- From: Rich Salz <rsalz@datapower.com>
- Date: Wed, 21 Jan 2004 16:05:12 -0500
- To: Thomas Braun <ThoBr@t-online.de>
- Cc: w3c-ietf-xmldsig@w3.org
> I want to explain my problems by means > of an example, which I have found in this mailing list: > http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2003OctDec/0014.html > > I want to canonicalize the same element from the same doc as the guy in that > posting. Reading that message and the followup, it wasn't clear that the original poster was doing proper (or any) canonicalization. For example, his Reference element didn't have a Transforms indicating c14n transformation. > I'm using a sample-prog of the IBM XML-Security Suit > (http://www.trl.ibm.com/projects/xml/xss4j/docs/c14n.html) to canonicalize a > subset of a xml-doc. The command is: > "... xpath-expression < example.xml > canonicalized.xml" > Unfortunately, I can't figure out the proper xpath-expression to obtain the > desired result (which means in this case "<Object > xmlns="http://www.w3.org/2000/09/xmldsig#" Id="object">some > text</Object>"). Could someone reveal the expression for this example to me? The difficult is that you cannot specify namespace prefixes on the commandline. This might work //*[Id='object'] > If I didn't misunderstand it, on the above mentioned desired result the hash > and base64 should be performed. I try to do that with an openssl-command: > echo -e '<Object xmlns= ... ' | openssl sha1 -binary | openssl base64 > ...but the result differs from the right one given in the posting. So what's > still wrong here? You have to c14n the XML before hashing it. Sorry, but I can't help you with your XAdES questions. /r$ -- Rich Salz, Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
Received on Wednesday, 21 January 2004 15:56:34 UTC