- From: Rich Salz <rsalz@datapower.com>
- Date: Wed, 21 Jan 2004 20:10:01 -0500 (EST)
- To: Thomas Braun <ThoBr@t-online.de>
- Cc: "w3c-ietf-xmldsig@w3.org" <w3c-ietf-xmldsig@w3.org>
> So when there is no Transforms specified, there is actually no
> canonicalization needed?
No; Blake explained the rules in another message. They are subtle.
> Isn't
> <Object xmlns="http://www.w3.org/2000/09/xmldsig#" Id="object">some
> text</Object>
> the proper canonicalized form?
It depends; does your newline between "some" and "object" a \n or a \r or
a \r\n?
> echo -e '<Object Id="object">some text</Object>' | openssl sha1 -binary |
> openssl base64
> the result is never 7/XTsHaBSOnJ/jXD5v0zL6VKYsk=
Because C14N imports the namespaces that are in-scope, so your echo
statement is wrong. You'll have to add -- properly sorted -- xmlns
declarations for every namespace active when Object appears.
/r$
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
Received on Wednesday, 21 January 2004 20:18:50 UTC