[xmlsec] FW: Invalid Signature - possible whitespace handling
problem
Rich Salz
rsalz at datapower.com
Thu Nov 20 17:22:03 PST 2003
XML DSIG works through an extra level of indirection. Each object
being signed is covered by a digest in a dsig:Reference, then all
the references are covered by hashing and signing them into the
SignedInfo structure.
If MSXML is changing whitespace within the SignedInfo elements, then
the signature will break. You need to tell MSXML to do the equivalent
of "xml:space='preserve'"
> Actually, this is exactly what I am experiencing. The only thing I (not
> me actually, but the MSXML) am removing is the CR and tabs between the tags
> of the SignedInfo structure and it is breaking XMLSec verificaion.
This is the correct behavior (for verifying the sig; I won't comment
on MSXML :)
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
More information about the xmlsec
mailing list