[xmlsec] Invalid Signature - possible whitespace handling problem
ed.shallow at rogers.com
Thu Nov 20 15:48:22 PST 2003
Please read my post again. I have changed nothing in the references
themselves. This is clear in the eMail post. The only thing changed is the
<ds:Signature> structure itself, also explained clearly in the post.
Please re-read the problem report again, and give your die -hard fans the
benefit of the doubt. Your explanation below is obvious. It is also way off
From: Aleksey Sanin [mailto:aleksey at aleksey.com]
Sent: November 20, 2003 5:34 PM
To: Edward Shallow
Cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] Invalid Signature - possible whitespace handling
>in the good one has all white space preserved and intact. That is all
>tabs and carriage returns are left intact. Exactly as XMLSec returns
>it. The bad <ds:Signature ...> block has had xml white space handling
>performed on it after it was returned from XMLSec, by InfoPath :( .
>That is carriage returns and tabs have been removed and most of the
>lines are now strung out on 1 line.
I believe Rich already answered you but let me summarize. You have a
Document signed by XMLSec. After that you perform *some* changes in the
document. And signature verification fails. Digital signatures are used to
detect *exactly* that situation. And I think everything happens "as
But since you are asking this question, I guess you think that
adding/removing tabs or spaces is not a big deal for XML. However, this is
*not* the case.
Whitespaces are important!
For example, consider these two XML fragments:
It might have happened that someone *intentionally* left spaces to move
"Hello, user!' string N chars from left side. XML has no way of knowing
More information about the xmlsec