[xmlsec] sha1sum DigestValue

Kai Hendry kai.hendry at gmail.com
Thu Jun 25 06:49:19 PDT 2009 

Trying to understand why xmlsec1 is not giving back the right sha1sum
for a PNG file (avoiding canonicalisation problems hopefully).

wget http://www.w3.org/Icons/w3c_home -O w3c.png

<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
	<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
    <Reference URI="w3c.png">
		<DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#"
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
      <DigestValue></DigestValue>
    </Reference>
  </SignedInfo>
  <SignatureValue>
  </SignatureValue>
  <KeyInfo>
    <X509Data>
    </X509Data>
  </KeyInfo>
</Signature>


xmlsec1 sign --store-references --pkcs12 keys/dsakey.p12 --pwd secret
--output my.sig works.xml


<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
	<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
    <Reference URI="w3c.png">
		<DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#"
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
      <DigestValue>+/MTaoTmyGkFLCGarzDR6xi2DZM=</DigestValue>
    </Reference>
  </SignedInfo>
  <SignatureValue>XoFbr03fGd9mvSbAb3qyVlb6iDk8wGovSI3TXuvpYgVxz6H+1VjQUw==</SignatureValue>
  <KeyInfo>
    <X509Data>



hendry at x61 xmldigsig$ sha1sum w3c.png
fbf3136a84e6c869052c219aaf30d1eb18b60d93  w3c.png


Why isn't the DigestValue +/MTaoTmyGkFLCGarzDR6xi2DZM= not
fbf3136a84e6c869052c219aaf30d1eb18b60d93  ?

More information about the xmlsec mailing list