[xmlsec] Bad digest in #Manifest

François Plou fplou at webank.fr
Thu Apr 3 05:46:44 PDT 2014


Hi,

I am facing an issue trying to sign an xml document which makes 
reference to an external file.
xmlsec1 gives me a digest for the URI=#Manifest which is not verified by 
tool like Apache XML Security.
I am pretty sure there is something missing in the XML document I give 
to xmlsec but can't figure what.

I sign the document named acmt.007.001.02_1.skel.1sign.object2.xml.
The command I use is : xmlsec1 -- sign --output fpl.xml --privkey <key> 
acmt.007.001.02_1.skel.1sign.object2.xml
The output document is fpl.xml

The digest which is not the same as the one computed by Apache XML 
Security is 2jmj7l5rSw0yVb/vlWAYkK/YBwk=
Apache Security is expecting M3eHHYZ3d//5HW/Gp583TrV/K4I=

I found that the expecting digest match the manifest3.xml file enclosed 
(I built it manually).
So it seems xmlsec is not creating the same manifest part.

Do you have any idea what can be wrong in my 
acmt.007.001.02_1.skel.1sign.object2.xml file ? Do I need to add a 
transform ?

Thanks for your help.

Francois

-------------- next part --------------
A non-text attachment was scrubbed...
Name: acmt.007.001.02_1.skel.1sign.object2.xml
Type: text/xml
Size: 2970 bytes
Desc: not available
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20140403/188fbce5/attachment.xml>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fpl.xml
Type: text/xml
Size: 3848 bytes
Desc: not available
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20140403/188fbce5/attachment-0001.xml>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: manifest3.xml
Type: text/xml
Size: 627 bytes
Desc: not available
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20140403/188fbce5/attachment-0002.xml>


More information about the xmlsec mailing list