Canonical XMLVersion 1.0 does not remove linefeeds. Only normalize. Windows put CRLF and Linux LF. C14N normalize to LF.
See http://www.w3.org/TR/2001/REC-xml-c14n-20010315 2 XML Canonicalization 2.1 Data Model ... The XML processor performs the following tasks in order: 1. normalize line feeds ... On Tue, Mar 18, 2014 at 2:49 PM, François Plou <[email protected]> wrote: > Hi, > > I am trying to sign an XML document where I add a linefeed between two > nodes. > To my understanding, according canonicalization (1.0), an xml document > like this : > > <node>a</node> > > <node>b</node> > > must give the same digest and signature value as this one : > > <node>a</node> > <node>b</node> > > But this is not the case. When I use the option --store-reference, the > output show the extra line feed. > > Below is my xml document : > > <?xml version = "1.0" encoding = "UTF-8"?> > <Document xmlns = "urn:iso:std:iso:20022:tech:xsd:acmt.007.001.02" > > <AcctOpngReq> > <Refs> > <MsgId> > <Id>ABC/090928/CCT001</Id> > <CreDtTm>2010-09-28T14:07:00</CreDtTm> > </MsgId> > <PrcId> > <Id>ABC/090928/CCT001</Id> > <CreDtTm>2010-09-28T14:07:00</CreDtTm> > </PrcId> > </Refs> > > <Acct> > <Id> > <Othr> > <Id>NOREF</Id> > </Othr> > </Id> > <Tp> > <Cd>CASH</Cd> > </Tp> > <Ccy>USD</Ccy> > <MnthlyRcvdVal>200000</MnthlyRcvdVal> > <MnthlyTxNb>100</MnthlyTxNb> > <AvrgBal>10000</AvrgBal> > </Acct> > <CtrctDts> > <TrgtGoLiveDt>2010-10-02</TrgtGoLiveDt> > </CtrctDts> > <UndrlygMstrAgrmt> > <Ref>ABC/Acct/BBBBUS33</Ref> > <Vrsn>1.0</Vrsn> > </UndrlygMstrAgrmt> > <AcctSvcrId> > <FinInstnId> > <BICFI>BBBBUS33</BICFI> > </FinInstnId> > </AcctSvcrId> > <Org> > <FullLglNm>ABC Corporation</FullLglNm> > <CtryOfOpr>US</CtryOfOpr> > <RegnDt>1999-09-01</RegnDt> > <LglAdr> > <StrtNm>Times Square</StrtNm> > <BldgNb>7</BldgNb> > <PstCd>NY 10036</PstCd> > <TwnNm>New York</TwnNm> > <Ctry>US</Ctry> > </LglAdr> > <OrgId> > <Othr> > <Id>01256485-85</Id> > <SchmeNm> > <Prtry>TAX</Prtry> > </SchmeNm> > </Othr> > </OrgId> > <MainMndtHldr> > <Nm>Richard Jones</Nm> > <PstlAdr> > <AdrTp>HOME</AdrTp> > <StrtNm>La Guardia Drive</StrtNm> > <BldgNb>12</BldgNb> > <PstCd>NJ 07054</PstCd> > <TwnNm>Parsippany</TwnNm> > <Ctry>US</Ctry> > </PstlAdr> > <Id> > <DtAndPlcOfBirth> > <BirthDt>1960-05-01</BirthDt> > <CityOfBirth>New york</CityOfBirth> > <CtryOfBirth>US</CtryOfBirth> > </DtAndPlcOfBirth> > </Id> > </MainMndtHldr> > </Org> > <DgtlSgntr> > <Pty> > <Nm>fplou</Nm> > </Pty> > <Sgntr> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> > <SignedInfo> > <CanonicalizationMethod Algorithm=" > http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> > <SignatureMethod Algorithm="http://www.w3.org/ > 2001/04/xmldsig-more#rsa-sha256"/> > <Reference URI=""> > <Transforms> > <Transform Algorithm="http://www.w3.org/ > 2000/09/xmldsig#enveloped-signature" /> > <Transform Algorithm="http://www.w3.org/ > TR/2001/REC-xml-c14n-20010315" /> > </Transforms> > <DigestMethod Algorithm="http://www.w3.org/ > 2001/04/xmlenc#sha256"/> > <DigestValue></DigestValue> > </Reference> > </SignedInfo> > <SignatureValue /> > <KeyInfo> > <KeyValue /> > </KeyInfo> > </Signature> > </Sgntr> > </DgtlSgntr> > </AcctOpngReq> > </Document> > > The ouput of --store-references is the following : > > == PreDigest data - start buffer: > <Document xmlns="urn:iso:std:iso:20022:tech:xsd:acmt.007.001.02"> > <AcctOpngReq> > <Refs> > <MsgId> > <Id>ABC/090928/CCT001</Id> > <CreDtTm>2010-09-28T14:07:00</CreDtTm> > </MsgId> > <PrcId> > <Id>ABC/090928/CCT001</Id> > <CreDtTm>2010-09-28T14:07:00</CreDtTm> > </PrcId> > </Refs> > > <Acct> > <Id> > <Othr> > <Id>NOREF</Id> > </Othr> > </Id> > <Tp> > <Cd>CASH</Cd> > </Tp> > <Ccy>USD</Ccy> > <MnthlyRcvdVal>200000</MnthlyRcvdVal> > <MnthlyTxNb>100</MnthlyTxNb> > <AvrgBal>10000</AvrgBal> > </Acct> > <CtrctDts> > <TrgtGoLiveDt>2010-10-02</TrgtGoLiveDt> > </CtrctDts> > <UndrlygMstrAgrmt> > <Ref>ABC/Acct/BBBBUS33</Ref> > <Vrsn>1.0</Vrsn> > </UndrlygMstrAgrmt> > <AcctSvcrId> > <FinInstnId> > <BICFI>BBBBUS33</BICFI> > </FinInstnId> > </AcctSvcrId> > <Org> > <FullLglNm>ABC Corporation</FullLglNm> > <CtryOfOpr>US</CtryOfOpr> > <RegnDt>1999-09-01</RegnDt> > <LglAdr> > <StrtNm>Times Square</StrtNm> > <BldgNb>7</BldgNb> > <PstCd>NY 10036</PstCd> > <TwnNm>New York</TwnNm> > <Ctry>US</Ctry> > </LglAdr> > <OrgId> > <Othr> > <Id>01256485-85</Id> > <SchmeNm> > <Prtry>TAX</Prtry> > </SchmeNm> > </Othr> > </OrgId> > <MainMndtHldr> > <Nm>Richard Jones</Nm> > <PstlAdr> > <AdrTp>HOME</AdrTp> > <StrtNm>La Guardia Drive</StrtNm> > <BldgNb>12</BldgNb> > <PstCd>NJ 07054</PstCd> > <TwnNm>Parsippany</TwnNm> > <Ctry>US</Ctry> > </PstlAdr> > <Id> > <DtAndPlcOfBirth> > <BirthDt>1960-05-01</BirthDt> > <CityOfBirth>New york</CityOfBirth> > <CtryOfBirth>US</CtryOfBirth> > </DtAndPlcOfBirth> > </Id> > </MainMndtHldr> > </Org> > <DgtlSgntr> > <Pty> > <Nm>fplou</Nm> > </Pty> > <Sgntr> > > </Sgntr> > </DgtlSgntr> > </AcctOpngReq> > </Document> > == PreDigest data - end buffer > == Result - start buffer: > v80V0QWK0r89EhOr4Kh4Q79ofZ/zYw2ReI4s8e0ebW4= > == Result - end buffer > == Manifest References List: > === list size: 0 > == Result - start buffer: > ELC9j9/SaQ3VOcVcZBV4ZFpHsRU7jfc25gHCx9/CyCQBLyNF6yqfzLjTuvg9NAvF > HaDXuKhLvTjtEG1hgvuXXkyKFgJkA+pJrIKcOmpVMcwgR85MpZ/1BumxEeHPtHif > PQp9ngJmQ6PzC7P3FFmDfNGoY3gOyiK/s+IecGtqr+A5JwALFFNkXgEp96DBqF4P > d2HRNH0LbIw0IKQN+BckTOxeLFNQ269fP0AFuFxVp8fVQfhGuMJHlNnr3lX2WHjw > emqcEW4X/0vcFcoKUsvGRRwz7eFYjjMjrghaOWW+byPYQrHFOV7o0wN9UC8TCN9R > YXnL/c3Rx7P+QkX7/f7n4g== > == Result - end buffer > > > If I remove the line feed between : > </Refs> > > <Acct> > > The output is slightly different : > > == PreDigest data - start buffer: > <Document xmlns="urn:iso:std:iso:20022:tech:xsd:acmt.007.001.02"> > <AcctOpngReq> > <Refs> > <MsgId> > <Id>ABC/090928/CCT001</Id> > <CreDtTm>2010-09-28T14:07:00</CreDtTm> > </MsgId> > <PrcId> > <Id>ABC/090928/CCT001</Id> > <CreDtTm>2010-09-28T14:07:00</CreDtTm> > </PrcId> > </Refs> > <Acct> > <Id> > <Othr> > <Id>NOREF</Id> > </Othr> > </Id> > <Tp> > <Cd>CASH</Cd> > </Tp> > <Ccy>USD</Ccy> > <MnthlyRcvdVal>200000</MnthlyRcvdVal> > <MnthlyTxNb>100</MnthlyTxNb> > <AvrgBal>10000</AvrgBal> > </Acct> > <CtrctDts> > <TrgtGoLiveDt>2010-10-02</TrgtGoLiveDt> > </CtrctDts> > <UndrlygMstrAgrmt> > <Ref>ABC/Acct/BBBBUS33</Ref> > <Vrsn>1.0</Vrsn> > </UndrlygMstrAgrmt> > <AcctSvcrId> > <FinInstnId> > <BICFI>BBBBUS33</BICFI> > </FinInstnId> > </AcctSvcrId> > <Org> > <FullLglNm>ABC Corporation</FullLglNm> > <CtryOfOpr>US</CtryOfOpr> > <RegnDt>1999-09-01</RegnDt> > <LglAdr> > <StrtNm>Times Square</StrtNm> > <BldgNb>7</BldgNb> > <PstCd>NY 10036</PstCd> > <TwnNm>New York</TwnNm> > <Ctry>US</Ctry> > </LglAdr> > <OrgId> > <Othr> > <Id>01256485-85</Id> > <SchmeNm> > <Prtry>TAX</Prtry> > </SchmeNm> > </Othr> > </OrgId> > <MainMndtHldr> > <Nm>Richard Jones</Nm> > <PstlAdr> > <AdrTp>HOME</AdrTp> > <StrtNm>La Guardia Drive</StrtNm> > <BldgNb>12</BldgNb> > <PstCd>NJ 07054</PstCd> > <TwnNm>Parsippany</TwnNm> > <Ctry>US</Ctry> > </PstlAdr> > <Id> > <DtAndPlcOfBirth> > <BirthDt>1960-05-01</BirthDt> > <CityOfBirth>New york</CityOfBirth> > <CtryOfBirth>US</CtryOfBirth> > </DtAndPlcOfBirth> > </Id> > </MainMndtHldr> > </Org> > <DgtlSgntr> > <Pty> > <Nm>fplou</Nm> > </Pty> > <Sgntr> > > </Sgntr> > </DgtlSgntr> > </AcctOpngReq> > </Document> > == PreDigest data - end buffer > == Result - start buffer: > zYybkjAuafmZgmnEbWItuE4Q1+u76x4I5HExyHThFe0= > == Result - end buffer > == Manifest References List: > === list size: 0 > == Result - start buffer: > VsVLlG0KahJelXvXjo2Ozst5axBXxtWeR4So0P+PAAcOi6ihtTKc5oUUJjIEivbO > rCkdKuT4AFlbPEF8t4ErMAHS6iCP5JplF3zQA1YzVxGzmOQFRtpBookknF5wXu7H > adyr9dIuZPcudAX7ZV0R0iwRIJJwdZQgYvA4HgZJJ3eMlBj8K1Zp5WR4UbbkBacV > /dOnIIpRljd3YwxCnHp7hO6oizGOIkNhGbq6kkJ3ULGxWuT9/xy5IO64AV397PiK > R0VtvNDNXW2WFjLfJ3XBuaVUq2T/GVCB9tcXYPUh67wwqzAyiaHUcymYgg2CZ6kF > 3eZvTwOjkVmrY7iYuAsqeQ== > == Result - end buffer > > I am working on latest release of xmlsec and on Unix. > > Is my understanding correct ? > > Thanks. > > Francois > > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec >
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
