Try "--store-references" option to see what exactly was signed. Just looking at the file, the DigestValue inside the #Manifest subtree looks suspicious.
Aleksey On 4/3/14, 5:46 AM, François Plou wrote: > Hi, > > I am facing an issue trying to sign an xml document which makes > reference to an external file. > xmlsec1 gives me a digest for the URI=#Manifest which is not verified by > tool like Apache XML Security. > I am pretty sure there is something missing in the XML document I give > to xmlsec but can't figure what. > > I sign the document named acmt.007.001.02_1.skel.1sign.object2.xml. > The command I use is : xmlsec1 -- sign --output fpl.xml --privkey <key> > acmt.007.001.02_1.skel.1sign.object2.xml > The output document is fpl.xml > > The digest which is not the same as the one computed by Apache XML > Security is 2jmj7l5rSw0yVb/vlWAYkK/YBwk= > Apache Security is expecting M3eHHYZ3d//5HW/Gp583TrV/K4I= > > I found that the expecting digest match the manifest3.xml file enclosed > (I built it manually). > So it seems xmlsec is not creating the same manifest part. > > Do you have any idea what can be wrong in my > acmt.007.001.02_1.skel.1sign.object2.xml file ? Do I need to add a > transform ? > > Thanks for your help. > > Francois > > > > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
