Hi Berin,
Maybe for me, a solution would be eliminate all line feeds and carriage returns in the Signature element. So, the xml can be indented and before the validation i can clean up again this LF/CR. is it posible? is there any posibility to configure the API like this? thanks again! El mar, 13 de 02 de 2007 a las 09:32, Berin Lautenbach escribió: > You need to do your indenting before you sign, which means you can > really only indent your own XML prior to attaching the signature node. > The library handles the indenting of the <Signature> elements. Off the > top of my head I'm not sure how much control you can have of that for > the Java library. For the C++ library you can turn indenting on and > off, but when it's on there no way to tell it how to indent. > > The merlin signature below was all indented before the final signature > was made. If you were to change even one space in the indenting, the > signature would fail. > > Cheers, > Berin > > Jorge Martín Cuervo wrote: > > Hola Raul > > > > i understand, but after check the xml files used in the samples i found > > several like this in merlin directory: > > > > <?xml version="1.0" encoding="UTF-8"?> > > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> > > <SignedInfo> > > <CanonicalizationMethod > > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; /> > > <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; > > /> > > <Reference URI="http://www.w3.org/TR/xml-stylesheet";> > > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> > > <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue> > > </Reference> > > </SignedInfo> > > <SignatureValue> > > KTe1H5Hjp8hwahNFoUqHDuPJNNqhS1U3BBBH5/gByItNIwV18nMiLq4KunzFnOqD > > xzTuO0/T+wsoYC1xOEuCDxyIujNCaJfLh+rCi5THulnc8KSHHEoPQ+7fA1VjmO31 > > 2iw1iENOi7m//wzKlIHuxZCJ5nvolT21PV6nSE4DHlA= > > </SignatureValue> > > <KeyInfo> > > <KeyName>Lugh</KeyName> > > </KeyInfo> > > </Signature> > > > > I seems to be indented, and (i supose) still works. How did Merlin get > > that signatures? > > > > thanks > > > > El lun, 12 de 02 de 2007 a las 18:32, Raul Benito escribió: > >> /Hola Jorge, > >> > >> Sorry no luck, If you change the signature it will be void. No matter > >> what books have told, spaces are an important part of the XML. And it > >> means a lot. You cannot change it without changing the signature. > >> > >> Regards, > >> > >> Raul > >> > >> On 12 Feb 2007 12:00:20 +0100, *Jorge Martín Cuervo* > >> <//[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > >> wrote: / > >> > >> / Hi all, > >> > >> I want to create a signature inside an xml file, i use several > >> transforms to get a portion of the original xml with xpath, and to > >> canonize. I decided to don't attach the public keys. > >> > >> > >> / > >> > >> /<?xml version="1.0" encoding="UTF-8"?> > >> <hr:Candidate xmlns:df="http://defactops.com"; > >> xmlns:hr="http://ns.hr-xml.org/2004-08-02"; xmlns:xs=" > >> http://www.w3.org/2001/XMLSchema"; > >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > >> <hr:CandidateRecordInfo> > >> <hr:Id> > >> <hr:IdValue name="id">1158138667963</hr:IdValue> > >> </hr:Id> > >> <hr:Id> > >> <hr:IdValue name="version"> > >> 0.9.0</hr:IdValue> > >> </hr:Id> > >> <hr:Id> > >> <hr:IdValue name="model">0.9.0</hr:IdValue> > >> </hr:Id> > >> <hr:Id> > >> <hr:IdValue name="host"> > >> 127.0.0.1 <http://127.0.0.1></hr:IdValue> > >> </hr:Id> > >> </hr:CandidateRecordInfo> > >> <hr:CandidateProfile> > >> > >> [...] > >> </hr:UserArea> > >> <HRSignature id="protean-xmldsig-01"><ds:Signature xmlns:ds=" > >> http://www.w3.org/2000/09/xmldsig#";> > >> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > >> <ds:CanonicalizationMethod > >> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; > >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> > >> <ds:SignatureMethod Algorithm=" > >> http://www.w3.org/2000/09/xmldsig#dsa-sha1"; xmlns:ds=" > >> http://www.w3.org/2000/09/xmldsig#"/> > >> <ds:Reference URI="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > >> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > >> <ds:Transform Algorithm=" > >> http://www.w3.org/2002/06/xmldsig-filter2"; xmlns:ds=" > >> http://www.w3.org/2000/09/xmldsig#";> > >> <dsig-xpath:XPath Filter="intersect" xmlns:dsig-xpath=" > >> > >> http://www.w3.org/2002/06/xmldsig-filter2";>/hr:Candidate/hr:CandidateRecordInfo</dsig-xpath:XPath> > >> </ds:Transform> > >> <ds:Transform Algorithm=" > >> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"; > >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> > >> </ds:Transforms> > >> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> > >> <ds:DigestValue xmlns:ds=" > >> > >> http://www.w3.org/2000/09/xmldsig#";>ICBDC9GdWcp8S373I1jlKCilSbI=</ds:DigestValue> > >> </ds:Reference> > >> > >> </ds:SignedInfo> > >> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig# > >> > >> ">l0N6Ll3/tlSoBz26QdIHyWMA1D95xcPClBz8oy8y7Oj69QQxTVF9GA==</ds:SignatureValue> > >> </ds:Signature></HRSignature></hr:Resume> > >> </hr:Candidate>/ > >> > >> / > >> It works pretty well, (the sign and the verification process) but, > >> when i indent the whole file, the *Signature* element content is > >> indented too and the validation process fails. > >> > >> is there any way to canonice the Signature element? is this a > >> common problem? how can i solve this? > >> > >> > >> thank you! > >> > >> pd: i'm new in this mailing list, and sorry if this issue was > >> commented before./ > >> > >> -- > >> ;-) > >> ____________________________________ > >> Jorge Martin Cuervo > >> Analista Programador > >> > >> Outsourcing Emarketplace > >> deFacto Powered by Standards > >> > >> email < > >> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > >> voz +34 985 129 820 > >> voz +34 660 026 384 > >> ____________________________________ > >> > >> / > >> > >> > >> -- // > >> http://r-bg.com/ > > > > -- > > ;-) > > ____________________________________ > > Jorge Martin Cuervo > > Analista Programador > > > > Outsourcing Emarketplace > > deFacto Powered by Standards > > > > email <[EMAIL PROTECTED]> > > voz +34 985 129 820 > > voz +34 660 026 384 > > ____________________________________ > > -- ;-) ____________________________________ Jorge Martin Cuervo Analista Programador Outsourcing Emarketplace deFacto Powered by Standards email <[EMAIL PROTECTED]> voz +34 985 129 820 voz +34 660 026 384 ____________________________________
