AW: AW: [xmlsec] Problems verifing digest value

Lehnert, Hartmut Lehnert at secunet.de
Fri Oct 17 02:39:58 PDT 2003


Hello Aleksey,
I cannot believe that this can be a problem here, because before creating
any hashs or signatures the canonicalization is performed at first - on all
references (I think;-)). So why should it make a difference if I create the
complete signature node in memory and then call "xmlSecDSigCtxSign" (which
performs all transformations) or if I read the XML file, then create all
nodes in memory and then also call "xmlSecDSigCtxSign"?

Hartmut

-----Ursprüngliche Nachricht-----
Von: Aleksey Sanin [mailto:aleksey at aleksey.com] 
Gesendet: Donnerstag, 16. Oktober 2003 18:16
An: Lehnert, Hartmut
Cc: xmlsec at aleksey.com
Betreff: Re: AW: [xmlsec] Problems verifing digest value


I am not sure exactly what is wrong. It's only my guess that when you 
are writing
XML document out you are inserting some formating (spaces, tabs, etc). This
changes the digest and signature verification fails. It's a common 
mistake to think
that spaces means nothing in XML file. Spaces *are* part of XML and 
*are* important.

Aleksey

Lehnert, Hartmut wrote:

>Hi Aleksey,
>it seems to be clear what mistake I made - but I'm no XML crack, so I 
>still wonder what the problem is. Can you explain it in more detail? 
>Thanks Hartmut
>
>  
>




More information about the xmlsec mailing list