[xmlsec] Re: A question about XMLSec internals

Aleksey Sanin aleksey at aleksey.com
Wed Mar 26 08:43:09 PST 2003

Please read the spec: the XML node set is serialized to binary stream 
using "canonicalization".
In this particular case, this means that "xmlns=...." would be added to 
<Object/> node.
Try "--print-all" option for xmlsec utility, it'll show you what 
*exactly* was signed
(this option works with "verify" command only).


Juan Vassallo wrote:

>Hello Aleksey,
>Im using xmlsec to sign a small xml, which gives me this result:
><?xml version="1.0"?>
><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>        <SignedInfo>
>                <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>                <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>                <Reference URI="#dato">
>                        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>                        <DigestValue>SYTZaLPmi5a8xs/+tGm3YxxcU7E=</DigestValue>
>                </Reference>
>        </SignedInfo>
>        <SignatureValue>p07rV1zErKFQaCM/5l6ajJxdzqb7lA0KLO5p8qCpISkvWaPgAphMF3Aef4y0mNUG0evqHjWJPBpXtlWK7opGww==</SignatureValue>
>        <Object Id="dato">H</Object>
>I would like you to tell me how does the library calculate the sha1
>hash, since as iŽve been checking it is not:
>sha1("H") or sha1("<Object Id="dato">H</Object>") neither
>IŽve been reading the library source code but i was unable to find the
>way in which you gather the information being hashed with sha1.
>Best regards,
> Juan Vassallo

More information about the xmlsec mailing list