[xmlsec] Bad digest in #Manifest

Aleksey Sanin aleksey at aleksey.com
Thu Apr 3 09:37:13 PDT 2014


Try "--store-references" option to see what exactly was signed. Just
looking at the file, the DigestValue inside the #Manifest subtree looks
suspicious.

Aleksey

On 4/3/14, 5:46 AM, François Plou wrote:
> Hi,
> 
> I am facing an issue trying to sign an xml document which makes
> reference to an external file.
> xmlsec1 gives me a digest for the URI=#Manifest which is not verified by
> tool like Apache XML Security.
> I am pretty sure there is something missing in the XML document I give
> to xmlsec but can't figure what.
> 
> I sign the document named acmt.007.001.02_1.skel.1sign.object2.xml.
> The command I use is : xmlsec1 -- sign --output fpl.xml --privkey <key>
> acmt.007.001.02_1.skel.1sign.object2.xml
> The output document is fpl.xml
> 
> The digest which is not the same as the one computed by Apache XML
> Security is 2jmj7l5rSw0yVb/vlWAYkK/YBwk=
> Apache Security is expecting M3eHHYZ3d//5HW/Gp583TrV/K4I=
> 
> I found that the expecting digest match the manifest3.xml file enclosed
> (I built it manually).
> So it seems xmlsec is not creating the same manifest part.
> 
> Do you have any idea what can be wrong in my
> acmt.007.001.02_1.skel.1sign.object2.xml file ? Do I need to add a
> transform ?
> 
> Thanks for your help.
> 
> Francois
> 
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
> 


More information about the xmlsec mailing list