W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2004

Re: Canonicalization, XAdES

From: Thomas Braun <ThoBr@t-online.de>
Date: Thu, 22 Jan 2004 01:21:42 +0100
To: Rich Salz <rsalz@datapower.com>
Cc: w3c-ietf-xmldsig@w3.org
Message-Id: <200401220121.42082.thobr@t-online.de>

> Reading that message and the followup, it wasn't clear that the original
> poster was doing proper (or any) canonicalization.  For example, his
> Reference element didn't have a Transforms indicating c14n transformation.

So when there is no Transforms specified, there is actually no 
canonicalization needed?

> The difficult is that you cannot specify namespace prefixes on the
> commandline.  This might work
> 	//*[Id='object']

Unfortunately this doesn't work - it results in an empty document.
You can specify the namespace - here the two ways of using the command:
.....
Usage: SerializeSubset <XPath expression> < <XML instance>
Usage: SerializeSubset -xml '<foo xmlns:hoge="...">...XPath 
expression...</foo>' < <XML instance>
.....

> You have to c14n the XML before hashing it.

Isn't
<Object xmlns="http://www.w3.org/2000/09/xmldsig#" Id="object">some
text</Object>
the proper canonicalized form? But as you say above, it's not shure that it 
has to be canonicalized...?
It doesn't matter if I try
echo -e '<Object xmlns="http://www.w3.org/2000/09/xmldsig#" Id="object">some 
text</Object>' | openssl sha1 -binary | openssl base64
or
echo -e '<Object Id="object">some text</Object>' | openssl sha1 -binary | 
openssl base64
the result is never 7/XTsHaBSOnJ/jXD5v0zL6VKYsk=

Thanks


> > I want to explain my problems by means
> > of an example, which I have found in this mailing list:
> > http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2003OctDec/0014.html
> >
> > I want to canonicalize the same element from the same doc as the guy in
> > that posting.
>
> Reading that message and the followup, it wasn't clear that the original
> poster was doing proper (or any) canonicalization.  For example, his
> Reference element didn't have a Transforms indicating c14n transformation.
>
> > I'm using a sample-prog of the IBM XML-Security Suit
> > (http://www.trl.ibm.com/projects/xml/xss4j/docs/c14n.html) to
> > canonicalize a subset of a xml-doc. The command is:
> > "... xpath-expression < example.xml > canonicalized.xml"
> > Unfortunately, I can't figure out the proper xpath-expression to obtain
> > the desired result (which means in this case "<Object
> > xmlns="http://www.w3.org/2000/09/xmldsig#" Id="object">some
> > text</Object>"). Could someone reveal the expression for this example to
> > me?
>
> The difficult is that you cannot specify namespace prefixes on the
> commandline.  This might work
> 	//*[Id='object']
>
> > If I didn't misunderstand it, on the above mentioned desired result the
> > hash and base64 should be performed. I try to do that with an
> > openssl-command: echo -e '<Object xmlns= ... ' | openssl sha1 -binary |
> > openssl base64 ...but the result differs from the right one given in the
> > posting. So what's still wrong here?
>
> You have to c14n the XML before hashing it.
>
> Sorry, but I can't help you with your XAdES questions.
>
> 	/r$
Received on Wednesday, 21 January 2004 19:28:57 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:39 UTC