[xmlsec] XMLDSIG and MS CryptoAPI problem...
csaba.csabai at saveas.hu
Tue Jul 8 10:24:57 PDT 2003
Ok, then a bit more understandable, I hope: I want to write a program, what is able to generate itself an XMLDSIG without any other programs (means:xmlsec, xml-security,etc.) This program would use MS CryptoAPI for the crypto engine. The signature verify tools has a response, on the Signature what was generated by the program, its not ok. This is true, since I want to generate from the same content an xml signature, then out of the <SignatureValue> field, everything is identical with the good XML. Therefore sure, that the mistake IS the generated signature. I have looked other signatures generated by other programs (for ex. xmlsec). I did figure out, it is not the digest what have to be set by the CryptoAPI:CryptSignHash as an input (as hash data), but something else! (is it possible that there is something to vary on the source data?)
Finally, the major question is: if I see it correctly, that - the digitally signed hash and the hash in the <DigestValue> is not the same?
> -----Original Message-----
> From: Aleksey Sanin [mailto:aleksey at aleksey.com]
> Sent: 2003. július 8. 17:43
> To: xmlsec at aleksey.com
> Subject: Re: [xmlsec] XMLDSIG and MS CryptoAPI problem...
> >Yesterday I tried to write a mail about the case
> >as I can see it wasn't forwarded;
> You have to be subscribed to the mailing list to post to it.
> you'll have to wait till I would
> have time to go thru the spam garbage and manually allow this.
> >but it isn't a problem, because I was
> >able to step ahead. I think I am almost there, the "xmldsig"
> >is almost done, based on the "MS CryptoAPI", however I am
> >now a new error.
> I am not sure I clear understand what are you trying to do.
> <DigestValue/> contains the digested
> result of processing <Reference/> element (with all transforms!). The
> signature is applied later to
> the canonicalized <SignedInfo/> element. I would be happy to help you
> but I just don't understand
> your questions (hint, take a look at XML DSig spec for details on
> Signature generation).
> xmlsec mailing list
> xmlsec at aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec