[xmlsec] X509, verification of signature

Aleksey Sanin aleksey at aleksey.com
Tue Mar 15 10:36:44 PST 2005

The error indicates that one of the digests does not match. There
are two most common reasons for this error:
  - The document was actually modified (may be, accidentialy). For
  example, spaces or end-of-lines were inserted by a mailer program.
  - The C14N incompatibility either because the of difference in a way
  Phaos and xmlsec do C14N or because the C14N was done from different

If you have access to the code that does the signature, I would suggest
to do the following:
  - Make sure that document is not changed on the way.
  - Make sure that signature happens from the same context (e.g. inside
  the SOAP stuff).
  - Try C14N instead of exc C14N.
  - Get the c14n output from Phaos right before it digests it and compare
  with what xmlsec does (--store-references option for xmlsec command
  line utility).


More information about the xmlsec mailing list