[xmlsec] FW: Invalid Signature - possible whitespace handling problem

Edward Shallow ed.shallow at rogers.com
Thu Nov 20 09:16:44 PST 2003


PostScript ...

With respect to below, I forgot to mention that the SignatureValue's are
identical in both cases as well.

Ed 

-----Original Message-----
From: Edward Shallow [mailto:ed.shallow at rogers.com] 
Sent: November 20, 2003 12:15 PM
To: 'xmlsec at aleksey.com'
Subject: Invalid Signature - possible whitespace handling problem

Hi Aleksey,

    I have another weird one here. Here are 2 attached signed files. The one
with the .signed suffix verifies correctly, the other does not. See error
response below. They are identical in their post transform digest values.
i.e.  Lh3uTtblNX5tAzyHT7UfQTVlJNs=

    The only difference is that the actual <ds:Signature ...> block in the
good one has all white space preserved and intact. That is all tabs and
carriage returns are left intact. Exactly as XMLSec returns it. The bad
<ds:Signature ...> block has had xml white space handling performed on it
after it was returned from XMLSec, by InfoPath :( . That is carriage returns
and tabs have been removed and most of the lines are now strung out on 1
line.

    *** This is the case for only the <ds:Signature ...> block ***, the
signed data are identical in every respect, as per digest values.

    The target of the sign operation is the same in both cases and excludes
the entire signatures section.

    Do you see an XMLSec Verify problem here. I tried using
xml:space="preserve" on the signature block to no avail.

Cheers,
Ed

Equivalent command line used on both files looks like this:

xmlsec verify --crypto mscrypto
C:/epmsigner-dev/infopath/FFIEPMcompleted.xml
xmlsec verify --crypto mscrypto
C:/epmsigner-dev/infopath/FFIEPMcompleted.signed.xml


Verify results look like this:

C:\epmsigner-dev\XMLSec>xmlsec verify --crypto mscrypto
C:/epmsigner-dev/infopath/FFIEPMcompleted.xml
func=xmlSecMSCryptoSignatureVerify:file=..\src\mscrypto\signatures.c:line=28
0:obj=rsa-sha1:subj=CryptVerifySignature:error=18:data do not
match:signature do not match;last error=-2146893818 (0x80090006);last error
msg=Invalid Signature.

FAIL
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
Error: failed to verify file "C:/epmsigner-dev/infopath/FFIEPMcompleted.xml"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: infopath.zip
Type: application/x-zip-compressed
Size: 63354 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20031120/52fff619/infopath.bin


More information about the xmlsec mailing list