[xmlsec] Canonicalization and sha1 of a document part with xmlsec1
aleksey at aleksey.com
Fri Nov 11 10:07:00 PST 2011
Run the xmlsec1 utility with --store-references to see what exactly is sha'd
On 11/11/11 10:05 AM, Si St wrote:
> Is sha1 in xmlsec1 after the canonicalization of the xmlfile-docpart to
> sign identical to this:
> cat xmlfile-docpart | openssl dgst -sha1 -binary | openssl enc -base64>
> If xmlfile-docpart is as simple as the following (letting out the
> <?xml version="1.0" encoding="ISO-8859-1"?>
> then the C14N of it cannot give anything more than this:
> but doing the sha1 with openssl on this postC14N file (done with xmllint
> --c14n),we get this digestvalue :
> the digestvalue from running xmlsec1 sign on the preC14N+sigpart file
> give this:
> Does this mean the xmldsig#sha1 is something different from 'sha1sum'
> and 'openssl -sha1'?
> In case, what is the difference? That C14N puts in (empty) elements from
> a xsd-scheme, or what?
> I am talking about the DigestValue from the document part here, not the
> DigestValue of the SignedInfo that disappears in the SignatureValue.
> I thought that SHA1 = SHA1. Period.
More information about the xmlsec