Ok, then a bit more understandable, I hope: I want to write a program, what is able to generate itself an XMLDSIG without any other programs (means:xmlsec, xml-security,etc.) This program would use MS CryptoAPI for the crypto engine. The signature verify tools has a response, on the Signature what was generated by the program, its not ok. This is true, since I want to generate from the same content an xml signature, then out of the <SignatureValue> field, everything is identical with the good XML. Therefore sure, that the mistake IS the generated signature. I have looked other signatures generated by other programs (for ex. xmlsec). I did figure out, it is not the digest what have to be set by the CryptoAPI:CryptSignHash as an input (as hash data), but something else! (is it possible that there is something to vary on the source data?) Finally, the major question is: if I see it correctly, that - the digitally signed hash and the hash in the <DigestValue> is not the same?
Csibi > -----Original Message----- > From: Aleksey Sanin [mailto:[EMAIL PROTECTED] > Sent: 2003. j�lius 8. 17:43 > To: [EMAIL PROTECTED] > Subject: Re: [xmlsec] XMLDSIG and MS CryptoAPI problem... > > > > >Yesterday I tried to write a mail about the case > "XMLDSIG/MSCryptoAPI", > >as I can see it wasn't forwarded; > > > You have to be subscribed to the mailing list to post to it. > Otherwise, > you'll have to wait till I would > have time to go thru the spam garbage and manually allow this. > > >but it isn't a problem, because I was > >able to step ahead. I think I am almost there, the "xmldsig" > generator > >is almost done, based on the "MS CryptoAPI", however I am > confronting > >now a new error. > > > I am not sure I clear understand what are you trying to do. > <DigestValue/> contains the digested > result of processing <Reference/> element (with all transforms!). The > signature is applied later to > the canonicalized <SignedInfo/> element. I would be happy to help you > but I just don't understand > your questions (hint, take a look at XML DSig spec for details on > Signature generation). > > Aleksey > > > > _______________________________________________ > xmlsec mailing list > [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec > _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
