Re: [xmlsec] Microsoft .NET 2.0 compatibility

Wed, 29 Oct 2008 15:33:53 -0700 

Well, I believe that you have to use exc-c14n. The c14n implementation
from .NET is not compatible with the c14n standard.

Aleksey

Crosley.Grace wrote:
I’ve created a project in Visual Studio that uses libxmlsec, and I’ve used it to successfully verify some of the sample signed documents that are provided with the Online Verifier. However, a coworker created a signed document for me using Microsoft’s implementation of .NET 2.0, and I can’t verify the signature on it. He sent me the entire X509 certificate chain that he used, including the root certificate, and I successfully loaded each certificate into a keys manager. When I try to verify the signature, I get this error message:
func=xmlSecOpenSSLEvpDigestVerify:file=..\..\src\open_ssl\digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid data:data and digest do not match 

Signature is INVALID
I noticed that, back in a 2004 thread, someone mentioned that Microsoft’s .NET implementation had a problem with c14n, but not with exc-c14n. Does anyone out there know whether this continues to be a problem? 


Here is the Signature portion of the document I’m trying to work with:


  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>

    <SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> 

      <Reference URI="">

        <Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> 

        </Transforms>

        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />

        <DigestValue>BCxyTVrdNmHOUVJeCyuAoFm3Yfg=</DigestValue>

      </Reference>
</SignedInfo> <SignatureValue>bRfw29/Xz11s+IpE6VrGNHvs2Ry1wx5fQyf+Q2hkjcJxG5TiB5rt/HmMr7T4gXA/J9DfV7BtrLalNnhXhlhZCRs4mv/ek1oukoOC8VuDzOyDlmNhcaggsgIdJkDo9YO3RloqnKWsW3E7dP7+xRq161j/JXmcq1JAko0e097gXx4=</SignatureValue> 

  </Signature>


Any advice would be appreciated.  Thank you!


------------------------------------------------------------------------

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to