Re: [xmlsec] sha1sum DigestValue

Thu, 25 Jun 2009 06:59:30 -0700 


http://www.w3.org/TR/xmldsig-core/#sec-MessageDigests

> A SHA-1 digest is a 160-bit string. The content of the DigestValue
> element shall be the base64 encoding of this bit string viewed as
> a 20-octet octet stream.

Aleksey

Kai Hendry wrote:

Trying to understand why xmlsec1 is not giving back the right sha1sum
for a PNG file (avoiding canonicalisation problems hopefully).

wget http://www.w3.org/Icons/w3c_home -O w3c.png

<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
  <SignedInfo>
    <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; />
        <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"; 
/>
    <Reference URI="w3c.png">
                <DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#";
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
      <DigestValue></DigestValue>
    </Reference>
  </SignedInfo>
  <SignatureValue>
  </SignatureValue>
  <KeyInfo>
    <X509Data>
    </X509Data>
  </KeyInfo>
</Signature>


xmlsec1 sign --store-references --pkcs12 keys/dsakey.p12 --pwd secret
--output my.sig works.xml


<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
  <SignedInfo>
    <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
        <SignatureMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
    <Reference URI="w3c.png">
                <DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#";
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
      <DigestValue>+/MTaoTmyGkFLCGarzDR6xi2DZM=</DigestValue>
    </Reference>
  </SignedInfo>
  
<SignatureValue>XoFbr03fGd9mvSbAb3qyVlb6iDk8wGovSI3TXuvpYgVxz6H+1VjQUw==</SignatureValue>
  <KeyInfo>
    <X509Data>



hen...@x61 xmldigsig$ sha1sum w3c.png
fbf3136a84e6c869052c219aaf30d1eb18b60d93  w3c.png


Why isn't the DigestValue +/MTaoTmyGkFLCGarzDR6xi2DZM= not
fbf3136a84e6c869052c219aaf30d1eb18b60d93  ?
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to