Slightly odd. I'm encapsulating a signed document in another document, which is then being signed in its entirety. The code generating that final document is using Aleksey Sanin's C xmlsec library.
I then attempt to verify this file in Java code using the xml-security classes, which fails. Examining the pre-digest document, it appears that the DSAKeyValues in the embedded signature (*not* the one being verified) have changed from <ds:Y> QWNrbriCJdPiH5iIIbs5fTWZ7MEM/te4g/3aK8q8WtX2e+5eXX1KCA/00XDJc9stN4wIIb1izPd4 YVGO5nbI+n+TGfzxdg5V9dtSjx7DjRPBpT+CZ1ceAHqr/zTYRFD7ORcKfSJ8Y0II7rTLJjMrnraR bmiNJeYvTbXrh9dwvic= </ds:Y> in the original document (both pre-digest in libxmlsec and the final output) into <ds:Y>QWNrbriCJdPiH5iIIbs5fTWZ7MEM/te4g/3aK8q8WtX2e+5eXX1KCA/00XDJc9stN4wIIb1izPd4 YVGO5nbI+n+TGfzxdg5V9dtSjx7DjRPBpT+CZ1ceAHqr/zTYRFD7ORcKfSJ8Y0II7rTLJjMrnraR bmiNJeYvTbXrh9dwvic=</ds:Y> For anyone reading with a word wrapping mail client, the latter is one long line with the line-feeds adjacent to the entity tags missing and the mid-text line-feeds converted to spaces. It only seems to happen to those elements, but then they're the only ones containing significant amounts of text content. Is there a way to stop this from happening? Is it possibly something to do with code being aware that they're Base64 and assuming that it would be a transparent transformation? If I don't include the KeyValues in the original signed document, incidentally, it verifies without any problems. m, who has a feeling he saw this before, but can't remember what he did with it at the time.
