[xmlsec] FW: Invalid Signature - possible whitespace handling problem

Edward Shallow ed.shallow at rogers.com
Thu Nov 20 15:42:57 PST 2003


Hi Rich,

Rich wrote "... Not sure what you mean by "disturbed," but adding or
removing whitespace will significantly change the content of SignedInfo, and
break the signature.  Changing CR to LF and vice-versa will not..."

   Actually, this is exactly what I am experiencing. The only thing I (not
me actually, but the MSXML) am removing is the CR and tabs between the tags
of the SignedInfo structure and it is breaking XMLSec verificaion. I have
changed nothing within the references themselves. Are you saying, by your
2nd sentence, that this should be passing verification ? Indeed it is not.
If so we have a bug. Check out the attachments.

Ed    

-----Original Message-----
From: Rich Salz [mailto:rsalz at datapower.com] 
Sent: November 20, 2003 3:28 PM
To: Edward Shallow
Cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] FW: Invalid Signature - possible whitespace handling
problem

> Behaviour is very predictable. If any tabs or CRs or LFs are disturbed 
> within the SignedInfo element or any of its child elements, 
> verification fails. The rest of the signature elements are not 
> affected by tab CR or LF removal or insertion.

Not sure what you mean by "disturbed," but adding or removing whitespace
will significantly change the content of SignedInfo, and break the
signature.  Changing CR to LF and vice-versa will not.

> Knowing you, this is probably exactly what the specification call for. 
> Is this so ?

Yes.
	/r$

--
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html





More information about the xmlsec mailing list