[xmlsec] example 1 always give the same digest value
Aleksey Sanin
aleksey at aleksey.com
Tue Sep 24 22:30:53 PDT 2002
BTW, forgot to say that xmlsec application should print an error message
about empty nodes set (something like "invalid nodes set : empty"). And you
should have an error in OpenSSL errors stack in the application.
Aleksey
Aleksey Sanin wrote:
> You can check xmlsec mailing list for detailed explanation but briefly
> Id attribute
> means *nothing* w/o a DTD or schema. In your case, XMLSec always
> digests an
> empty value simply because URI="#msg.194549.signedook" could not be
> found.
> I believe that adding something like
> <!DOCTYPE test [
> <!ATTLIST Data Id ID #IMPLIED>
> ]>
> should solve your problem (see xmlsec/docs/examples/dsig3/tests.tmpl
> file for details).
> Of course, the DTD may be external or you may add Id attribute manualy by
> calling LibXML2 xmlAddID() function after loading the document.
>
> Aleksey.
>
>
>
>
> Derek Lei Liu wrote:
>
>> Hi,
>>
>> I am trying to use example1 on Solaris. The test xml
>> and the private key are attached in following. I
>> tried to use local reference here, but found the
>> digested value never changed even I changed the
>> content in <Data>. I am relatively new to this area
>> and the project I am working on is rather urgent on
>> this part. I gdb into the test program and found that
>> the first time SHA1_Update was called as for
>> <SignInfo> (signature stuff). This function is
>> supposed to be called for the digested value, right?
>>
>> thanks
>>
>> Derek
>>
>>
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <Top>
>> <SecondTop id="1">
>> <Data Id="msg.194549.signedook">
>> <version>1.0.1</version>
>> <StudentName>
>> <StudentID>12111111111</StudentID>
>> <TotalCredits>111111111111111-11111111</TotalCredits>
>> </StudentName>
>> <Course>
>> <CourseID>English Literature</CourseID>
>> <date>20020901 17:20:37</date>
>> </Course>
>> <State>California</State>
>> <TX>
>> <time>20020902 00:13:24</time>
>> <status>A</status>
>> <Enroll>Y</Enroll>
>> </TX>
>> </Data>
>> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>> <SignedInfo>
>> <CanonicalizationMethod
>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-200103
>> 15" />
>> <SignatureMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
>> />
>> <Reference URI="#msg.194549.signedook">
>> <DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> <DigestValue></DigestValue>
>> </Reference>
>> </SignedInfo>
>> <SignatureValue/>
>> <KeyInfo>
>> </KeyInfo>
>> </Signature>
>> </SecondTop>
>> </Top>
>>
>>
>> Key:
>> ==============================
>> -----BEGIN RSA PRIVATE KEY-----
>> MIIBOwIBAAJBAOfDoFCPxDstNv7rBqK+B9s2kU+S2JX8xWwu8mF/hbNn35EtHCz4
>> 8sLANc2yFZx4/OaoTTdbCwPEpZlG3G9y6QkCAwEAAQJAA/CFVxk6gq8AElE4aafF
>> RmqlCa87U0Fasb4SjKm4QhZnovu+3ipCku2QHjAejTNWDOrV5A6GEWJXMP5GkZDX
>> AQIhAP0eADYcJbzGdvg9QinSe73jNKaJSD/EhUh/IOsWVkVRAiEA6mdeHFHUa3x8
>> BCu6qq5wUcyOH1ne1HXYvVALYugvWjkCID4D8LdRNCnJUnLFx4Uprem7VjYLYqlF
>> BAbcJvuSUHbRAiEAs3DyMIfML4Sag67eNW9YeKY5XnK0DL0ycKpoLQ1FwrECIQCB
>> o+JQ0HvhH+v7f21QWTxA6yd+T2cPlKMTUbK6Mn+AdA==
>> -----END RSA PRIVATE KEY-----
>>
>>
>> __________________________________________________
>> Do you Yahoo!?
>> New DSL Internet Access from SBC & Yahoo!
>> http://sbc.yahoo.com
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list