[xmlsec] Canonicalization and sha1 of a document part with xmlsec1
Si St
sigbj-st at operamail.com
Fri Nov 11 10:05:05 PST 2011
Is sha1 in xmlsec1 after the canonicalization of the xmlfile-docpart to
sign identical to this:
cat xmlfile-docpart | openssl dgst -sha1 -binary | openssl enc -base64 >
xmlfile-docpart-digest
?
If xmlfile-docpart is as simple as the following (letting out the
signaturepart):
<?xml version="1.0" encoding="ISO-8859-1"?>
<MsgHead>
<Document>
<Krav/>
</Document>
</MsgHead>
then the C14N of it cannot give anything more than this:
<MsgHead>
<Document>
<Krav></Krav>
</Document>
</MsgHead>
but doing the sha1 with openssl on this postC14N file (done with xmllint
--c14n),we get this digestvalue :
tkuyB5MHizGiQsl9ljG+YcPogOA=
the digestvalue from running xmlsec1 sign on the preC14N+sigpart file
give this:
pKl5h5ALLpm57qM8FeuQSaa4Ogk=
Does this mean the xmldsig#sha1 is something different from 'sha1sum'
and 'openssl -sha1'?
In case, what is the difference? That C14N puts in (empty) elements from
a xsd-scheme, or what?
I am talking about the DigestValue from the document part here, not the
DigestValue of the SignedInfo that disappears in the SignatureValue.
I thought that SHA1 = SHA1. Period.
--
Si St
sigbj-st at operamail.com
--
http://www.fastmail.fm - Choose from over 50 domains or use your own
More information about the xmlsec
mailing list