[xmlsec] Invalid Signature - possible whitespace handling problem

Edward Shallow ed.shallow at rogers.com
Thu Nov 20 15:48:22 PST 2003

Please read my post again. I have changed nothing in the references
themselves. This is clear in the eMail post. The only thing changed is the
<ds:Signature> structure itself, also explained clearly in the post.

Please re-read the problem report again, and give your die -hard fans the
benefit of the doubt. Your explanation below is obvious. It is also way off
the mark.


-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
Sent: November 20, 2003 5:34 PM
To: Edward Shallow
Cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] Invalid Signature - possible whitespace handling

>in the good one has all white space preserved and intact. That is all 
>tabs and carriage returns are left intact. Exactly as XMLSec returns 
>it. The bad <ds:Signature ...> block has had xml white space handling 
>performed on it after it was returned from XMLSec, by InfoPath :( . 
>That is carriage returns and tabs have been removed and most of the 
>lines are now strung out on 1 line.
I believe Rich already answered you but let me summarize. You have a
Document signed by XMLSec. After that you perform *some* changes in the
document. And signature verification fails. Digital signatures are used to
detect *exactly* that situation. And I think everything happens "as

But since you are asking this question, I guess you think that
adding/removing tabs or spaces is not a big deal for XML. However, this is
*not* the case. 
Whitespaces are important!
For example, consider these two XML fragments:

       <WelcomeMessage>Hello, user!</WelcomeMessage>

                        Hello, user!

It might have happened that someone *intentionally* left spaces to move
"Hello, user!' string N chars from left side. XML has no way of knowing


More information about the xmlsec mailing list