BTW, forgot to say that xmlsec application should print an error message about empty nodes set (something like "invalid nodes set : empty"). And you should have an error in OpenSSL errors stack in the application.
Aleksey Aleksey Sanin wrote: > You can check xmlsec mailing list for detailed explanation but briefly > Id attribute > means *nothing* w/o a DTD or schema. In your case, XMLSec always > digests an > empty value simply because URI="#msg.194549.signedook" could not be > found. > I believe that adding something like > <!DOCTYPE test [ > <!ATTLIST Data Id ID #IMPLIED> > ]> > should solve your problem (see xmlsec/docs/examples/dsig3/tests.tmpl > file for details). > Of course, the DTD may be external or you may add Id attribute manualy by > calling LibXML2 xmlAddID() function after loading the document. > > Aleksey. > > > > > Derek Lei Liu wrote: > >> Hi, >> >> I am trying to use example1 on Solaris. The test xml >> and the private key are attached in following. I >> tried to use local reference here, but found the >> digested value never changed even I changed the >> content in <Data>. I am relatively new to this area >> and the project I am working on is rather urgent on >> this part. I gdb into the test program and found that >> the first time SHA1_Update was called as for >> <SignInfo> (signature stuff). This function is >> supposed to be called for the digested value, right? >> >> thanks >> >> Derek >> >> >> >> <?xml version="1.0" encoding="UTF-8"?> >> <Top> >> <SecondTop id="1"> >> <Data Id="msg.194549.signedook"> >> <version>1.0.1</version> >> <StudentName> >> <StudentID>12111111111</StudentID> >> <TotalCredits>111111111111111-11111111</TotalCredits> >> </StudentName> >> <Course> >> <CourseID>English Literature</CourseID> >> <date>20020901 17:20:37</date> >> </Course> >> <State>California</State> >> <TX> >> <time>20020902 00:13:24</time> >> <status>A</status> >> <Enroll>Y</Enroll> >> </TX> >> </Data> >> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> >> <SignedInfo> >> <CanonicalizationMethod >> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-200103 >> 15" /> >> <SignatureMethod >> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; >> /> >> <Reference URI="#msg.194549.signedook"> >> <DigestMethod >> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> >> <DigestValue></DigestValue> >> </Reference> >> </SignedInfo> >> <SignatureValue/> >> <KeyInfo> >> </KeyInfo> >> </Signature> >> </SecondTop> >> </Top> >> >> >> Key: >> ============================== >> -----BEGIN RSA PRIVATE KEY----- >> MIIBOwIBAAJBAOfDoFCPxDstNv7rBqK+B9s2kU+S2JX8xWwu8mF/hbNn35EtHCz4 >> 8sLANc2yFZx4/OaoTTdbCwPEpZlG3G9y6QkCAwEAAQJAA/CFVxk6gq8AElE4aafF >> RmqlCa87U0Fasb4SjKm4QhZnovu+3ipCku2QHjAejTNWDOrV5A6GEWJXMP5GkZDX >> AQIhAP0eADYcJbzGdvg9QinSe73jNKaJSD/EhUh/IOsWVkVRAiEA6mdeHFHUa3x8 >> BCu6qq5wUcyOH1ne1HXYvVALYugvWjkCID4D8LdRNCnJUnLFx4Uprem7VjYLYqlF >> BAbcJvuSUHbRAiEAs3DyMIfML4Sag67eNW9YeKY5XnK0DL0ycKpoLQ1FwrECIQCB >> o+JQ0HvhH+v7f21QWTxA6yd+T2cPlKMTUbK6Mn+AdA== >> -----END RSA PRIVATE KEY----- >> >> >> __________________________________________________ >> Do you Yahoo!? >> New DSL Internet Access from SBC & Yahoo! >> http://sbc.yahoo.com >> _______________________________________________ >> xmlsec mailing list >> [EMAIL PROTECTED] >> http://www.aleksey.com/mailman/listinfo/xmlsec >> >> > > > _______________________________________________ > xmlsec mailing list > [EMAIL PROTECTED] > http://www.aleksey.com/mailman/listinfo/xmlsec _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
