[xmlsec] xmlsec and canonicalization

François Plou fplou at webank.fr
Wed Mar 19 01:45:15 PDT 2014


Thanks for your answer. I was looking in chapter 3.1 not 2.1 and the 
sample is confusing.


Le 18/03/2014 19:08, Alexwell Sandro a écrit :
> Canonical XMLVersion 1.0 does not remove linefeeds. Only normalize. 
> Windows put CRLF and Linux LF. C14N normalize to LF.
>
> See http://www.w3.org/TR/2001/REC-xml-c14n-20010315
> 2 XML Canonicalization
> 2.1 Data Model
> ...
> The XML processor performs the following tasks in order:
>
>  1. normalize line feeds
>
> ...
>
>
>
>
> On Tue, Mar 18, 2014 at 2:49 PM, François Plou <fplou at webank.fr 
> <mailto:fplou at webank.fr>> wrote:
>
>     Hi,
>
>     I am trying to sign an XML document where I add a linefeed between
>     two nodes.
>     To my understanding, according canonicalization (1.0), an xml
>     document like this :
>
>     <node>a</node>
>
>     <node>b</node>
>
>     must give the same digest and signature value as this one :
>
>     <node>a</node>
>     <node>b</node>
>
>     But this is not the case. When I use the option --store-reference,
>     the output show the extra line feed.
>
>     Below is my xml document :
>
>     <?xml version = "1.0" encoding = "UTF-8"?>
>     <Document xmlns = "urn:iso:std:iso:20022:tech:xsd:acmt.007.001.02" >
>         <AcctOpngReq>
>             <Refs>
>                 <MsgId>
>                     <Id>ABC/090928/CCT001</Id>
>     <CreDtTm>2010-09-28T14:07:00</CreDtTm>
>                 </MsgId>
>                 <PrcId>
>                     <Id>ABC/090928/CCT001</Id>
>     <CreDtTm>2010-09-28T14:07:00</CreDtTm>
>                 </PrcId>
>             </Refs>
>
>             <Acct>
>                 <Id>
>                     <Othr>
>                         <Id>NOREF</Id>
>                     </Othr>
>                 </Id>
>                 <Tp>
>                     <Cd>CASH</Cd>
>                 </Tp>
>                 <Ccy>USD</Ccy>
>     <MnthlyRcvdVal>200000</MnthlyRcvdVal>
>                 <MnthlyTxNb>100</MnthlyTxNb>
>                 <AvrgBal>10000</AvrgBal>
>             </Acct>
>             <CtrctDts>
>     <TrgtGoLiveDt>2010-10-02</TrgtGoLiveDt>
>             </CtrctDts>
>             <UndrlygMstrAgrmt>
>                 <Ref>ABC/Acct/BBBBUS33</Ref>
>                 <Vrsn>1.0</Vrsn>
>             </UndrlygMstrAgrmt>
>             <AcctSvcrId>
>                 <FinInstnId>
>                     <BICFI>BBBBUS33</BICFI>
>                 </FinInstnId>
>             </AcctSvcrId>
>             <Org>
>                 <FullLglNm>ABC Corporation</FullLglNm>
>                 <CtryOfOpr>US</CtryOfOpr>
>                 <RegnDt>1999-09-01</RegnDt>
>                 <LglAdr>
>                     <StrtNm>Times Square</StrtNm>
>                     <BldgNb>7</BldgNb>
>                     <PstCd>NY 10036</PstCd>
>                     <TwnNm>New York</TwnNm>
>                     <Ctry>US</Ctry>
>                 </LglAdr>
>                 <OrgId>
>                     <Othr>
>                         <Id>01256485-85</Id>
>                         <SchmeNm>
>                             <Prtry>TAX</Prtry>
>                         </SchmeNm>
>                     </Othr>
>                 </OrgId>
>                 <MainMndtHldr>
>                     <Nm>Richard Jones</Nm>
>                     <PstlAdr>
>                         <AdrTp>HOME</AdrTp>
>                         <StrtNm>La Guardia Drive</StrtNm>
>                         <BldgNb>12</BldgNb>
>                         <PstCd>NJ 07054</PstCd>
>                         <TwnNm>Parsippany</TwnNm>
>                         <Ctry>US</Ctry>
>                     </PstlAdr>
>                     <Id>
>                         <DtAndPlcOfBirth>
>     <BirthDt>1960-05-01</BirthDt>
>                             <CityOfBirth>New york</CityOfBirth>
>     <CtryOfBirth>US</CtryOfBirth>
>                         </DtAndPlcOfBirth>
>                     </Id>
>                 </MainMndtHldr>
>             </Org>
>             <DgtlSgntr>
>                 <Pty>
>                     <Nm>fplou</Nm>
>                 </Pty>
>                 <Sgntr>
>                     <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>                         <SignedInfo>
>                             <CanonicalizationMethod
>     Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>                             <SignatureMethod
>     Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
>                             <Reference URI="">
>                             <Transforms>
>                                 <Transform
>     Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
>                                 <Transform
>     Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
>                             </Transforms>
>                             <DigestMethod
>     Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>     <DigestValue></DigestValue>
>                             </Reference>
>                         </SignedInfo>
>                         <SignatureValue />
>                         <KeyInfo>
>                             <KeyValue />
>                         </KeyInfo>
>                     </Signature>
>                 </Sgntr>
>             </DgtlSgntr>
>         </AcctOpngReq>
>     </Document>
>
>     The ouput of --store-references is the following :
>
>     == PreDigest data - start buffer:
>     <Document xmlns="urn:iso:std:iso:20022:tech:xsd:acmt.007.001.02">
>             <AcctOpngReq>
>                     <Refs>
>                             <MsgId>
>     <Id>ABC/090928/CCT001</Id>
>     <CreDtTm>2010-09-28T14:07:00</CreDtTm>
>                             </MsgId>
>                             <PrcId>
>     <Id>ABC/090928/CCT001</Id>
>     <CreDtTm>2010-09-28T14:07:00</CreDtTm>
>                             </PrcId>
>                     </Refs>
>
>                     <Acct>
>                             <Id>
>                                     <Othr>
>     <Id>NOREF</Id>
>                                     </Othr>
>                             </Id>
>                             <Tp>
>                                     <Cd>CASH</Cd>
>                             </Tp>
>                             <Ccy>USD</Ccy>
>     <MnthlyRcvdVal>200000</MnthlyRcvdVal>
>     <MnthlyTxNb>100</MnthlyTxNb>
>     <AvrgBal>10000</AvrgBal>
>                     </Acct>
>                     <CtrctDts>
>     <TrgtGoLiveDt>2010-10-02</TrgtGoLiveDt>
>                     </CtrctDts>
>                     <UndrlygMstrAgrmt>
>     <Ref>ABC/Acct/BBBBUS33</Ref>
>                             <Vrsn>1.0</Vrsn>
>                     </UndrlygMstrAgrmt>
>                     <AcctSvcrId>
>                             <FinInstnId>
>     <BICFI>BBBBUS33</BICFI>
>                             </FinInstnId>
>                     </AcctSvcrId>
>                     <Org>
>                             <FullLglNm>ABC Corporation</FullLglNm>
>     <CtryOfOpr>US</CtryOfOpr>
>     <RegnDt>1999-09-01</RegnDt>
>                             <LglAdr>
>                                     <StrtNm>Times Square</StrtNm>
>     <BldgNb>7</BldgNb>
>                                     <PstCd>NY 10036</PstCd>
>                                     <TwnNm>New York</TwnNm>
>                                     <Ctry>US</Ctry>
>                             </LglAdr>
>                             <OrgId>
>                                     <Othr>
>     <Id>01256485-85</Id>
>                                             <SchmeNm>
>     <Prtry>TAX</Prtry>
>                                             </SchmeNm>
>                                     </Othr>
>                             </OrgId>
>                             <MainMndtHldr>
>                                     <Nm>Richard Jones</Nm>
>                                     <PstlAdr>
>     <AdrTp>HOME</AdrTp>
>                                             <StrtNm>La Guardia
>     Drive</StrtNm>
>     <BldgNb>12</BldgNb>
>                                             <PstCd>NJ 07054</PstCd>
>     <TwnNm>Parsippany</TwnNm>
>     <Ctry>US</Ctry>
>                                     </PstlAdr>
>                                     <Id>
>     <DtAndPlcOfBirth>
>     <BirthDt>1960-05-01</BirthDt>
>     <CityOfBirth>New york</CityOfBirth>
>     <CtryOfBirth>US</CtryOfBirth>
>     </DtAndPlcOfBirth>
>                                     </Id>
>                             </MainMndtHldr>
>                     </Org>
>                     <DgtlSgntr>
>                             <Pty>
>                                     <Nm>fplou</Nm>
>                             </Pty>
>                             <Sgntr>
>
>                             </Sgntr>
>                     </DgtlSgntr>
>             </AcctOpngReq>
>     </Document>
>     == PreDigest data - end buffer
>     == Result - start buffer:
>     v80V0QWK0r89EhOr4Kh4Q79ofZ/zYw2ReI4s8e0ebW4=
>     == Result - end buffer
>     == Manifest References List:
>     === list size: 0
>     == Result - start buffer:
>     ELC9j9/SaQ3VOcVcZBV4ZFpHsRU7jfc25gHCx9/CyCQBLyNF6yqfzLjTuvg9NAvF
>     HaDXuKhLvTjtEG1hgvuXXkyKFgJkA+pJrIKcOmpVMcwgR85MpZ/1BumxEeHPtHif
>     PQp9ngJmQ6PzC7P3FFmDfNGoY3gOyiK/s+IecGtqr+A5JwALFFNkXgEp96DBqF4P
>     d2HRNH0LbIw0IKQN+BckTOxeLFNQ269fP0AFuFxVp8fVQfhGuMJHlNnr3lX2WHjw
>     emqcEW4X/0vcFcoKUsvGRRwz7eFYjjMjrghaOWW+byPYQrHFOV7o0wN9UC8TCN9R
>     YXnL/c3Rx7P+QkX7/f7n4g==
>     == Result - end buffer
>
>
>     If I remove the line feed between :
>                   </Refs>
>
>                     <Acct>
>
>     The output is slightly different :
>
>     == PreDigest data - start buffer:
>     <Document xmlns="urn:iso:std:iso:20022:tech:xsd:acmt.007.001.02">
>             <AcctOpngReq>
>                     <Refs>
>                             <MsgId>
>     <Id>ABC/090928/CCT001</Id>
>     <CreDtTm>2010-09-28T14:07:00</CreDtTm>
>                             </MsgId>
>                             <PrcId>
>     <Id>ABC/090928/CCT001</Id>
>     <CreDtTm>2010-09-28T14:07:00</CreDtTm>
>                             </PrcId>
>                     </Refs>
>                     <Acct>
>                             <Id>
>                                     <Othr>
>     <Id>NOREF</Id>
>                                     </Othr>
>                             </Id>
>                             <Tp>
>                                     <Cd>CASH</Cd>
>                             </Tp>
>                             <Ccy>USD</Ccy>
>     <MnthlyRcvdVal>200000</MnthlyRcvdVal>
>     <MnthlyTxNb>100</MnthlyTxNb>
>     <AvrgBal>10000</AvrgBal>
>                     </Acct>
>                     <CtrctDts>
>     <TrgtGoLiveDt>2010-10-02</TrgtGoLiveDt>
>                     </CtrctDts>
>                     <UndrlygMstrAgrmt>
>     <Ref>ABC/Acct/BBBBUS33</Ref>
>                             <Vrsn>1.0</Vrsn>
>                     </UndrlygMstrAgrmt>
>                     <AcctSvcrId>
>                             <FinInstnId>
>     <BICFI>BBBBUS33</BICFI>
>                             </FinInstnId>
>                     </AcctSvcrId>
>                     <Org>
>                             <FullLglNm>ABC Corporation</FullLglNm>
>     <CtryOfOpr>US</CtryOfOpr>
>     <RegnDt>1999-09-01</RegnDt>
>                             <LglAdr>
>                                     <StrtNm>Times Square</StrtNm>
>     <BldgNb>7</BldgNb>
>                                     <PstCd>NY 10036</PstCd>
>                                     <TwnNm>New York</TwnNm>
>                                     <Ctry>US</Ctry>
>                             </LglAdr>
>                             <OrgId>
>                                     <Othr>
>     <Id>01256485-85</Id>
>                                             <SchmeNm>
>     <Prtry>TAX</Prtry>
>                                             </SchmeNm>
>                                     </Othr>
>                             </OrgId>
>                             <MainMndtHldr>
>                                     <Nm>Richard Jones</Nm>
>                                     <PstlAdr>
>     <AdrTp>HOME</AdrTp>
>                                             <StrtNm>La Guardia
>     Drive</StrtNm>
>     <BldgNb>12</BldgNb>
>                                             <PstCd>NJ 07054</PstCd>
>     <TwnNm>Parsippany</TwnNm>
>     <Ctry>US</Ctry>
>                                     </PstlAdr>
>                                     <Id>
>     <DtAndPlcOfBirth>
>     <BirthDt>1960-05-01</BirthDt>
>     <CityOfBirth>New york</CityOfBirth>
>     <CtryOfBirth>US</CtryOfBirth>
>     </DtAndPlcOfBirth>
>                                     </Id>
>                             </MainMndtHldr>
>                     </Org>
>                     <DgtlSgntr>
>                             <Pty>
>                                     <Nm>fplou</Nm>
>                             </Pty>
>                             <Sgntr>
>
>                             </Sgntr>
>                     </DgtlSgntr>
>             </AcctOpngReq>
>     </Document>
>     == PreDigest data - end buffer
>     == Result - start buffer:
>     zYybkjAuafmZgmnEbWItuE4Q1+u76x4I5HExyHThFe0=
>     == Result - end buffer
>     == Manifest References List:
>     === list size: 0
>     == Result - start buffer:
>     VsVLlG0KahJelXvXjo2Ozst5axBXxtWeR4So0P+PAAcOi6ihtTKc5oUUJjIEivbO
>     rCkdKuT4AFlbPEF8t4ErMAHS6iCP5JplF3zQA1YzVxGzmOQFRtpBookknF5wXu7H
>     adyr9dIuZPcudAX7ZV0R0iwRIJJwdZQgYvA4HgZJJ3eMlBj8K1Zp5WR4UbbkBacV
>     /dOnIIpRljd3YwxCnHp7hO6oizGOIkNhGbq6kkJ3ULGxWuT9/xy5IO64AV397PiK
>     R0VtvNDNXW2WFjLfJ3XBuaVUq2T/GVCB9tcXYPUh67wwqzAyiaHUcymYgg2CZ6kF
>     3eZvTwOjkVmrY7iYuAsqeQ==
>     == Result - end buffer
>
>     I am working on latest release of xmlsec and on Unix.
>
>     Is my understanding correct ?
>
>     Thanks.
>
>     Francois
>
>     _______________________________________________
>     xmlsec mailing list
>     xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>     http://www.aleksey.com/mailman/listinfo/xmlsec
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20140319/bb4c0f36/attachment-0001.html>


More information about the xmlsec mailing list