AW: [xmlsec] Problems verifing digest value
Lehnert at secunet.de
Thu Oct 16 02:36:12 PDT 2003
it seems to be clear what mistake I made - but I'm no XML crack, so I still
wonder what the problem is. Can you explain it in more detail?
Von: Aleksey Sanin [mailto:aleksey at aleksey.com]
Gesendet: Mittwoch, 15. Oktober 2003 17:02
An: Lehnert, Hartmut
Cc: xmlsec at aleksey.com
Betreff: Re: [xmlsec] Problems verifing digest value
Check how to you serialize XML document. You *don't* want to format signed
Lehnert, Hartmut wrote:
I'm using xmlsec with my own crypto lib (smartcard signatures) to generate
XML signatures. The Signature node is generated dynamically - together with
a XAdES Object node containing SignedProperties (e.g. SigningTime). To use
these SignedProperties a Reference node is created below SignedInfo node.
I've also written an OpenSSL based verificator for the output docs of the
Now comes the problem: When I generate the complete Signature node
dynamically, the hash value for the SignedProperties cannot be reproduced by
the OpenSSL based application, but when I use the output of the first
application as an input with Signature node template (also for the first
application), then the output hash values now can all be verified by the
OpenSSL based application. An example for the input docs with Signature
template is appended to this email.
Do you have an idea?
Thank you very much.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 4460 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20031016/e7cbc6dd/attachment.bin
More information about the xmlsec