Re: XML Digital Signature interoperability Issue between DataPower's XS40 and .NET Framework 1.1 and WSE 1.0SP1

From: Guangxi Wu (gwu_at_ch2m.com)
Date: 02/09/04 

Date: Mon, 9 Feb 2004 10:28:18 -0800

"Jean-Marc Desperrier" <jmdesp@alussinan.org> wrote in message
news:OrP5fmy7DHA.1592@TK2MSFTNGP10.phx.gbl...
> Guangxi Wu wrote:
> [I'm trimming out sdk.security and xml.soap]
> > [...]. Here is the
> > output from the SignedXML.SignedInfo.GetXML.OuterXML method
(canonicalized
> > form?):
> >
> > <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <CanonicalizationMethod
> > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
> > <SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> > <Reference URI="#Body">
> > <Transforms>
> > <Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
> > />
> > </Transforms>
> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> > <DigestValue>U6ix8wug6U8XlJ48SDokGP6Jzys=</DigestValue>
> > </Reference>
> > </SignedInfo>
> [...]>
> > There are couple of differences in the above two SignedInfo elements:
the
> > default namespace for xmldsig, and the extra whitespace before the
closing
> > tags. However, the canonicalized elements do not have the begin/end
element
> > tags in the form of <elem>...</elem> as shown in the examples in the C14
> > spec.
>
> This is surprising.
> The normalisation from ought to be canonical c14n, not exclusive, so
> there should be more namespace than that.

That's what puzzled me too. I wonder if the SignedInfo property of the
SignedXML class really gives the fully canonicalized SignedInfo element,
although it does add the xmldsig namespace which was not there in the
original signature.

>
> And with xmlsec I do get :
> <Transform
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Transform>
> and
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>

Quantcast