RE: Calculating the DigestValue over an Object URI from Patrick Rene Guillemin on 2003-10-15 (w3c-ietf-xmldsig@w3.org from October to December 2003)

From: Patrick Rene Guillemin <Patrick.Guillemin@etsi.org>
Date: Wed, 15 Oct 2003 14:36:10 +0200
To: "John" <cmj@cht.com.tw>
Cc: <plugtests-xades@list.etsi.org>, <w3c-ietf-xmldsig@w3.org>
Message-ID: <4091553999CBE4409CC2B562152B5A3302318465@email10.etsihq.org>

Hello John,

I forward your request to our next XAdES plugtests participants
(XMLDSIG developpers and service providers)

If you think in coming too or if your curious about interop, have a look at
http://www.etsi.org/frameset/home.htm?/plugtests/02UpcomingEvents/XAdES/XAdES_home.htm

I hope you'll get an answer from TC ESI/XAdES, W3C or IETF people
Best Regards

Patrick GUILLEMIN
Plugtests Technical Coordinator
http://www.etsi.org/plugtests
tel +33(0)4 92 94 43 31
fax +33(0)4 92 38 52 31

-----Original Message-----
From: John [mailto:cmj@cht.com.tw]
Sent: 15 October 2003 07:41
To: w3c-ietf-xmldsig@w3.org
Subject: Calculating the DigestValue over an Object URI



Hello to all,
    I'm implementing a piece of code doing XMLdsig tasks and encountered a
problem.
How to calculate the DigestValue over an Object URI?
I used a sample xml-signature in XMLSec Library to test my thinking, but
found no clue for such kind of DigestValue calculation.
Let me explain my problem in detail, from this sample xml-signature called
signature-enveloping-rsa.xml:

<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20
010315" />
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/>
    <Reference URI="#object">
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
      <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
    </Reference>
  </SignedInfo>
  <SignatureValue>
    ov3HOoPN0w71N3DdGNhN+dSzQm6NJFUB5qGKRp9Q986nVzMb8wCIVxCQu+x3vMtq
    p4/R3KEcPtEJSaoR+thGq++GPIh2mZXyWJs3xHy9P4xmoTVwli7/l7s8ebDSmnbZ
    7xZU4Iy1BSMZSxGKnRG+Z/0GJIfTz8jhH6wCe3l03L4=
  </SignatureValue>
  <KeyInfo>
    <KeyValue>
      <RSAKeyValue>
        <Modulus>
          q07hpxA5DGFfvJFZueFl/LI85XxQxrvqgVugL25V090A9MrlLBg5PmAsxFTe+G6a
          xvWJQwYOVHj/nuiCnNLa9a7uAtPFiTtW+v5H3wlLaY3ws4atRBNOQlYkIBp38sTf
          QBkk4i8PEU1GQ2M0CLIJq4/2Akfv1wxzSQ9+8oWkArc=
        </Modulus>
        <Exponent>
          AQAB
        </Exponent>
      </RSAKeyValue>
    </KeyValue>
  </KeyInfo>
  <Object Id="object">some text</Object>
</Signature>

its Reference URI is "object", so I used sha1 and base64 to calculate
<Object Id="object">some text</Object> and got:
/9WvFNJq0ILEJqk45gJOBnVEcs0=
which is different from the DigestValue: 7/XTsHaBSOnJ/jXD5v0zL6VKYsk=
Would you pleased tell me what's wrong with this DigestValue calculation?

Another question is: does the Referenced element need a Canonicalization?
For example,
Will <Object Id="object">some text</Object> digest the same value with
<Object     Id="object"  >some text</Object   >  ?


Thank you.

John

Received on Wednesday, 15 October 2003 08:42:43 UTC