- From: John <cmj@cht.com.tw>
- Date: Wed, 15 Oct 2003 13:40:56 +0800
- To: <w3c-ietf-xmldsig@w3.org>
Hello to all,
I'm implementing a piece of code doing XMLdsig tasks and encountered a
problem.
How to calculate the DigestValue over an Object URI?
I used a sample xml-signature in XMLSec Library to test my thinking, but
found no clue for such kind of DigestValue calculation.
Let me explain my problem in detail, from this sample xml-signature called
signature-enveloping-rsa.xml:
<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20
010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/>
<Reference URI="#object">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
ov3HOoPN0w71N3DdGNhN+dSzQm6NJFUB5qGKRp9Q986nVzMb8wCIVxCQu+x3vMtq
p4/R3KEcPtEJSaoR+thGq++GPIh2mZXyWJs3xHy9P4xmoTVwli7/l7s8ebDSmnbZ
7xZU4Iy1BSMZSxGKnRG+Z/0GJIfTz8jhH6wCe3l03L4=
</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>
q07hpxA5DGFfvJFZueFl/LI85XxQxrvqgVugL25V090A9MrlLBg5PmAsxFTe+G6a
xvWJQwYOVHj/nuiCnNLa9a7uAtPFiTtW+v5H3wlLaY3ws4atRBNOQlYkIBp38sTf
QBkk4i8PEU1GQ2M0CLIJq4/2Akfv1wxzSQ9+8oWkArc=
</Modulus>
<Exponent>
AQAB
</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
<Object Id="object">some text</Object>
</Signature>
its Reference URI is "object", so I used sha1 and base64 to calculate
<Object Id="object">some text</Object> and got:
/9WvFNJq0ILEJqk45gJOBnVEcs0=
which is different from the DigestValue: 7/XTsHaBSOnJ/jXD5v0zL6VKYsk=
Would you pleased tell me what's wrong with this DigestValue calculation?
Another question is: does the Referenced element need a Canonicalization?
For example,
Will <Object Id="object">some text</Object> digest the same value with
<Object Id="object" >some text</Object > ?
Thank you.
John
Received on Wednesday, 15 October 2003 01:48:09 UTC