[xmlsec] DigestValue, xmlsec failure, need guidance.

Aleksey Sanin aleksey at aleksey.com
Thu Mar 11 08:34:31 PST 2004 

I am not sure I understand you. You don't have ID attribute in an element,
you can't add it because it'll break everything but you still want
to reference it as "#...."? I am not sure there is a way to do this
and I am not sure it's a good idea at all (from security point of view).

Aleksey


Artur BUJDOSO wrote on 3/11/2004, 4:17 AM:
> Is there a way to declare an ID attribute, if it's not present by 
> Id="Body" in the Referenced tag? I mean, I got <soapenv:Body> but no 
> <soapenv:Body Id="Body">. The latter is accepted by XMLSEC, but true, it 
> modifies the verified document. 
> 
> Artur 
> 
> Aleksey Sanin wrote: 
> 
> >If you modified the signed document then you'll 
> >get a different digest. Either use external DTD or 
> >declare ID attributes from your program as explained 
> >in the FAQ. 
> > 
> >Aleksey 
> > 
> > 
> >Artur BUJDOSO wrote on 3/10/2004, 10:30 AM: 
> >  
> > 
> >>Thanks for the reply. 
> >> 
> >>Yes, I've read it and tried to declare at the beginning at the document 
> >>the Reference ID, and even tried to replace the URI to ID. 
> >>Following (short) result: 
> >> 
> >>func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=164:obj=sha1:subj=unknown:error=12:invalid data:data and digest do not match 
> >> 
> >>The PreDigest data buffer, seems to contain the whole document, is this 
> >>normal? 
> >> 
> >>Since the author of the document generator admitted that he isn't sure about standards at all, it might be a wrong DigestValue. 
> >> 
> >>Artur 
> >> 
> >> 
> >> 
> >>Aleksey Sanin wrote: 
> >> 
> >>    
> >> 
> >>>Section 3.2 from the FAQ http://www.aleksey.com/xmlsec/faq.html 
> >>> 
> >>>Aleksey 
> >>> 
> >>>Artur BUJDOSO wrote on 3/10/2004, 7:25 AM: 
> >>> 
> >>> 
> >>>      
> >>> 
> >>>>func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 
> >>>>library function failed:expr=xpointer(id('Body')) 
> >>>>   
> >>>> 
> >>>>        
> >>>> 
> >>_______________________________________________ 
> >>xmlsec mailing list 
> >>xmlsec at aleksey.com 
> >>http://www.aleksey.com/mailman/listinfo/xmlsec 
> >>    
> >> 
> 
> _______________________________________________ 
> xmlsec mailing list 
> xmlsec at aleksey.com 
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list