AW: AW: AW: [xmlsec] Problems verifing digest value

Lehnert, Hartmut Lehnert at
Fri Oct 17 08:34:08 PDT 2003

Yes, you're right! (Sorry for not reading :-( ) 
But is there any solution for this problem? How can the
in-memory-representation be transformed before calculating the hash value so
that the hash created over the in-memory-representation matches the hash
value created over the canonicalized file representation?

Thank you VERY much for this answer;-)


-----Ursprüngliche Nachricht-----
Von: Aleksey Sanin [mailto:aleksey at] 
Gesendet: Freitag, 17. Oktober 2003 17:03
An: Lehnert, Hartmut
Cc: xmlsec at
Betreff: Re: AW: AW: [xmlsec] Problems verifing digest value

Canonicalization does preserve spaces. Read the spec, please.
I guess that you are creating document (or part of it) in memory, sign it,
after that you adding spaces when you are writing document out. And
signature on the result fails, of course.

Now when you sign the document *with spaces* from disk and then verify it
everything works just fine.


Lehnert, Hartmut wrote:

>Hello Aleksey,
>I cannot believe that this can be a problem here, because before 
>creating any hashs or signatures the canonicalization is performed at 
>first - on all references (I think;-)). So why should it make a 
>difference if I create the complete signature node in memory and then 
>call "xmlSecDSigCtxSign" (which performs all transformations) or if I 
>read the XML file, then create all nodes in memory and then also call 

More information about the xmlsec mailing list