Well, "use the source" :-)
The computation of all these digests are part of the xmlsec library.
Regards,
Werner
________________________________
Von: Shyam Shukla [mailto:[EMAIL PROTECTED]
Gesendet: Dienstag, 5. Dezember 2006 14:06
An: [email protected]; [email protected]
Betreff: Calculating the DigestValue over a URI
Hi All,
I am trying to figure out the way to calculate the <DigestValue>
in <Reference> tag. I went through the link
http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig>
and my findings are as below as per this document:
For each <Reference> in the <Signature> calculate the
<DigestValue> value by:-
1. Extract the portion of the document indicated in the
<Reference>.
2. Canonicalize
<mk:@MSITStore:E:\Shyam\Proserv%20Projects\Project%20Documents\UK_Gov\Po
rtal%20Pack2\Gateway%20Portal%20Pack%204.1.0.1%20Documentation.chm::/HTM
L/Concepts/Canonicalization.html> the extract.
3. Run the digest method referred to in <DigestMethod> over
the canonicalized extract (in this case the SHA1 digest).
4. Convert the binary digest to Base-64 and insert into
<DigestValue>
My question is not about how the digest is calculated, but on
what. For example,
<Header>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<Reference URI="#Body">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<DigestValue />
</Reference>
</SignedInfo>
<SignatureValue />
<KeyInfo>
<X509Data>
<X509Certificate />
</X509Data>
</KeyInfo>
</Signature>
</Header>
<Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
So as per the rule, results at each step are:
1- <Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
2- <Body Id="Body"><Timestamp>2006-May-04
20:16:21</Timestamp></Body>
3- The SHA1 on the data of step2
4- hI2M81Ns4JNPVeHVlBaxOtu8HPY=
I get "hI2M81Ns4JNPVeHVlBaxOtu8HPY=" as a DigestValue which is
different than the expected one, which is
"pV9SUz/WktNbDo+R4dW9MBuWDgs=".
Can anyone please tell me what is the data here (point 1) on
which the digest is calculated?
Best Regards,
Shyam Shukla
DISCLAIMER ========== This e-mail may contain privileged and
confidential information which is the property of Persistent Systems
Pvt. Ltd. It is intended only for the use of the individual or entity to
which it is addressed. If you are not the intended recipient, you are
not authorized to read, retain, copy, print, distribute or use this
message. If you have received this communication in error, please notify
the sender and delete all copies of this message. Persistent Systems
Pvt. Ltd. does not accept any liability for virus infected mails.
