Quoting Sean Mullan <[EMAIL PROTECTED]>:
Scott Cantor wrote:
The output of my debugging shows the SignedInfo as:
Using email for this is pointless. Any whitespace will throw off the result,
so you'd need to compare them byte for byte on your own.
Also, you are comparing it to what is in the Signature, this is wrong,
because that is the pre-canonicalized representation of SignedInfo. You
need to modify your signature generation application and dump the
canonicalized bytes (which is cached by the implementation) after you
generate the signature. Then do the same in your validation application
and compare the bytes.
--Sean
Unfortunately, the signature is being generated by a third party, and
after talking with them today, it turns out that the documents are
signed by an IBM xi50 appliance, so they don't have access to generate
the canonicalized SignedInfo.
Any other approaches that you can think of that I might take?
