W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2003

FW: Digest Value - What is calculated?

From: Gregor Karlinger <gregor.karlinger@iaik.at>
Date: Wed, 12 Mar 2003 14:31:32 +0100
To: "'Tarun Pinto Pereira'" <tarun_pinto@hotmail.com>
Cc: "'XMLSigWG'" <w3c-ietf-xmldsig@w3.org>
Message-ID: <025801c2e89b$b4b23cf0$0200a8c0@iktboard.local>

Since my answer never appeared on the list, I send it again.

Liebe Gruesse/Regards,
Gregor Karlinger
          

> -----Original Message-----
> From: Gregor Karlinger 
> Sent: Friday, March 07, 2003 12:27 PM
> To: Tarun Pinto Pereira
> Cc: w3c-ietf-xmldsig@w3.org
> Subject: RE: Digest Value - What is calculated?
> 
> 
> Tarun,
> 
> according to the reference processing model the data to be
> signed is the result from the last transform specified in
> the dsig:Reference. 
> 
> Since you have not specified any transforms, the data to be
> signed is the result from resolving the Reference URI of
> disg:Reference (in your example "#mydata).
> 
> Resolving #mydata results in a node set representing the
> following XML:
> 
> <MyDataElement Id="mydata">DataToBeSigned</MyDataElement>,
> 
> Since you cannot sign a node set, but rather an octet stream,
> the reference processing model specifies that the node set
> must be converted to an octet stream by applying a final
> canonicalization according to "Canonical XML".
> 
> What the actual canonicalized result looks like depends on
> namespace declarations in scope for the MyDataElement; I
> cannot say anything here, since I do not know how your XML
> document bearing the signature looks like.
> 
> But, as a simplified answer to your question, the data to
> be signed is very close to
> 
>   <MyDataElement Id="mydata">DataToBeSigned</MyDataElement>
> 
> it is definitely not 
> 
>   DataToBeSigned.
> 
> Liebe Gruesse/Regards,
> Gregor Karlinger
>           
> 
> > -----Original Message-----
> > From: w3c-ietf-xmldsig-request@w3.org 
> > [mailto:w3c-ietf-xmldsig-request@w3.org] On Behalf Of Tarun 
> > Pinto Pereira
> > Sent: Thursday, March 06, 2003 6:36 PM
> > To: w3c-ietf-xmldsig@w3.org
> > Subject: Digest Value - What is calculated?
> > 
> > 
> > 
> > I am trying to understand the standard for a simple 
> > implementation for a project. I would like to know what 
> > exactly are the digest and signing algos applied to? Is it 
> > the tag + data or just the data? For example consider the 
> > document below
> > 
> > ....
> > <MyDataElement Id="mydata">DataToBeSigned</MyDataElement>
> > ...
> > <Reference URI="#mydata">
> >     <DigestMethod 
> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >    <DigestValue>Digest</DigestValue>
> > </Reference>
> > 
> > 
> > Is the Digest value calculated for "
> > <MyDataElement Id="mydata">DataToBeSigned</MyDataElement>"
> > or is it just calculated for "DataToBeSigned"
> > 
> > Thanks for any help.
> > Tarun
> > 
> > 
> > 
> 
Received on Wednesday, 12 March 2003 08:25:05 GMT

This archive was generated by hypermail 2.2.0 + w3c-0.29 : Thursday, 13 January 2005 12:10:16 GMT