[xmlsec] Invalid Signature - possible whitespace handling problem

Edward Shallow ed.shallow at rogers.com
Thu Nov 20 09:15:18 PST 2003

Hi Aleksey,

    I have another weird one here. Here are 2 attached signed files. The one
with the .signed suffix verifies correctly, the other does not. See error
response below. They are identical in their post transform digest values.
i.e.  Lh3uTtblNX5tAzyHT7UfQTVlJNs=

    The only difference is that the actual <ds:Signature ...> block in the
good one has all white space preserved and intact. That is all tabs and
carriage returns are left intact. Exactly as XMLSec returns it. The bad
<ds:Signature ...> block has had xml white space handling performed on it
after it was returned from XMLSec, by InfoPath :( . That is carriage returns
and tabs have been removed and most of the lines are now strung out on 1

    *** This is the case for only the <ds:Signature ...> block ***, the
signed data are identical in every respect, as per digest values.

    The target of the sign operation is the same in both cases and excludes
the entire signatures section.

    Do you see an XMLSec Verify problem here. I tried using
xml:space="preserve" on the signature block to no avail.


Equivalent command line used on both files looks like this:

xmlsec verify --crypto mscrypto
xmlsec verify --crypto mscrypto

Verify results look like this:

C:\epmsigner-dev\XMLSec>xmlsec verify --crypto mscrypto
0:obj=rsa-sha1:subj=CryptVerifySignature:error=18:data do not
match:signature do not match;last error=-2146893818 (0x80090006);last error
msg=Invalid Signature.

SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
Error: failed to verify file "C:/epmsigner-dev/infopath/FFIEPMcompleted.xml"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: infopath.zip
Type: application/x-zip-compressed
Size: 63354 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20031120/76207f47/infopath.bin

More information about the xmlsec mailing list