https://www.aleksey.com/xmlsec/api/xmlsec-xmldsig.html#XMLSEC-DSIG-FLAGS-STORE-SIGNEDINFO-REFERENCES-CAPS
Aleksey
[EMAIL PROTECTED] wrote:
That example was signed after encryption and then attempted to verify
immediately after signing (though I have the functionality to reverse
those steps).
I haven't used the command line utility for xmlsec, at all. Is there a
way to dump the content before digest with the API?
Thanks,
Brian
***************************************************************
Brian S. Myers
Systems Developer, Engineering
[EMAIL PROTECTED]
Tel: 406-556-8924 Fax: 406-587-8414
***************************************************************
This email, including any attachments, is confidential and may not be
redistributed without permission. If you are not an intended recipient,
you have received this message in error. Please notify us immediately by
replying to this message, and then delete it from your computer. Thank you.
***************************************************************
*Aleksey Sanin <[EMAIL PROTECTED]>*
Sent by: [EMAIL PROTECTED]
07/03/2008 03:49 PM
To
[EMAIL PROTECTED]
cc
[email protected]
Subject
Re: [xmlsec] verifying with xml-exc-c14n
Are you signing before or after encryption? Are you verifying
before or after encryption? Have you tried to use "--store-references"
option to dump the content before doing digest?
Aleksey
[EMAIL PROTECTED] wrote:
>
> Well, it can't be the http headers. I now think the problem might be
> with canonicalization.
>
> I can verify when I sign with the transform:
> <dsig:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> I can verify when I sign with the transform:
> <dsig:Transform
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>
> but when I sign with the transform:
> <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> it fails to verify.
>
> And none of it verifies when I send to my server (which is some black
> box Microsoft implementation).
>
> It looks like the server is expecting Exclusive Canonicalization, but I
> can't even get that to work in my test environment.
>
> Attached is my xml document after signing (shortened the digest values,
> but otherwise unchanged).
> Please take a look at it and see if I am doing something stupid.
>
> Thanks in advance,
> Brian
>
>
>
>
>
> *Aleksey Sanin <[EMAIL PROTECTED]>*
> Sent by: [EMAIL PROTECTED]
>
> 06/29/2008 08:19 PM
>
>
> To
> [EMAIL PROTECTED]
> cc
> [email protected]
> Subject
> Re: [xmlsec] Signing a document that will be altered
>
>
>
>
>
>
>
>
> I highly doubt that http headers are involved in the signatures...
> At least, not with xmlsec.
>
> Aleksey
>
> [EMAIL PROTECTED] wrote:
> >
> > Hello,
> > I think I'm running into a problem where the digital signature is
being
> > made invalid due to an http post.
> > Before I send my message to serverB I encrypt it and sign it, I then
> > post the message to the server.
> > The post obviously adds http headers to the beginning of the message,
> > such as ContentType, ContentLength, ect.
> > I'm guessing that even though these headers are not inside the xml
> > document, they are still affecting my digest.
> >
> > Is there a way to force the sign method to only sign the xml as
opposed
> > to the whole string? and also force
> > the severB verifier to verify the xml?
> >
> > Thank you,
> > Brian
> >
> >
> >
------------------------------------------------------------------------
> >
> > _______________________________________________
> > xmlsec mailing list
> > [email protected]
> > http://www.aleksey.com/mailman/listinfo/xmlsec
> _______________________________________________
> xmlsec mailing list
> [email protected]
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> xmlsec mailing list
> [email protected]
> http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
------------------------------------------------------------------------
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
