Re: Problem with verification of .NET signed XML

Vishal Mahajan Wed, 31 Mar 2004 05:18:47 -0800

I think (I am not sure) that this might be happening because of the namespace attributes cascading that's done by apache dsig library on the xml document. This, combined with the fact that there's no canonicalization transform inside the signed-info-reference (ds:Reference) might be resulting in the interop problem that you are facing. It would be interesting to know, what happens when you perform a canon transform on the signature input to be digested.

Vishal

GANDHIRAJAN,AYYAPPAN (HP-India,ex2) wrote:

Oop! I forgot to attach the xml message. Please here you go!
Thanks & Regards,
Ayyappan Gandhirajan
---------------------------------------------
Office: 91.80.2225.1554 Extn 1472
Mobile: 91.94483.14969
E-Mail: [EMAIL PROTECTED]
-----------------------------------------------
-----Original Message----- From: GANDHIRAJAN,AYYAPPAN (HP-India,ex2) Sent: Wednesday, March 31, 2004 4:52 PM To: '[EMAIL PROTECTED]' Subject: RE: Problem with verification of .NET signed XML

Hi Berin,

Thanks for your mail.

My client is written using .NET. It creates an XML envelope and sign it.
My server is written in apache xml security. It verifies the signed xml
messages, which was sent by the client. The "boolean verify =
sig1.checkSignatureValue(sig1.getKeyInfo().getPublicKey())" statement always
return false. The digest value generated is different from the digest value
present in the xml message.
Please find the attached signed xml mesage.
Thanks & Regards,
Ayyappan Gandhirajan
---------------------------------------------
Office: 91.80.2225.1554 Extn 1472
Mobile: 91.94483.14969
E-Mail: [EMAIL PROTECTED]
-----------------------------------------------
-----Original Message-----
From: Berin Lautenbach [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 31, 2004 4:31 PM
To: [EMAIL PROTECTED]
Subject: Re: Problem with verification of .NET signed XML
The Object element is simply an artifact for including information to be signed or to be used in the signature inside the Signature element. It is not directly included in any signture operation.

How is the signature breaking?
Cheers,
        Berin
GANDHIRAJAN,AYYAPPAN (HP-India,ex2) wrote:

Folks,

Though I have been working with XML security for the past four months, I have never used "<Object>" tag inside <Signature> element. Can anyone of

you
please tell me as to what is this Object tag and how it affects the
signature verification functionlaity?
I have used apahe XML security to sign and verify the digital signature.
When both server and client are using apache libraries, the functionlity
worksfine. When I generated the signed xml using .NET, the functionlity
breaks. I see one extra <Object> inside the <Signature> element. The
interoperability seems to be a problem here. Can someone help me in
resolving this?
Thanks & Regards, Ayyappan Gandhirajan --------------------------------------------- Office: 91.80.2225.1554 Extn 1472 Mobile: 91.94483.14969 E-Mail: [EMAIL PROTECTED] ----------------------------------------------- <<dotNETsignedMsg.xml>>

Re: Problem with verification of .NET signed XML

Reply via email to