Just a thought here: IMHO the result you present in step 2 is not
correct. C14n does not remove all white space character such as
NL, TAB, space, etc. The result shown in step 2 as all whitespace
characters removed. Pls check the c14n specs.
Regards,
Werner
________________________________
Von: Dittmann, Werner
Gesendet: Mittwoch, 6. Dezember 2006 08:19
An: Shyam Shukla ; [email protected];
[email protected]
Betreff: AW: Calculating the DigestValue over a URI
Yes, indeed. AFAIK there is no other detailed description,
except in the
W3C specifications, that describe how to compute and handle the
various Signature values (hashes). If there is a problem, e.g. a
wrong
hash value or a wrong Signature then something in the
implementation
must be wrong.
WSS4J uses the xmlsec library to perform Signature handling
including
all necessary canonicalization steps and creation of new
elements etc.
Thus to fully understand in detail what may go wrong it is a
good idea
to look at the xmlsec implementation.
Regards,
Werner
________________________________
Von: Shyam Shukla [mailto:[EMAIL PROTECTED]
Gesendet: Mittwoch, 6. Dezember 2006 05:53
An: Dittmann, Werner; [email protected];
[email protected]
Betreff: RE: Calculating the DigestValue over a URI
Werner,
You meant I should look at the source code of xmlsec
library??
Best Regards,
Shyam Shukla
________________________________
From: Dittmann, Werner
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 05, 2006 7:36 PM
To: Shyam Shukla ; [email protected];
[email protected]
Subject: AW: Calculating the DigestValue over a URI
Well, "use the source" :-)
The computation of all these digests are part of the
xmlsec library.
Regards,
Werner
________________________________
Von: Shyam Shukla
[mailto:[EMAIL PROTECTED]
Gesendet: Dienstag, 5. Dezember 2006 14:06
An: [email protected];
[email protected]
Betreff: Calculating the DigestValue over a URI
Hi All,
I am trying to figure out the way to calculate
the <DigestValue> in <Reference> tag. I went through the link
http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig>
and my findings are as below as per this document:
For each <Reference> in the <Signature>
calculate the <DigestValue> value by:-
1. Extract the portion of the document
indicated in the <Reference>.
2. Canonicalize
<mk:@MSITStore:E:\Shyam\Proserv%20Projects\Project%20Documents\UK_Gov\Po
rtal%20Pack2\Gateway%20Portal%20Pack%204.1.0.1%20Documentation.chm::/HTM
L/Concepts/Canonicalization.html> the extract.
3. Run the digest method referred to in
<DigestMethod> over the canonicalized extract (in this case the SHA1
digest).
4. Convert the binary digest to Base-64 and
insert into <DigestValue>
My question is not about how the digest is
calculated, but on what. For example,
<Header>
<Signature
xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
<Reference URI="#Body">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<DigestValue />
</Reference>
</SignedInfo>
<SignatureValue />
<KeyInfo>
<X509Data>
<X509Certificate />
</X509Data>
</KeyInfo>
</Signature>
</Header>
<Body Id="Body">
<Timestamp>2006-May-04
20:16:21</Timestamp>
</Body>
So as per the rule, results at each step are:
1- <Body Id="Body">
<Timestamp>2006-May-04
20:16:21</Timestamp>
</Body>
2- <Body Id="Body"><Timestamp>2006-May-04
20:16:21</Timestamp></Body>
3- The SHA1 on the data of step2
4- hI2M81Ns4JNPVeHVlBaxOtu8HPY=
I get "hI2M81Ns4JNPVeHVlBaxOtu8HPY=" as a
DigestValue which is different than the expected one, which is
"pV9SUz/WktNbDo+R4dW9MBuWDgs=".
Can anyone please tell me what is the data here
(point 1) on which the digest is calculated?
Best Regards,
Shyam Shukla
DISCLAIMER ========== This e-mail may contain
privileged and confidential information which is the property of
Persistent Systems Pvt. Ltd. It is intended only for the use of the
individual or entity to which it is addressed. If you are not the
intended recipient, you are not authorized to read, retain, copy, print,
distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this
message. Persistent Systems Pvt. Ltd. does not accept any liability for
virus infected mails.
DISCLAIMER ========== This e-mail may contain privileged
and confidential information which is the property of Persistent Systems
Pvt. Ltd. It is intended only for the use of the individual or entity to
which it is addressed. If you are not the intended recipient, you are
not authorized to read, retain, copy, print, distribute or use this
message. If you have received this communication in error, please notify
the sender and delete all copies of this message. Persistent Systems
Pvt. Ltd. does not accept any liability for virus infected mails.
