Thanks a lot Werner, I will look into the specs of c14 and source code of xmlsec library.
I hope these investigations should resolve this issue. Best Regards, Shyam Shukla _____ From: Dittmann, Werner [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 06, 2006 1:00 PM To: Dittmann, Werner; Shyam Shukla ; [email protected] Subject: AW: Calculating the DigestValue over a URI Just a thought here: IMHO the result you present in step 2 is not correct. C14n does not remove all white space character such as NL, TAB, space, etc. The result shown in step 2 as all whitespace characters removed. Pls check the c14n specs. Regards, Werner _____ Von: Dittmann, Werner Gesendet: Mittwoch, 6. Dezember 2006 08:19 An: Shyam Shukla ; [email protected]; [email protected] Betreff: AW: Calculating the DigestValue over a URI Yes, indeed. AFAIK there is no other detailed description, except in the W3C specifications, that describe how to compute and handle the various Signature values (hashes). If there is a problem, e.g. a wrong hash value or a wrong Signature then something in the implementation must be wrong. WSS4J uses the xmlsec library to perform Signature handling including all necessary canonicalization steps and creation of new elements etc. Thus to fully understand in detail what may go wrong it is a good idea to look at the xmlsec implementation. Regards, Werner _____ Von: Shyam Shukla [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 6. Dezember 2006 05:53 An: Dittmann, Werner; [email protected]; [email protected] Betreff: RE: Calculating the DigestValue over a URI Werner, You meant I should look at the source code of xmlsec library?? Best Regards, Shyam Shukla _____ From: Dittmann, Werner [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 05, 2006 7:36 PM To: Shyam Shukla ; [email protected]; [email protected] Subject: AW: Calculating the DigestValue over a URI Well, "use the source" :-) The computation of all these digests are part of the xmlsec library. Regards, Werner _____ Von: Shyam Shukla [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 5. Dezember 2006 14:06 An: [email protected]; [email protected] Betreff: Calculating the DigestValue over a URI Hi All, I am trying to figure out the way to calculate the <DigestValue> in <Reference> tag. I went through the link http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig> and my findings are as below as per this document: For each <Reference> in the <Signature> calculate the <DigestValue> value by:- 1. Extract the portion of the document indicated in the <Reference>. 2. Canonicalize <mk:@MSITStore:E:\Shyam\Proserv%20Projects\Project%20Documents\UK_Gov\Portal %20Pack2\Gateway%20Portal%20Pack%204.1.0.1%20Documentation.chm::/HTML/Concep ts/Canonicalization.html> the extract. 3. Run the digest method referred to in <DigestMethod> over the canonicalized extract (in this case the SHA1 digest). 4. Convert the binary digest to Base-64 and insert into <DigestValue> My question is not about how the digest is calculated, but on what. For example, <Header> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> <Reference URI="#Body"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <DigestValue /> </Reference> </SignedInfo> <SignatureValue /> <KeyInfo> <X509Data> <X509Certificate /> </X509Data> </KeyInfo> </Signature> </Header> <Body Id="Body"> <Timestamp>2006-May-04 20:16:21</Timestamp> </Body> So as per the rule, results at each step are: 1- <Body Id="Body"> <Timestamp>2006-May-04 20:16:21</Timestamp> </Body> 2- <Body Id="Body"><Timestamp>2006-May-04 20:16:21</Timestamp></Body> 3- The SHA1 on the data of step2 4- hI2M81Ns4JNPVeHVlBaxOtu8HPY= I get "hI2M81Ns4JNPVeHVlBaxOtu8HPY=" as a DigestValue which is different than the expected one, which is "pV9SUz/WktNbDo+R4dW9MBuWDgs=". Can anyone please tell me what is the data here (point 1) on which the digest is calculated? Best Regards, Shyam Shukla DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
