[xmlsec] Signature verification

Aleksey Sanin aleksey at aleksey.com
Sun Nov 3 14:40:52 PST 2002

I would change my word: the RSA signature MIGHT be different (and DSA is 
still MUST).
However, I have to admit that in the XMLDSig case RSA signatures will be 
the same
because a const FF padding is used
Sorry for confusion, last time I read this spec few months ago and 
forgot details.

I would recommend you to check that you use correct padding and the 
signature format
in MS Cryptoapi. I would not be surprised if there are some flags needs 
to be set.

There is not command line option to print out the digest before 
signature but you can set
a break point in "xmlSecSignRsaSha1Sign" function in the rsa.c file just 
before RSA_sign() call.


Gregor Ibic wrote:

>Sure that I compare base64 values. They should not be different!!!
>I compute the signature on the same document with same algorithm, only with
>MS Cryptoapi.
>I use the same key for signing so it has to be the same signature.
>Im using RSA and SHA1 for signature.
>Sure I try to verify it. It fail, cause signature is different.
>I just wanted to know how to print digest of SignatureInfo?
>xmlsec mailing list
>xmlsec at aleksey.com

More information about the xmlsec mailing list