[xmlsec] sha1sum DigestValue

Aleksey Sanin aleksey at aleksey.com
Thu Jun 25 06:59:21 PDT 2009


http://www.w3.org/TR/xmldsig-core/#sec-MessageDigests

 > A SHA-1 digest is a 160-bit string. The content of the DigestValue
 > element shall be the base64 encoding of this bit string viewed as
 > a 20-octet octet stream.

Aleksey

Kai Hendry wrote:
> Trying to understand why xmlsec1 is not giving back the right sha1sum
> for a PNG file (avoiding canonicalisation problems hopefully).
> 
> wget http://www.w3.org/Icons/w3c_home -O w3c.png
> 
> <?xml version="1.0" encoding="UTF-8"?>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>   <SignedInfo>
>     <CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
> 	<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
>     <Reference URI="w3c.png">
> 		<DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#"
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>       <DigestValue></DigestValue>
>     </Reference>
>   </SignedInfo>
>   <SignatureValue>
>   </SignatureValue>
>   <KeyInfo>
>     <X509Data>
>     </X509Data>
>   </KeyInfo>
> </Signature>
> 
> 
> xmlsec1 sign --store-references --pkcs12 keys/dsakey.p12 --pwd secret
> --output my.sig works.xml
> 
> 
> <?xml version="1.0" encoding="UTF-8"?>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>   <SignedInfo>
>     <CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> 	<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
>     <Reference URI="w3c.png">
> 		<DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#"
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>       <DigestValue>+/MTaoTmyGkFLCGarzDR6xi2DZM=</DigestValue>
>     </Reference>
>   </SignedInfo>
>   <SignatureValue>XoFbr03fGd9mvSbAb3qyVlb6iDk8wGovSI3TXuvpYgVxz6H+1VjQUw==</SignatureValue>
>   <KeyInfo>
>     <X509Data>
> 
> 
> 
> hendry at x61 xmldigsig$ sha1sum w3c.png
> fbf3136a84e6c869052c219aaf30d1eb18b60d93  w3c.png
> 
> 
> Why isn't the DigestValue +/MTaoTmyGkFLCGarzDR6xi2DZM= not
> fbf3136a84e6c869052c219aaf30d1eb18b60d93  ?
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec


More information about the xmlsec mailing list