[xmlsec] FW: Invalid Signature - possible whitespace handling problem

Rich Salz rsalz at datapower.com
Thu Nov 20 17:22:03 PST 2003

XML DSIG works through an extra level of indirection.  Each object
being signed is covered by a digest in a dsig:Reference, then all
the references are covered by hashing and signing them into the
SignedInfo structure.

If MSXML is changing whitespace within the SignedInfo elements, then
the signature will break.  You need to tell MSXML to do the equivalent
of "xml:space='preserve'"

>    Actually, this is exactly what I am experiencing. The only thing I (not
> me actually, but the MSXML) am removing is the CR and tabs between the tags
> of the SignedInfo structure and it is breaking XMLSec verificaion.

This is the correct behavior (for verifying the sig; I won't comment
on MSXML :)


Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

More information about the xmlsec mailing list