AW: Calculating the DigestValue over a URI

Tue, 05 Dec 2006 23:19:15 -0800 

Yes, indeed. AFAIK there is no other detailed description, except in the
W3C specifications, that describe how to compute and handle the
various Signature values (hashes). If there is a problem, e.g. a wrong
hash value or a wrong Signature then something in the implementation
must be wrong.
 
WSS4J uses the xmlsec library to perform Signature handling including
all necessary canonicalization steps and creation of new elements etc.
 
Thus to fully understand in detail what may go wrong it is a good idea
to look at the xmlsec implementation.
 
 
Regards,
Werner
 


________________________________

        Von: Shyam Shukla [mailto:[EMAIL PROTECTED] 
        Gesendet: Mittwoch, 6. Dezember 2006 05:53
        An: Dittmann, Werner; [email protected];
[email protected]
        Betreff: RE: Calculating the DigestValue over a URI
        
        

        Werner,

         

        You meant I should look at the source code of xmlsec library??

         

        Best Regards,
        Shyam Shukla
        

        
________________________________


        From: Dittmann, Werner [mailto:[EMAIL PROTECTED] 
        Sent: Tuesday, December 05, 2006 7:36 PM
        To: Shyam Shukla ; [email protected];
[email protected]
        Subject: AW: Calculating the DigestValue over a URI

         

        Well, "use the source" :-)

         

        The computation of all these digests are part of the xmlsec
library.

         

        Regards,

        Werner

         

                 

                
________________________________


                Von: Shyam Shukla [mailto:[EMAIL PROTECTED]

                Gesendet: Dienstag, 5. Dezember 2006 14:06
                An: [email protected]; [email protected]
                Betreff: Calculating the DigestValue over a URI

                Hi All,

                 

                I am trying to figure out the way to calculate the
<DigestValue> in <Reference> tag. I went through the link
http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig>
and my findings are as below as per this document:

                For each <Reference> in the <Signature> calculate the
<DigestValue> value by:-

                1.      Extract the portion of the document indicated in
the <Reference>. 
                2.      Canonicalize
<mk:@MSITStore:E:\Shyam\Proserv%20Projects\Project%20Documents\UK_Gov\Po
rtal%20Pack2\Gateway%20Portal%20Pack%204.1.0.1%20Documentation.chm::/HTM
L/Concepts/Canonicalization.html>  the extract. 
                3.      Run the digest method referred to in
<DigestMethod> over the canonicalized extract (in this case the SHA1
digest). 
                4.      Convert the binary digest to Base-64 and insert
into <DigestValue> 

                My question is not about how the digest is calculated,
but on what. For example,

                <Header>
                        <Signature
xmlns="http://www.w3.org/2000/09/xmldsig#";>
                                <SignedInfo>
                                <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; />
                                <SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
                                <Reference URI="#Body">
                                    <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
                                    <DigestValue />
                                </Reference>
                            </SignedInfo>
                            <SignatureValue />
                            <KeyInfo>
                                <X509Data>
                                    <X509Certificate />
                                </X509Data>
                            </KeyInfo>
                        </Signature>
                    </Header>
                    <Body Id="Body">
                        <Timestamp>2006-May-04 20:16:21</Timestamp>
                    </Body>

                So as per the rule, results at each step are:

                   1- <Body Id="Body">
                        <Timestamp>2006-May-04 20:16:21</Timestamp>
                       </Body>

                2-     <Body Id="Body"><Timestamp>2006-May-04
20:16:21</Timestamp></Body>

                3-     The SHA1 on the data of step2

                4-     hI2M81Ns4JNPVeHVlBaxOtu8HPY=

                I get "hI2M81Ns4JNPVeHVlBaxOtu8HPY=" as a DigestValue
which is different than the expected one, which is
"pV9SUz/WktNbDo+R4dW9MBuWDgs=".

                Can anyone please tell me what is the data here (point
1) on which the digest is calculated?

                 

                Best Regards,
                Shyam Shukla

                DISCLAIMER ========== This e-mail may contain privileged
and confidential information which is the property of Persistent Systems
Pvt. Ltd. It is intended only for the use of the individual or entity to
which it is addressed. If you are not the intended recipient, you are
not authorized to read, retain, copy, print, distribute or use this
message. If you have received this communication in error, please notify
the sender and delete all copies of this message. Persistent Systems
Pvt. Ltd. does not accept any liability for virus infected mails. 

        DISCLAIMER ========== This e-mail may contain privileged and
confidential information which is the property of Persistent Systems
Pvt. Ltd. It is intended only for the use of the individual or entity to
which it is addressed. If you are not the intended recipient, you are
not authorized to read, retain, copy, print, distribute or use this
message. If you have received this communication in error, please notify
the sender and delete all copies of this message. Persistent Systems
Pvt. Ltd. does not accept any liability for virus infected mails.

Reply via email to