ds:DigestValue>m24cE8pHsEwYBbVnCcUGUT49i3g=</ds:DigestValue><br>
                        </ds:Reference><br>
                        <ds:Reference URI="#<b>IDC1141029105800p0100_SP</b>"><br>
                            <ds:Transforms><br>
                                <ds:Transform
    Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">"http://www.w3.org/2000/09/xmldsig#enveloped-signature"</a>/><br>
                                <ds:Transform
    Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2001/10/xml-exc-c14n#">"http://www.w3.org/2001/10/xml-exc-c14n#"</a>/><br>
                            </ds:Transforms><br>
                            <ds:DigestMethod
    Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#sha1">"http://www.w3.org/2000/09/xmldsig#sha1"</a>/><br>
                           
<ds:DigestValue>OgLDEJDln8+bp7jX1pxs5j/0poM=</ds:DigestValue><br>
                        </ds:Reference><br>
                    </ds:SignedInfo><br>
                    ...<br>
                    <ds:Object Id="IDC1141029105800p0100_QI"><br>
                        <xad:QualifyingProperties
    Target="IDC1141029105800p0100"><br>
                            <xad:SignedProperties Id="<b>IDC1141029105800p0100_SP</b>"><br>
                                <xad:SignedSignatureProperties><br>
                                   
    <xad:SigningTime>2014-10-29T09:58:00.191Z</xad:SigningTime><br>
                </ds:Signature><br>
            </Bordereau><br>
    <br>
    And an extract of the output<br>
        = REFERENCE VERIFICATION CONTEXT<br>
        == Status: succeeded<br>
        == URI: "#B01201462"<br>
    [...]<br>
        === uri: <br>
        === uri xpointer expr: #B01201462<br>
        === Transform: xpointer
    (href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2001/04/xmldsig-more/xptr">http://www.w3.org/2001/04/xmldsig-more/xptr</a>)<br>
        === Transform: enveloped-signature
    (href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>)<br>
        === Transform: exc-c14n
    (href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>)<br>
        === Transform: membuf-transform (href=NULL)<br>
        === Transform: sha1
    (href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br>
        === Transform: membuf-transform (href=NULL)<br>
        == Digest Method:<br>
        === Transform: sha1
    (href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br>
        == PreDigest data - start buffer:<br>
        <Bordereau Id="B01201462"><BlocBordereau><Exer
    V="2014"></Exer>.........</Bordereau><br>
        == PreDigest data - end buffer<br>
        = REFERENCE VERIFICATION CONTEXT<br>
        == Status: invalid<br>
        == URI: "#IDC1141029105800p0100_SP"<br>
    [...]<br>
        === uri: <br>
        === uri xpointer expr: #IDC1141029105800p0100_SP<br>
        === Transform: xpointer
    (href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2001/04/xmldsig-more/xptr">http://www.w3.org/2001/04/xmldsig-more/xptr</a>)<br>
        === Transform: enveloped-signature
    (href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>)<br>
        === Transform: exc-c14n
    (href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>)<br>
        === Transform: membuf-transform (href=NULL)<br>
        === Transform: sha1
    (href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br>
        === Transform: membuf-transform (href=NULL)<br>
        == Digest Method:<br>
        === Transform: sha1
    (href=<a class="moz-txt-link-freetext" href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br>
    => No PreDigest data here !<br>
    <br>
    where is my mistake ?<br>
    <br>
    I use xmlsec 1.2.18 (openssl)<br>
    (here the full xml file and xmlsec output =>
    <a class="moz-txt-link-freetext" href="http://dl.free.fr/ekDbPkF63">http://dl.free.fr/ekDbPkF63</a>)<br>
    <br>
    Regards,<br>
    <br>
  </body>
</html>