Trying to understand why xmlsec1 is not giving back the right sha1sum for a PNG file (avoiding canonicalisation problems hopefully).
wget http://www.w3.org/Icons/w3c_home -O w3c.png <?xml version="1.0" encoding="UTF-8"?> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"; /> <Reference URI="w3c.png"> <DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#"; Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> <DigestValue></DigestValue> </Reference> </SignedInfo> <SignatureValue> </SignatureValue> <KeyInfo> <X509Data> </X509Data> </KeyInfo> </Signature> xmlsec1 sign --store-references --pkcs12 keys/dsakey.p12 --pwd secret --output my.sig works.xml <?xml version="1.0" encoding="UTF-8"?> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> <Reference URI="w3c.png"> <DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#"; Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>+/MTaoTmyGkFLCGarzDR6xi2DZM=</DigestValue> </Reference> </SignedInfo> <SignatureValue>XoFbr03fGd9mvSbAb3qyVlb6iDk8wGovSI3TXuvpYgVxz6H+1VjQUw==</SignatureValue> <KeyInfo> <X509Data> hen...@x61 xmldigsig$ sha1sum w3c.png fbf3136a84e6c869052c219aaf30d1eb18b60d93 w3c.png Why isn't the DigestValue +/MTaoTmyGkFLCGarzDR6xi2DZM= not fbf3136a84e6c869052c219aaf30d1eb18b60d93 ? _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
