Canonicalization, XAdES from Thomas Braun on 2004-01-21 (w3c-ietf-xmldsig@w3.org from January to March 2004)

From: Thomas Braun <ThoBr@t-online.de>
Date: Wed, 21 Jan 2004 21:04:05 +0100
To: w3c-ietf-xmldsig@w3.org
Message-Id: <200401212104.05490.thobr@t-online.de>

Hello,

I want to explain my problems by means
of an example, which I have found in this mailing list:
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2003OctDec/0014.html

I want to canonicalize the same element from the same doc as the guy in that
posting.
I'm using a sample-prog of the IBM XML-Security Suit
(http://www.trl.ibm.com/projects/xml/xss4j/docs/c14n.html) to canonicalize a
subset of a xml-doc. The command is:
"... xpath-expression < example.xml > canonicalized.xml"
Unfortunately, I can't figure out the proper xpath-expression to obtain the
desired result (which means in this case "<Object
xmlns="http://www.w3.org/2000/09/xmldsig#" Id="object">some
text</Object>"). Could someone reveal the expression for this example to me?

...but even if I had that result, the trouble would go on:
If I didn't misunderstand it, on the above mentioned desired result the hash
and base64 should be performed. I try to do that with an openssl-command:
echo -e '<Object xmlns= ... ' | openssl sha1 -binary | openssl base64
...but the result differs from the right one given in the posting. So what's
still wrong here?

What I want to do in the end, is to timestamp particular elements in view of
XAdES-complience... So another question is, how to
cope with multiple inputs for a hash calculation, like you find them in
XAdES-X and A. W3C says this:
http://www.w3.org/TR/XAdES/#Qualifying_properties_syntax_Auxiliary_syntax_The_TimeStampType_data_type
Could someone explain this a little more detailed... e.g. how do I get the
octet-concatenation?

And last but not least: A HashDataInfo element does not mandatorily have a
corresponding Transforms-element as a child. If there is such an element, it
also can specify a canonicalization-algorithm as transform-method. Does this
mean, that an element referenced in HashDataInfo without transform or with
another transform-method than canonicalization must not be canonicalized?

Any help is very appreciated.

Thomas

Received on Wednesday, 21 January 2004 15:04:22 UTC