[xmlsec] Re: A question about XMLSec internals
Aleksey Sanin
aleksey at aleksey.com
Wed Mar 26 08:43:09 PST 2003
Please read the spec: the XML node set is serialized to binary stream
using "canonicalization".
In this particular case, this means that "xmlns=...." would be added to
<Object/> node.
Try "--print-all" option for xmlsec utility, it'll show you what
*exactly* was signed
(this option works with "verify" command only).
Aleksey
Juan Vassallo wrote:
>Hello Aleksey,
>Im using xmlsec to sign a small xml, which gives me this result:
><?xml version="1.0"?>
><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <Reference URI="#dato">
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue>SYTZaLPmi5a8xs/+tGm3YxxcU7E=</DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>p07rV1zErKFQaCM/5l6ajJxdzqb7lA0KLO5p8qCpISkvWaPgAphMF3Aef4y0mNUG0evqHjWJPBpXtlWK7opGww==</SignatureValue>
> <Object Id="dato">H</Object>
></Signature>
>
>I would like you to tell me how does the library calculate the sha1
>hash, since as iŽve been checking it is not:
>sha1("H") or sha1("<Object Id="dato">H</Object>") neither
>sha1("<Object>H</Object>")
>IŽve been reading the library source code but i was unable to find the
>way in which you gather the information being hashed with sha1.
>
>
>Best regards,
> Juan Vassallo
>
>
More information about the xmlsec
mailing list