I think this might be an important issue. The namespace attributes cascading is carried out by the Java dsig code even if canonicalization transformation is not required to be performed. Is this correct behavior?
Vishal
GANDHIRAJAN,AYYAPPAN (HP-India,ex2) wrote:
Hi Vishal,
Sometime back, there was a discussion going on about this cascading in one thread with subject "going from signing xml file with DTD to signing xml file with Schema". Do you any clue about the conclusion? Can't I somehow stop cascading?
Please do suggest me.
Thanks & Regards, Ayyappan Gandhirajan --------------------------------------------- Office: 91.80.2225.1554 Extn 1472 Mobile: 91.94483.14969 E-Mail: [EMAIL PROTECTED] -----------------------------------------------
-----Original Message----- From: Vishal Mahajan [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 6:55 PM To: [EMAIL PROTECTED] Subject: Re: Problem with verification of .NET signed XML
I think (I am not sure) that this might be happening because of the namespace attributes cascading that's done by apache dsig library on the xml document. This, combined with the fact that there's no canonicalization transform inside the signed-info-reference (ds:Reference) might be resulting in the interop problem that you are facing. It would be interesting to know, what happens when you perform a canon transform on the signature input to be digested.
Vishal
GANDHIRAJAN,AYYAPPAN (HP-India,ex2) wrote:
Oop! I forgot to attach the xml message. Please here you go!always
Thanks & Regards, Ayyappan Gandhirajan --------------------------------------------- Office: 91.80.2225.1554 Extn 1472 Mobile: 91.94483.14969 E-Mail: [EMAIL PROTECTED] -----------------------------------------------
-----Original Message-----
From: GANDHIRAJAN,AYYAPPAN (HP-India,ex2) Sent: Wednesday, March 31, 2004 4:52 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Problem with verification of .NET signed XML
Hi Berin,
Thanks for your mail.
My client is written using .NET. It creates an XML envelope and sign it.
My server is written in apache xml security. It verifies the signed xml
messages, which was sent by the client. The "boolean verify =
sig1.checkSignatureValue(sig1.getKeyInfo().getPublicKey())" statement
return false. The digest value generated is different from the digest value present in the xml message.
Please find the attached signed xml mesage.
Thanks & Regards, Ayyappan Gandhirajan --------------------------------------------- Office: 91.80.2225.1554 Extn 1472 Mobile: 91.94483.14969 E-Mail: [EMAIL PROTECTED] -----------------------------------------------
-----Original Message----- From: Berin Lautenbach [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 4:31 PM To: [EMAIL PROTECTED] Subject: Re: Problem with verification of .NET signed XML
The Object element is simply an artifact for including information to be signed or to be used in the signature inside the Signature element. It is not directly included in any signture operation.
How is the signature breaking?
Cheers, Berin
GANDHIRAJAN,AYYAPPAN (HP-India,ex2) wrote:
Folks,you
Though I have been working with XML security for the past four months, I
have never used "<Object>" tag inside <Signature> element. Can anyone of
please tell me as to what is this Object tag and how it affects the signature verification functionlaity?
I have used apahe XML security to sign and verify the digital signature. When both server and client are using apache libraries, the functionlity worksfine. When I generated the signed xml using .NET, the functionlity breaks. I see one extra <Object> inside the <Signature> element. The interoperability seems to be a problem here. Can someone help me in resolving this?
Thanks & Regards,
Ayyappan Gandhirajan
---------------------------------------------
Office: 91.80.2225.1554 Extn 1472
Mobile: 91.94483.14969
E-Mail: [EMAIL PROTECTED]
-----------------------------------------------
<<dotNETsignedMsg.xml>>
