RE: Calculating the DigestValue over an Object URI from John Boyer on 2003-10-15 (w3c-ietf-xmldsig@w3.org from October to December 2003)

From: John Boyer <JBoyer@PureEdge.com>
Date: Wed, 15 Oct 2003 15:15:15 -0700
To: "John" <cmj@cht.com.tw>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <7874BFCCD289A645B5CE3935769F0B52683D5C@tigger.pureedge.com>

Hi John,

Out of curiousity, are you canonicalizing the object before calculating the hash?

When you said that you calculated the hash of <Object Id="object">some text</Object>,
I noticed in particular that it is missing the default namespace node for the signature namespace.

Hope this helps you.

John Boyer, Ph.D.
Senior Product Architect and Research Scientist
PureEdge Solutions Inc.


-----Original Message-----
From: John [mailto:cmj@cht.com.tw]
Sent: Tuesday, October 14, 2003 10:41 PM
To: w3c-ietf-xmldsig@w3.org
Subject: Calculating the DigestValue over an Object URI



Hello to all,
    I'm implementing a piece of code doing XMLdsig tasks and encountered a
problem.
How to calculate the DigestValue over an Object URI?
I used a sample xml-signature in XMLSec Library to test my thinking, but
found no clue for such kind of DigestValue calculation.
Let me explain my problem in detail, from this sample xml-signature called
signature-enveloping-rsa.xml:

<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20
010315" />
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/>
    <Reference URI="#object">
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
      <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
    </Reference>
  </SignedInfo>
  <SignatureValue>
    ov3HOoPN0w71N3DdGNhN+dSzQm6NJFUB5qGKRp9Q986nVzMb8wCIVxCQu+x3vMtq
    p4/R3KEcPtEJSaoR+thGq++GPIh2mZXyWJs3xHy9P4xmoTVwli7/l7s8ebDSmnbZ
    7xZU4Iy1BSMZSxGKnRG+Z/0GJIfTz8jhH6wCe3l03L4=
  </SignatureValue>
  <KeyInfo>
    <KeyValue>
      <RSAKeyValue>
        <Modulus>
          q07hpxA5DGFfvJFZueFl/LI85XxQxrvqgVugL25V090A9MrlLBg5PmAsxFTe+G6a
          xvWJQwYOVHj/nuiCnNLa9a7uAtPFiTtW+v5H3wlLaY3ws4atRBNOQlYkIBp38sTf
          QBkk4i8PEU1GQ2M0CLIJq4/2Akfv1wxzSQ9+8oWkArc=
        </Modulus>
        <Exponent>
          AQAB
        </Exponent>
      </RSAKeyValue>
    </KeyValue>
  </KeyInfo>
  <Object Id="object">some text</Object>
</Signature>

its Reference URI is "object", so I used sha1 and base64 to calculate
<Object Id="object">some text</Object> and got:
/9WvFNJq0ILEJqk45gJOBnVEcs0=
which is different from the DigestValue: 7/XTsHaBSOnJ/jXD5v0zL6VKYsk=
Would you pleased tell me what's wrong with this DigestValue calculation?

Another question is: does the Referenced element need a Canonicalization?
For example,
Will <Object Id="object">some text</Object> digest the same value with
<Object     Id="object"  >some text</Object   >  ?


Thank you.

John

Received on Wednesday, 15 October 2003 18:15:17 UTC