[xmlsec] Xml Signature verification failure

Aleksey Sanin aleksey at aleksey.com
Tue Jun 17 08:27:31 PDT 2003


Please read section 3.2 from the FAQ
    http://www.aleksey.com/xmlsec/faq.html
You have to use DTD if you want to use ID attributes. Also the xmlsec
command line utility has nice options "--store-references" and
"--store-signatures". These options allow you to get the pre-digested
or pre-signed raw data. Use these options with your files and
see what is wrong.


Aleksey


Tsai Kun Lai(Ecom) wrote:

>Hi  Aleksey:
>
>  I am trying XPath implementation. I use your xmlsec library(1.0.2),
>, to sign a XPath template xml file. And then I paste it onto infomosaic
>online verification page
>	http://www.infomosaic.net/XMLSign/SecureXMLWSInfo.htm
>  
>  But the result shows that the digestvalue computation is wrong. In
>this case, xpath selects self::* , which contains only the context node
>itself, so the nodeset shall be "<Object></Object>". After C14N normalization,
>it would be "<Object xmlns="http://www.w3.org/2000/09/xmldsig#"></Object>"
>But from the digestvalue, I guess the output before digesting is "<Object></Object>"
>(I directly compute "<Object></Object>" with sha1 and derive the same digestvalue.)
>Do I mistakenly use your library? Would you like to point out what I make a mistake?
>Thank you very much..
>
>  
>




More information about the xmlsec mailing list