[xmlsec] Microsoft .NET compatibility

Aleksey Sanin aleksey at aleksey.com
Mon May 19 11:28:15 PDT 2003


Joseph Reagle (W3C XMLDSig Co-chair) was very interested in this 
problem. He contacted
MS guys and it seems that the behaiviour you are describing is not what 
they expect:

I heard generally that MS uses the XML parser normalization to normalize 
\r\n as per the XML 1.0 specification. They do not normalize line feeds in 
the XML Digital Signature code. However, they weren't sure about what 
exactly was the problem raised on the xmldsig list and I pointed them to 
your archives but haven't heard back.

As I wrote you in private mail before, it would be great if you can 
provide an example of xml and
source files that show the problem.  This will greatly help us to find 
the problem and fix it.

With best regards,

Rob Cronin wrote:

>Hi Aleksey,
>Okay, I've figured it all out, or at least I think so, and I was hoping you
>could help me in making the next step.  Here's what Microsoft does.  They
>take the data, remove all of the line feeds (which I thought was part of the
>canonicalization), and create a digest from that using ENC-C14N, but then
>put the data with the line feeds back into the soap request, and add the
>digest into the <SignedInfo> tag.  Then they take the <SignedInfo> tag and
>again, remove all of the line feeds in there, sign it, and then put the
>original <SignedInfo> back with the line feeds, and they add the new
>signature.  So if I remove all the line feeds from the data and from the
><SignedInfo> tag, xmlsec can verify the signature just fine.  Hence this
>document is verified fine by xmlsec

More information about the xmlsec mailing list