Yes, you're right! (Sorry for not reading www.w3.org/TR/2001/REC-xml-c14-n20010315 :-( ) But is there any solution for this problem? How can the in-memory-representation be transformed before calculating the hash value so that the hash created over the in-memory-representation matches the hash value created over the canonicalized file representation?
Thank you VERY much for this answer;-) Hartmut -----Urspr�ngliche Nachricht----- Von: Aleksey Sanin [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 17. Oktober 2003 17:03 An: Lehnert, Hartmut Cc: [EMAIL PROTECTED] Betreff: Re: AW: AW: [xmlsec] Problems verifing digest value Canonicalization does preserve spaces. Read the spec, please. I guess that you are creating document (or part of it) in memory, sign it, after that you adding spaces when you are writing document out. And signature on the result fails, of course. Now when you sign the document *with spaces* from disk and then verify it everything works just fine. Aleksey Lehnert, Hartmut wrote: >Hello Aleksey, >I cannot believe that this can be a problem here, because before >creating any hashs or signatures the canonicalization is performed at >first - on all references (I think;-)). So why should it make a >difference if I create the complete signature node in memory and then >call "xmlSecDSigCtxSign" (which performs all transformations) or if I >read the XML file, then create all nodes in memory and then also call >"xmlSecDSigCtxSign"? > >Hartmut > > _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
