[xmlsec] Whitespace issues when creating an XML document
dave at dchapman.com
Mon May 26 13:29:14 PDT 2008
Thanks for the reply.
I'm fully aware of the significance of whitespace, and the issue isn't
that I want "formatted" XML, it's that I want libxml2 to have the same
representation in RAM as the file will be when it is later written to
disk - so I can reliably create a signature for it.
But if there's no known solution to that (apart from saving to disk and
re-reading), then I guess I'll need to take it to the libxml2 devs.
Aleksey Sanin wrote:
> 1) Spaces are important in XML and XMLDSig
> 2) If you want to have "formatted" XML then you have to add spaces.
> 3) Sorry, but there is no way around it.
> Dave Chapman wrote:
>> I've ran into a problem when trying to create and verify a signature
>> for an XML document created in RAM, but haven't been able to find any
>> reports of others having similar problems, or any nicer solution than
>> the workaround I've used. Most examples/questions seem to relate to
>> adding signatures to already existing XML documents.
>> The signing code my program uses is based on the sign3.c example, and
>> the verification is based on verify3.c.
>> My program did the following, and the resulting document failed to
>> verify (data and digest mismatch):
>> 1) Create the XML document to be signed in RAM using the libxml2
>> functions xmlNewNode, xmlAddChild, xmlAddProp etc
>> 2) Sign the document with xmlSecDSigCtxSign()
>> 3) Write the document to disk with xmlSaveFormatFileEnc()
>> If I added the verification code to this program between steps 2) and
>> 3), instead of in a second program, then the verification worked.
>> This lead me to the conclusion that the issue was with libxml2 adding
>> whitespace to the document when saving it to disk.
>> Adding the workaround of saving the created document to disk, and then
>> reloading it before calculating and adding the signature fixed the
>> problem, but I'm hoping there's a nicer solution that avoids this
>> extra write/read step.
>> This is possibly more of a libxml2 question than xmlsec, but I'm
>> hoping that someone here has solved this problem previously, and that
>> having the question in the xmlsec mail archives will help others.
>> xmlsec mailing list
>> xmlsec at aleksey.com
More information about the xmlsec