Run the xmlsec1 utility with --store-references to see what exactly is sha'd
Aleksey
On 11/11/11 10:05 AM, Si St wrote:
Is sha1 in xmlsec1 after the canonicalization of the xmlfile-docpart to
sign identical to this:
cat xmlfile-docpart | openssl dgst -sha1 -binary | openssl enc -base64>
xmlfile-docpart-digest
?
If xmlfile-docpart is as simple as the following (letting out the
signaturepart):
<?xml version="1.0" encoding="ISO-8859-1"?>
<MsgHead>
<Document>
<Krav/>
</Document>
</MsgHead>
then the C14N of it cannot give anything more than this:
<MsgHead>
<Document>
<Krav></Krav>
</Document>
</MsgHead>
but doing the sha1 with openssl on this postC14N file (done with xmllint
--c14n),we get this digestvalue :
tkuyB5MHizGiQsl9ljG+YcPogOA=
the digestvalue from running xmlsec1 sign on the preC14N+sigpart file
give this:
pKl5h5ALLpm57qM8FeuQSaa4Ogk=
Does this mean the xmldsig#sha1 is something different from 'sha1sum'
and 'openssl -sha1'?
In case, what is the difference? That C14N puts in (empty) elements from
a xsd-scheme, or what?
I am talking about the DigestValue from the document part here, not the
DigestValue of the SignedInfo that disappears in the SignatureValue.
I thought that SHA1 = SHA1. Period.
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
