- From: Thomas Braun <ThoBr@t-online.de>
- Date: Thu, 22 Jan 2004 01:21:42 +0100
- To: Rich Salz <rsalz@datapower.com>
- Cc: w3c-ietf-xmldsig@w3.org
> Reading that message and the followup, it wasn't clear that the original > poster was doing proper (or any) canonicalization. For example, his > Reference element didn't have a Transforms indicating c14n transformation. So when there is no Transforms specified, there is actually no canonicalization needed? > The difficult is that you cannot specify namespace prefixes on the > commandline. This might work > //*[Id='object'] Unfortunately this doesn't work - it results in an empty document. You can specify the namespace - here the two ways of using the command: ..... Usage: SerializeSubset <XPath expression> < <XML instance> Usage: SerializeSubset -xml '<foo xmlns:hoge="...">...XPath expression...</foo>' < <XML instance> ..... > You have to c14n the XML before hashing it. Isn't <Object xmlns="http://www.w3.org/2000/09/xmldsig#" Id="object">some text</Object> the proper canonicalized form? But as you say above, it's not shure that it has to be canonicalized...? It doesn't matter if I try echo -e '<Object xmlns="http://www.w3.org/2000/09/xmldsig#" Id="object">some text</Object>' | openssl sha1 -binary | openssl base64 or echo -e '<Object Id="object">some text</Object>' | openssl sha1 -binary | openssl base64 the result is never 7/XTsHaBSOnJ/jXD5v0zL6VKYsk= Thanks > > I want to explain my problems by means > > of an example, which I have found in this mailing list: > > http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2003OctDec/0014.html > > > > I want to canonicalize the same element from the same doc as the guy in > > that posting. > > Reading that message and the followup, it wasn't clear that the original > poster was doing proper (or any) canonicalization. For example, his > Reference element didn't have a Transforms indicating c14n transformation. > > > I'm using a sample-prog of the IBM XML-Security Suit > > (http://www.trl.ibm.com/projects/xml/xss4j/docs/c14n.html) to > > canonicalize a subset of a xml-doc. The command is: > > "... xpath-expression < example.xml > canonicalized.xml" > > Unfortunately, I can't figure out the proper xpath-expression to obtain > > the desired result (which means in this case "<Object > > xmlns="http://www.w3.org/2000/09/xmldsig#" Id="object">some > > text</Object>"). Could someone reveal the expression for this example to > > me? > > The difficult is that you cannot specify namespace prefixes on the > commandline. This might work > //*[Id='object'] > > > If I didn't misunderstand it, on the above mentioned desired result the > > hash and base64 should be performed. I try to do that with an > > openssl-command: echo -e '<Object xmlns= ... ' | openssl sha1 -binary | > > openssl base64 ...but the result differs from the right one given in the > > posting. So what's still wrong here? > > You have to c14n the XML before hashing it. > > Sorry, but I can't help you with your XAdES questions. > > /r$
Received on Wednesday, 21 January 2004 19:28:57 UTC