You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Shyam Shukla <sh...@persistent.co.in> on 2006/12/05 14:06:10 UTC
Calculating the DigestValue over a URI
Hi All,
I am trying to figure out the way to calculate the <DigestValue> in
<Reference> tag. I went through the link http://www.w3.org/2000/09/xmldsig#
<http://www.w3.org/2000/09/xmldsig> and my findings are as below as per
this document:
For each <Reference> in the <Signature> calculate the <DigestValue> value
by:-
1. Extract the portion of the document indicated in the <Reference>.
2. Canonicalize
<mk:@MSITStore:E:\Shyam\Proserv%20Projects\Project%20Documents\UK_Gov\Portal
%20Pack2\Gateway%20Portal%20Pack%204.1.0.1%20Documentation.chm::/HTML/Concep
ts/Canonicalization.html> the extract.
3. Run the digest method referred to in <DigestMethod> over the
canonicalized extract (in this case the SHA1 digest).
4. Convert the binary digest to Base-64 and insert into <DigestValue>
My question is not about how the digest is calculated, but on what. For
example,
<Header>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Body">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue />
</Reference>
</SignedInfo>
<SignatureValue />
<KeyInfo>
<X509Data>
<X509Certificate />
</X509Data>
</KeyInfo>
</Signature>
</Header>
<Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
So as per the rule, results at each step are:
1- <Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
2- <Body Id="Body"><Timestamp>2006-May-04 20:16:21</Timestamp></Body>
3- The SHA1 on the data of step2
4- hI2M81Ns4JNPVeHVlBaxOtu8HPY=
I get "hI2M81Ns4JNPVeHVlBaxOtu8HPY=" as a DigestValue which is different
than the expected one, which is "pV9SUz/WktNbDo+R4dW9MBuWDgs=".
Can anyone please tell me what is the data here (point 1) on which the
digest is calculated?
Best Regards,
Shyam Shukla
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
RE: Calculating the DigestValue over a URI
Posted by Shyam Shukla <sh...@persistent.co.in>.
Thanks a lot Werner, I will look into the specs of c14 and source code of
xmlsec library.
I hope these investigations should resolve this issue.
Best Regards,
Shyam Shukla
_____
From: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
Sent: Wednesday, December 06, 2006 1:00 PM
To: Dittmann, Werner; Shyam Shukla ; wss4j-dev@ws.apache.org
Subject: AW: Calculating the DigestValue over a URI
Just a thought here: IMHO the result you present in step 2 is not
correct. C14n does not remove all white space character such as
NL, TAB, space, etc. The result shown in step 2 as all whitespace
characters removed. Pls check the c14n specs.
Regards,
Werner
_____
Von: Dittmann, Werner
Gesendet: Mittwoch, 6. Dezember 2006 08:19
An: Shyam Shukla ; axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Betreff: AW: Calculating the DigestValue over a URI
Yes, indeed. AFAIK there is no other detailed description, except in the
W3C specifications, that describe how to compute and handle the
various Signature values (hashes). If there is a problem, e.g. a wrong
hash value or a wrong Signature then something in the implementation
must be wrong.
WSS4J uses the xmlsec library to perform Signature handling including
all necessary canonicalization steps and creation of new elements etc.
Thus to fully understand in detail what may go wrong it is a good idea
to look at the xmlsec implementation.
Regards,
Werner
_____
Von: Shyam Shukla [mailto:shyam_shukla@persistent.co.in]
Gesendet: Mittwoch, 6. Dezember 2006 05:53
An: Dittmann, Werner; axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Betreff: RE: Calculating the DigestValue over a URI
Werner,
You meant I should look at the source code of xmlsec library??
Best Regards,
Shyam Shukla
_____
From: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
Sent: Tuesday, December 05, 2006 7:36 PM
To: Shyam Shukla ; axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Subject: AW: Calculating the DigestValue over a URI
Well, "use the source" :-)
The computation of all these digests are part of the xmlsec library.
Regards,
Werner
_____
Von: Shyam Shukla [mailto:shyam_shukla@persistent.co.in]
Gesendet: Dienstag, 5. Dezember 2006 14:06
An: axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Betreff: Calculating the DigestValue over a URI
Hi All,
I am trying to figure out the way to calculate the <DigestValue> in
<Reference> tag. I went through the link http://www.w3.org/2000/09/xmldsig#
<http://www.w3.org/2000/09/xmldsig> and my findings are as below as per
this document:
For each <Reference> in the <Signature> calculate the <DigestValue> value
by:-
1. Extract the portion of the document indicated in the <Reference>.
2. Canonicalize
<mk:@MSITStore:E:\Shyam\Proserv%20Projects\Project%20Documents\UK_Gov\Portal
%20Pack2\Gateway%20Portal%20Pack%204.1.0.1%20Documentation.chm::/HTML/Concep
ts/Canonicalization.html> the extract.
3. Run the digest method referred to in <DigestMethod> over the
canonicalized extract (in this case the SHA1 digest).
4. Convert the binary digest to Base-64 and insert into <DigestValue>
My question is not about how the digest is calculated, but on what. For
example,
<Header>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Body">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue />
</Reference>
</SignedInfo>
<SignatureValue />
<KeyInfo>
<X509Data>
<X509Certificate />
</X509Data>
</KeyInfo>
</Signature>
</Header>
<Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
So as per the rule, results at each step are:
1- <Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
2- <Body Id="Body"><Timestamp>2006-May-04 20:16:21</Timestamp></Body>
3- The SHA1 on the data of step2
4- hI2M81Ns4JNPVeHVlBaxOtu8HPY=
I get "hI2M81Ns4JNPVeHVlBaxOtu8HPY=" as a DigestValue which is different
than the expected one, which is "pV9SUz/WktNbDo+R4dW9MBuWDgs=".
Can anyone please tell me what is the data here (point 1) on which the
digest is calculated?
Best Regards,
Shyam Shukla
DISCLAIMER ========== This e-mail may contain privileged and confidential
information which is the property of Persistent Systems Pvt. Ltd. It is
intended only for the use of the individual or entity to which it is
addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have
received this communication in error, please notify the sender and delete
all copies of this message. Persistent Systems Pvt. Ltd. does not accept any
liability for virus infected mails.
DISCLAIMER ========== This e-mail may contain privileged and confidential
information which is the property of Persistent Systems Pvt. Ltd. It is
intended only for the use of the individual or entity to which it is
addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have
received this communication in error, please notify the sender and delete
all copies of this message. Persistent Systems Pvt. Ltd. does not accept any
liability for virus infected mails.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
RE: Calculating the DigestValue over a URI
Posted by Shyam Shukla <sh...@persistent.co.in>.
Thanks a lot Werner, I will look into the specs of c14 and source code of
xmlsec library.
I hope these investigations should resolve this issue.
Best Regards,
Shyam Shukla
_____
From: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
Sent: Wednesday, December 06, 2006 1:00 PM
To: Dittmann, Werner; Shyam Shukla ; wss4j-dev@ws.apache.org
Subject: AW: Calculating the DigestValue over a URI
Just a thought here: IMHO the result you present in step 2 is not
correct. C14n does not remove all white space character such as
NL, TAB, space, etc. The result shown in step 2 as all whitespace
characters removed. Pls check the c14n specs.
Regards,
Werner
_____
Von: Dittmann, Werner
Gesendet: Mittwoch, 6. Dezember 2006 08:19
An: Shyam Shukla ; axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Betreff: AW: Calculating the DigestValue over a URI
Yes, indeed. AFAIK there is no other detailed description, except in the
W3C specifications, that describe how to compute and handle the
various Signature values (hashes). If there is a problem, e.g. a wrong
hash value or a wrong Signature then something in the implementation
must be wrong.
WSS4J uses the xmlsec library to perform Signature handling including
all necessary canonicalization steps and creation of new elements etc.
Thus to fully understand in detail what may go wrong it is a good idea
to look at the xmlsec implementation.
Regards,
Werner
_____
Von: Shyam Shukla [mailto:shyam_shukla@persistent.co.in]
Gesendet: Mittwoch, 6. Dezember 2006 05:53
An: Dittmann, Werner; axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Betreff: RE: Calculating the DigestValue over a URI
Werner,
You meant I should look at the source code of xmlsec library??
Best Regards,
Shyam Shukla
_____
From: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
Sent: Tuesday, December 05, 2006 7:36 PM
To: Shyam Shukla ; axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Subject: AW: Calculating the DigestValue over a URI
Well, "use the source" :-)
The computation of all these digests are part of the xmlsec library.
Regards,
Werner
_____
Von: Shyam Shukla [mailto:shyam_shukla@persistent.co.in]
Gesendet: Dienstag, 5. Dezember 2006 14:06
An: axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Betreff: Calculating the DigestValue over a URI
Hi All,
I am trying to figure out the way to calculate the <DigestValue> in
<Reference> tag. I went through the link http://www.w3.org/2000/09/xmldsig#
<http://www.w3.org/2000/09/xmldsig> and my findings are as below as per
this document:
For each <Reference> in the <Signature> calculate the <DigestValue> value
by:-
1. Extract the portion of the document indicated in the <Reference>.
2. Canonicalize
<mk:@MSITStore:E:\Shyam\Proserv%20Projects\Project%20Documents\UK_Gov\Portal
%20Pack2\Gateway%20Portal%20Pack%204.1.0.1%20Documentation.chm::/HTML/Concep
ts/Canonicalization.html> the extract.
3. Run the digest method referred to in <DigestMethod> over the
canonicalized extract (in this case the SHA1 digest).
4. Convert the binary digest to Base-64 and insert into <DigestValue>
My question is not about how the digest is calculated, but on what. For
example,
<Header>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Body">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue />
</Reference>
</SignedInfo>
<SignatureValue />
<KeyInfo>
<X509Data>
<X509Certificate />
</X509Data>
</KeyInfo>
</Signature>
</Header>
<Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
So as per the rule, results at each step are:
1- <Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
2- <Body Id="Body"><Timestamp>2006-May-04 20:16:21</Timestamp></Body>
3- The SHA1 on the data of step2
4- hI2M81Ns4JNPVeHVlBaxOtu8HPY=
I get "hI2M81Ns4JNPVeHVlBaxOtu8HPY=" as a DigestValue which is different
than the expected one, which is "pV9SUz/WktNbDo+R4dW9MBuWDgs=".
Can anyone please tell me what is the data here (point 1) on which the
digest is calculated?
Best Regards,
Shyam Shukla
DISCLAIMER ========== This e-mail may contain privileged and confidential
information which is the property of Persistent Systems Pvt. Ltd. It is
intended only for the use of the individual or entity to which it is
addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have
received this communication in error, please notify the sender and delete
all copies of this message. Persistent Systems Pvt. Ltd. does not accept any
liability for virus infected mails.
DISCLAIMER ========== This e-mail may contain privileged and confidential
information which is the property of Persistent Systems Pvt. Ltd. It is
intended only for the use of the individual or entity to which it is
addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have
received this communication in error, please notify the sender and delete
all copies of this message. Persistent Systems Pvt. Ltd. does not accept any
liability for virus infected mails.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
AW: Calculating the DigestValue over a URI
Posted by "Dittmann, Werner" <we...@siemens.com>.
Just a thought here: IMHO the result you present in step 2 is not
correct. C14n does not remove all white space character such as
NL, TAB, space, etc. The result shown in step 2 as all whitespace
characters removed. Pls check the c14n specs.
Regards,
Werner
________________________________
Von: Dittmann, Werner
Gesendet: Mittwoch, 6. Dezember 2006 08:19
An: Shyam Shukla ; axis-dev@ws.apache.org;
wss4j-dev@ws.apache.org
Betreff: AW: Calculating the DigestValue over a URI
Yes, indeed. AFAIK there is no other detailed description,
except in the
W3C specifications, that describe how to compute and handle the
various Signature values (hashes). If there is a problem, e.g. a
wrong
hash value or a wrong Signature then something in the
implementation
must be wrong.
WSS4J uses the xmlsec library to perform Signature handling
including
all necessary canonicalization steps and creation of new
elements etc.
Thus to fully understand in detail what may go wrong it is a
good idea
to look at the xmlsec implementation.
Regards,
Werner
________________________________
Von: Shyam Shukla [mailto:shyam_shukla@persistent.co.in]
Gesendet: Mittwoch, 6. Dezember 2006 05:53
An: Dittmann, Werner; axis-dev@ws.apache.org;
wss4j-dev@ws.apache.org
Betreff: RE: Calculating the DigestValue over a URI
Werner,
You meant I should look at the source code of xmlsec
library??
Best Regards,
Shyam Shukla
________________________________
From: Dittmann, Werner
[mailto:werner.dittmann@siemens.com]
Sent: Tuesday, December 05, 2006 7:36 PM
To: Shyam Shukla ; axis-dev@ws.apache.org;
wss4j-dev@ws.apache.org
Subject: AW: Calculating the DigestValue over a URI
Well, "use the source" :-)
The computation of all these digests are part of the
xmlsec library.
Regards,
Werner
________________________________
Von: Shyam Shukla
[mailto:shyam_shukla@persistent.co.in]
Gesendet: Dienstag, 5. Dezember 2006 14:06
An: axis-dev@ws.apache.org;
wss4j-dev@ws.apache.org
Betreff: Calculating the DigestValue over a URI
Hi All,
I am trying to figure out the way to calculate
the <DigestValue> in <Reference> tag. I went through the link
http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig>
and my findings are as below as per this document:
For each <Reference> in the <Signature>
calculate the <DigestValue> value by:-
1. Extract the portion of the document
indicated in the <Reference>.
2. Canonicalize
<mk:@MSITStore:E:\Shyam\Proserv%20Projects\Project%20Documents\UK_Gov\Po
rtal%20Pack2\Gateway%20Portal%20Pack%204.1.0.1%20Documentation.chm::/HTM
L/Concepts/Canonicalization.html> the extract.
3. Run the digest method referred to in
<DigestMethod> over the canonicalized extract (in this case the SHA1
digest).
4. Convert the binary digest to Base-64 and
insert into <DigestValue>
My question is not about how the digest is
calculated, but on what. For example,
<Header>
<Signature
xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Body">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue />
</Reference>
</SignedInfo>
<SignatureValue />
<KeyInfo>
<X509Data>
<X509Certificate />
</X509Data>
</KeyInfo>
</Signature>
</Header>
<Body Id="Body">
<Timestamp>2006-May-04
20:16:21</Timestamp>
</Body>
So as per the rule, results at each step are:
1- <Body Id="Body">
<Timestamp>2006-May-04
20:16:21</Timestamp>
</Body>
2- <Body Id="Body"><Timestamp>2006-May-04
20:16:21</Timestamp></Body>
3- The SHA1 on the data of step2
4- hI2M81Ns4JNPVeHVlBaxOtu8HPY=
I get "hI2M81Ns4JNPVeHVlBaxOtu8HPY=" as a
DigestValue which is different than the expected one, which is
"pV9SUz/WktNbDo+R4dW9MBuWDgs=".
Can anyone please tell me what is the data here
(point 1) on which the digest is calculated?
Best Regards,
Shyam Shukla
DISCLAIMER ========== This e-mail may contain
privileged and confidential information which is the property of
Persistent Systems Pvt. Ltd. It is intended only for the use of the
individual or entity to which it is addressed. If you are not the
intended recipient, you are not authorized to read, retain, copy, print,
distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this
message. Persistent Systems Pvt. Ltd. does not accept any liability for
virus infected mails.
DISCLAIMER ========== This e-mail may contain privileged
and confidential information which is the property of Persistent Systems
Pvt. Ltd. It is intended only for the use of the individual or entity to
which it is addressed. If you are not the intended recipient, you are
not authorized to read, retain, copy, print, distribute or use this
message. If you have received this communication in error, please notify
the sender and delete all copies of this message. Persistent Systems
Pvt. Ltd. does not accept any liability for virus infected mails.
AW: Calculating the DigestValue over a URI
Posted by "Dittmann, Werner" <we...@siemens.com>.
Just a thought here: IMHO the result you present in step 2 is not
correct. C14n does not remove all white space character such as
NL, TAB, space, etc. The result shown in step 2 as all whitespace
characters removed. Pls check the c14n specs.
Regards,
Werner
________________________________
Von: Dittmann, Werner
Gesendet: Mittwoch, 6. Dezember 2006 08:19
An: Shyam Shukla ; axis-dev@ws.apache.org;
wss4j-dev@ws.apache.org
Betreff: AW: Calculating the DigestValue over a URI
Yes, indeed. AFAIK there is no other detailed description,
except in the
W3C specifications, that describe how to compute and handle the
various Signature values (hashes). If there is a problem, e.g. a
wrong
hash value or a wrong Signature then something in the
implementation
must be wrong.
WSS4J uses the xmlsec library to perform Signature handling
including
all necessary canonicalization steps and creation of new
elements etc.
Thus to fully understand in detail what may go wrong it is a
good idea
to look at the xmlsec implementation.
Regards,
Werner
________________________________
Von: Shyam Shukla [mailto:shyam_shukla@persistent.co.in]
Gesendet: Mittwoch, 6. Dezember 2006 05:53
An: Dittmann, Werner; axis-dev@ws.apache.org;
wss4j-dev@ws.apache.org
Betreff: RE: Calculating the DigestValue over a URI
Werner,
You meant I should look at the source code of xmlsec
library??
Best Regards,
Shyam Shukla
________________________________
From: Dittmann, Werner
[mailto:werner.dittmann@siemens.com]
Sent: Tuesday, December 05, 2006 7:36 PM
To: Shyam Shukla ; axis-dev@ws.apache.org;
wss4j-dev@ws.apache.org
Subject: AW: Calculating the DigestValue over a URI
Well, "use the source" :-)
The computation of all these digests are part of the
xmlsec library.
Regards,
Werner
________________________________
Von: Shyam Shukla
[mailto:shyam_shukla@persistent.co.in]
Gesendet: Dienstag, 5. Dezember 2006 14:06
An: axis-dev@ws.apache.org;
wss4j-dev@ws.apache.org
Betreff: Calculating the DigestValue over a URI
Hi All,
I am trying to figure out the way to calculate
the <DigestValue> in <Reference> tag. I went through the link
http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig>
and my findings are as below as per this document:
For each <Reference> in the <Signature>
calculate the <DigestValue> value by:-
1. Extract the portion of the document
indicated in the <Reference>.
2. Canonicalize
<mk:@MSITStore:E:\Shyam\Proserv%20Projects\Project%20Documents\UK_Gov\Po
rtal%20Pack2\Gateway%20Portal%20Pack%204.1.0.1%20Documentation.chm::/HTM
L/Concepts/Canonicalization.html> the extract.
3. Run the digest method referred to in
<DigestMethod> over the canonicalized extract (in this case the SHA1
digest).
4. Convert the binary digest to Base-64 and
insert into <DigestValue>
My question is not about how the digest is
calculated, but on what. For example,
<Header>
<Signature
xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Body">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue />
</Reference>
</SignedInfo>
<SignatureValue />
<KeyInfo>
<X509Data>
<X509Certificate />
</X509Data>
</KeyInfo>
</Signature>
</Header>
<Body Id="Body">
<Timestamp>2006-May-04
20:16:21</Timestamp>
</Body>
So as per the rule, results at each step are:
1- <Body Id="Body">
<Timestamp>2006-May-04
20:16:21</Timestamp>
</Body>
2- <Body Id="Body"><Timestamp>2006-May-04
20:16:21</Timestamp></Body>
3- The SHA1 on the data of step2
4- hI2M81Ns4JNPVeHVlBaxOtu8HPY=
I get "hI2M81Ns4JNPVeHVlBaxOtu8HPY=" as a
DigestValue which is different than the expected one, which is
"pV9SUz/WktNbDo+R4dW9MBuWDgs=".
Can anyone please tell me what is the data here
(point 1) on which the digest is calculated?
Best Regards,
Shyam Shukla
DISCLAIMER ========== This e-mail may contain
privileged and confidential information which is the property of
Persistent Systems Pvt. Ltd. It is intended only for the use of the
individual or entity to which it is addressed. If you are not the
intended recipient, you are not authorized to read, retain, copy, print,
distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this
message. Persistent Systems Pvt. Ltd. does not accept any liability for
virus infected mails.
DISCLAIMER ========== This e-mail may contain privileged
and confidential information which is the property of Persistent Systems
Pvt. Ltd. It is intended only for the use of the individual or entity to
which it is addressed. If you are not the intended recipient, you are
not authorized to read, retain, copy, print, distribute or use this
message. If you have received this communication in error, please notify
the sender and delete all copies of this message. Persistent Systems
Pvt. Ltd. does not accept any liability for virus infected mails.
AW: Calculating the DigestValue over a URI
Posted by "Dittmann, Werner" <we...@siemens.com>.
Yes, indeed. AFAIK there is no other detailed description, except in the
W3C specifications, that describe how to compute and handle the
various Signature values (hashes). If there is a problem, e.g. a wrong
hash value or a wrong Signature then something in the implementation
must be wrong.
WSS4J uses the xmlsec library to perform Signature handling including
all necessary canonicalization steps and creation of new elements etc.
Thus to fully understand in detail what may go wrong it is a good idea
to look at the xmlsec implementation.
Regards,
Werner
________________________________
Von: Shyam Shukla [mailto:shyam_shukla@persistent.co.in]
Gesendet: Mittwoch, 6. Dezember 2006 05:53
An: Dittmann, Werner; axis-dev@ws.apache.org;
wss4j-dev@ws.apache.org
Betreff: RE: Calculating the DigestValue over a URI
Werner,
You meant I should look at the source code of xmlsec library??
Best Regards,
Shyam Shukla
________________________________
From: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
Sent: Tuesday, December 05, 2006 7:36 PM
To: Shyam Shukla ; axis-dev@ws.apache.org;
wss4j-dev@ws.apache.org
Subject: AW: Calculating the DigestValue over a URI
Well, "use the source" :-)
The computation of all these digests are part of the xmlsec
library.
Regards,
Werner
________________________________
Von: Shyam Shukla [mailto:shyam_shukla@persistent.co.in]
Gesendet: Dienstag, 5. Dezember 2006 14:06
An: axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Betreff: Calculating the DigestValue over a URI
Hi All,
I am trying to figure out the way to calculate the
<DigestValue> in <Reference> tag. I went through the link
http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig>
and my findings are as below as per this document:
For each <Reference> in the <Signature> calculate the
<DigestValue> value by:-
1. Extract the portion of the document indicated in
the <Reference>.
2. Canonicalize
<mk:@MSITStore:E:\Shyam\Proserv%20Projects\Project%20Documents\UK_Gov\Po
rtal%20Pack2\Gateway%20Portal%20Pack%204.1.0.1%20Documentation.chm::/HTM
L/Concepts/Canonicalization.html> the extract.
3. Run the digest method referred to in
<DigestMethod> over the canonicalized extract (in this case the SHA1
digest).
4. Convert the binary digest to Base-64 and insert
into <DigestValue>
My question is not about how the digest is calculated,
but on what. For example,
<Header>
<Signature
xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Body">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue />
</Reference>
</SignedInfo>
<SignatureValue />
<KeyInfo>
<X509Data>
<X509Certificate />
</X509Data>
</KeyInfo>
</Signature>
</Header>
<Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
So as per the rule, results at each step are:
1- <Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
2- <Body Id="Body"><Timestamp>2006-May-04
20:16:21</Timestamp></Body>
3- The SHA1 on the data of step2
4- hI2M81Ns4JNPVeHVlBaxOtu8HPY=
I get "hI2M81Ns4JNPVeHVlBaxOtu8HPY=" as a DigestValue
which is different than the expected one, which is
"pV9SUz/WktNbDo+R4dW9MBuWDgs=".
Can anyone please tell me what is the data here (point
1) on which the digest is calculated?
Best Regards,
Shyam Shukla
DISCLAIMER ========== This e-mail may contain privileged
and confidential information which is the property of Persistent Systems
Pvt. Ltd. It is intended only for the use of the individual or entity to
which it is addressed. If you are not the intended recipient, you are
not authorized to read, retain, copy, print, distribute or use this
message. If you have received this communication in error, please notify
the sender and delete all copies of this message. Persistent Systems
Pvt. Ltd. does not accept any liability for virus infected mails.
DISCLAIMER ========== This e-mail may contain privileged and
confidential information which is the property of Persistent Systems
Pvt. Ltd. It is intended only for the use of the individual or entity to
which it is addressed. If you are not the intended recipient, you are
not authorized to read, retain, copy, print, distribute or use this
message. If you have received this communication in error, please notify
the sender and delete all copies of this message. Persistent Systems
Pvt. Ltd. does not accept any liability for virus infected mails.
AW: Calculating the DigestValue over a URI
Posted by "Dittmann, Werner" <we...@siemens.com>.
Yes, indeed. AFAIK there is no other detailed description, except in the
W3C specifications, that describe how to compute and handle the
various Signature values (hashes). If there is a problem, e.g. a wrong
hash value or a wrong Signature then something in the implementation
must be wrong.
WSS4J uses the xmlsec library to perform Signature handling including
all necessary canonicalization steps and creation of new elements etc.
Thus to fully understand in detail what may go wrong it is a good idea
to look at the xmlsec implementation.
Regards,
Werner
________________________________
Von: Shyam Shukla [mailto:shyam_shukla@persistent.co.in]
Gesendet: Mittwoch, 6. Dezember 2006 05:53
An: Dittmann, Werner; axis-dev@ws.apache.org;
wss4j-dev@ws.apache.org
Betreff: RE: Calculating the DigestValue over a URI
Werner,
You meant I should look at the source code of xmlsec library??
Best Regards,
Shyam Shukla
________________________________
From: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
Sent: Tuesday, December 05, 2006 7:36 PM
To: Shyam Shukla ; axis-dev@ws.apache.org;
wss4j-dev@ws.apache.org
Subject: AW: Calculating the DigestValue over a URI
Well, "use the source" :-)
The computation of all these digests are part of the xmlsec
library.
Regards,
Werner
________________________________
Von: Shyam Shukla [mailto:shyam_shukla@persistent.co.in]
Gesendet: Dienstag, 5. Dezember 2006 14:06
An: axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Betreff: Calculating the DigestValue over a URI
Hi All,
I am trying to figure out the way to calculate the
<DigestValue> in <Reference> tag. I went through the link
http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig>
and my findings are as below as per this document:
For each <Reference> in the <Signature> calculate the
<DigestValue> value by:-
1. Extract the portion of the document indicated in
the <Reference>.
2. Canonicalize
<mk:@MSITStore:E:\Shyam\Proserv%20Projects\Project%20Documents\UK_Gov\Po
rtal%20Pack2\Gateway%20Portal%20Pack%204.1.0.1%20Documentation.chm::/HTM
L/Concepts/Canonicalization.html> the extract.
3. Run the digest method referred to in
<DigestMethod> over the canonicalized extract (in this case the SHA1
digest).
4. Convert the binary digest to Base-64 and insert
into <DigestValue>
My question is not about how the digest is calculated,
but on what. For example,
<Header>
<Signature
xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Body">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue />
</Reference>
</SignedInfo>
<SignatureValue />
<KeyInfo>
<X509Data>
<X509Certificate />
</X509Data>
</KeyInfo>
</Signature>
</Header>
<Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
So as per the rule, results at each step are:
1- <Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
2- <Body Id="Body"><Timestamp>2006-May-04
20:16:21</Timestamp></Body>
3- The SHA1 on the data of step2
4- hI2M81Ns4JNPVeHVlBaxOtu8HPY=
I get "hI2M81Ns4JNPVeHVlBaxOtu8HPY=" as a DigestValue
which is different than the expected one, which is
"pV9SUz/WktNbDo+R4dW9MBuWDgs=".
Can anyone please tell me what is the data here (point
1) on which the digest is calculated?
Best Regards,
Shyam Shukla
DISCLAIMER ========== This e-mail may contain privileged
and confidential information which is the property of Persistent Systems
Pvt. Ltd. It is intended only for the use of the individual or entity to
which it is addressed. If you are not the intended recipient, you are
not authorized to read, retain, copy, print, distribute or use this
message. If you have received this communication in error, please notify
the sender and delete all copies of this message. Persistent Systems
Pvt. Ltd. does not accept any liability for virus infected mails.
DISCLAIMER ========== This e-mail may contain privileged and
confidential information which is the property of Persistent Systems
Pvt. Ltd. It is intended only for the use of the individual or entity to
which it is addressed. If you are not the intended recipient, you are
not authorized to read, retain, copy, print, distribute or use this
message. If you have received this communication in error, please notify
the sender and delete all copies of this message. Persistent Systems
Pvt. Ltd. does not accept any liability for virus infected mails.
RE: Calculating the DigestValue over a URI
Posted by Shyam Shukla <sh...@persistent.co.in>.
Werner,
You meant I should look at the source code of xmlsec library??
Best Regards,
Shyam Shukla
_____
From: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
Sent: Tuesday, December 05, 2006 7:36 PM
To: Shyam Shukla ; axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Subject: AW: Calculating the DigestValue over a URI
Well, "use the source" :-)
The computation of all these digests are part of the xmlsec library.
Regards,
Werner
_____
Von: Shyam Shukla [mailto:shyam_shukla@persistent.co.in]
Gesendet: Dienstag, 5. Dezember 2006 14:06
An: axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Betreff: Calculating the DigestValue over a URI
Hi All,
I am trying to figure out the way to calculate the <DigestValue> in
<Reference> tag. I went through the link http://www.w3.org/2000/09/xmldsig#
<http://www.w3.org/2000/09/xmldsig> and my findings are as below as per
this document:
For each <Reference> in the <Signature> calculate the <DigestValue> value
by:-
1. Extract the portion of the document indicated in the <Reference>.
2. Canonicalize
<mk:@MSITStore:E:\Shyam\Proserv%20Projects\Project%20Documents\UK_Gov\Portal
%20Pack2\Gateway%20Portal%20Pack%204.1.0.1%20Documentation.chm::/HTML/Concep
ts/Canonicalization.html> the extract.
3. Run the digest method referred to in <DigestMethod> over the
canonicalized extract (in this case the SHA1 digest).
4. Convert the binary digest to Base-64 and insert into <DigestValue>
My question is not about how the digest is calculated, but on what. For
example,
<Header>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Body">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue />
</Reference>
</SignedInfo>
<SignatureValue />
<KeyInfo>
<X509Data>
<X509Certificate />
</X509Data>
</KeyInfo>
</Signature>
</Header>
<Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
So as per the rule, results at each step are:
1- <Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
2- <Body Id="Body"><Timestamp>2006-May-04 20:16:21</Timestamp></Body>
3- The SHA1 on the data of step2
4- hI2M81Ns4JNPVeHVlBaxOtu8HPY=
I get "hI2M81Ns4JNPVeHVlBaxOtu8HPY=" as a DigestValue which is different
than the expected one, which is "pV9SUz/WktNbDo+R4dW9MBuWDgs=".
Can anyone please tell me what is the data here (point 1) on which the
digest is calculated?
Best Regards,
Shyam Shukla
DISCLAIMER ========== This e-mail may contain privileged and confidential
information which is the property of Persistent Systems Pvt. Ltd. It is
intended only for the use of the individual or entity to which it is
addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have
received this communication in error, please notify the sender and delete
all copies of this message. Persistent Systems Pvt. Ltd. does not accept any
liability for virus infected mails.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
RE: Calculating the DigestValue over a URI
Posted by Shyam Shukla <sh...@persistent.co.in>.
Werner,
You meant I should look at the source code of xmlsec library??
Best Regards,
Shyam Shukla
_____
From: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
Sent: Tuesday, December 05, 2006 7:36 PM
To: Shyam Shukla ; axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Subject: AW: Calculating the DigestValue over a URI
Well, "use the source" :-)
The computation of all these digests are part of the xmlsec library.
Regards,
Werner
_____
Von: Shyam Shukla [mailto:shyam_shukla@persistent.co.in]
Gesendet: Dienstag, 5. Dezember 2006 14:06
An: axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Betreff: Calculating the DigestValue over a URI
Hi All,
I am trying to figure out the way to calculate the <DigestValue> in
<Reference> tag. I went through the link http://www.w3.org/2000/09/xmldsig#
<http://www.w3.org/2000/09/xmldsig> and my findings are as below as per
this document:
For each <Reference> in the <Signature> calculate the <DigestValue> value
by:-
1. Extract the portion of the document indicated in the <Reference>.
2. Canonicalize
<mk:@MSITStore:E:\Shyam\Proserv%20Projects\Project%20Documents\UK_Gov\Portal
%20Pack2\Gateway%20Portal%20Pack%204.1.0.1%20Documentation.chm::/HTML/Concep
ts/Canonicalization.html> the extract.
3. Run the digest method referred to in <DigestMethod> over the
canonicalized extract (in this case the SHA1 digest).
4. Convert the binary digest to Base-64 and insert into <DigestValue>
My question is not about how the digest is calculated, but on what. For
example,
<Header>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Body">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue />
</Reference>
</SignedInfo>
<SignatureValue />
<KeyInfo>
<X509Data>
<X509Certificate />
</X509Data>
</KeyInfo>
</Signature>
</Header>
<Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
So as per the rule, results at each step are:
1- <Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
2- <Body Id="Body"><Timestamp>2006-May-04 20:16:21</Timestamp></Body>
3- The SHA1 on the data of step2
4- hI2M81Ns4JNPVeHVlBaxOtu8HPY=
I get "hI2M81Ns4JNPVeHVlBaxOtu8HPY=" as a DigestValue which is different
than the expected one, which is "pV9SUz/WktNbDo+R4dW9MBuWDgs=".
Can anyone please tell me what is the data here (point 1) on which the
digest is calculated?
Best Regards,
Shyam Shukla
DISCLAIMER ========== This e-mail may contain privileged and confidential
information which is the property of Persistent Systems Pvt. Ltd. It is
intended only for the use of the individual or entity to which it is
addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have
received this communication in error, please notify the sender and delete
all copies of this message. Persistent Systems Pvt. Ltd. does not accept any
liability for virus infected mails.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
RE: Calculating the DigestValue over a URI
Posted by Shyam Shukla <sh...@persistent.co.in>.
Werner,
You meant I should look at the source code of xmlsec library??
Best Regards,
Shyam Shukla
_____
From: Dittmann, Werner [mailto:werner.dittmann@siemens.com]
Sent: Tuesday, December 05, 2006 7:36 PM
To: Shyam Shukla ; axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Subject: AW: Calculating the DigestValue over a URI
Well, "use the source" :-)
The computation of all these digests are part of the xmlsec library.
Regards,
Werner
_____
Von: Shyam Shukla [mailto:shyam_shukla@persistent.co.in]
Gesendet: Dienstag, 5. Dezember 2006 14:06
An: axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Betreff: Calculating the DigestValue over a URI
Hi All,
I am trying to figure out the way to calculate the <DigestValue> in
<Reference> tag. I went through the link http://www.w3.org/2000/09/xmldsig#
<http://www.w3.org/2000/09/xmldsig> and my findings are as below as per
this document:
For each <Reference> in the <Signature> calculate the <DigestValue> value
by:-
1. Extract the portion of the document indicated in the <Reference>.
2. Canonicalize
<mk:@MSITStore:E:\Shyam\Proserv%20Projects\Project%20Documents\UK_Gov\Portal
%20Pack2\Gateway%20Portal%20Pack%204.1.0.1%20Documentation.chm::/HTML/Concep
ts/Canonicalization.html> the extract.
3. Run the digest method referred to in <DigestMethod> over the
canonicalized extract (in this case the SHA1 digest).
4. Convert the binary digest to Base-64 and insert into <DigestValue>
My question is not about how the digest is calculated, but on what. For
example,
<Header>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Body">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue />
</Reference>
</SignedInfo>
<SignatureValue />
<KeyInfo>
<X509Data>
<X509Certificate />
</X509Data>
</KeyInfo>
</Signature>
</Header>
<Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
So as per the rule, results at each step are:
1- <Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
2- <Body Id="Body"><Timestamp>2006-May-04 20:16:21</Timestamp></Body>
3- The SHA1 on the data of step2
4- hI2M81Ns4JNPVeHVlBaxOtu8HPY=
I get "hI2M81Ns4JNPVeHVlBaxOtu8HPY=" as a DigestValue which is different
than the expected one, which is "pV9SUz/WktNbDo+R4dW9MBuWDgs=".
Can anyone please tell me what is the data here (point 1) on which the
digest is calculated?
Best Regards,
Shyam Shukla
DISCLAIMER ========== This e-mail may contain privileged and confidential
information which is the property of Persistent Systems Pvt. Ltd. It is
intended only for the use of the individual or entity to which it is
addressed. If you are not the intended recipient, you are not authorized to
read, retain, copy, print, distribute or use this message. If you have
received this communication in error, please notify the sender and delete
all copies of this message. Persistent Systems Pvt. Ltd. does not accept any
liability for virus infected mails.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
AW: Calculating the DigestValue over a URI
Posted by "Dittmann, Werner" <we...@siemens.com>.
Well, "use the source" :-)
The computation of all these digests are part of the xmlsec library.
Regards,
Werner
________________________________
Von: Shyam Shukla [mailto:shyam_shukla@persistent.co.in]
Gesendet: Dienstag, 5. Dezember 2006 14:06
An: axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Betreff: Calculating the DigestValue over a URI
Hi All,
I am trying to figure out the way to calculate the <DigestValue>
in <Reference> tag. I went through the link
http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig>
and my findings are as below as per this document:
For each <Reference> in the <Signature> calculate the
<DigestValue> value by:-
1. Extract the portion of the document indicated in the
<Reference>.
2. Canonicalize
<mk:@MSITStore:E:\Shyam\Proserv%20Projects\Project%20Documents\UK_Gov\Po
rtal%20Pack2\Gateway%20Portal%20Pack%204.1.0.1%20Documentation.chm::/HTM
L/Concepts/Canonicalization.html> the extract.
3. Run the digest method referred to in <DigestMethod> over
the canonicalized extract (in this case the SHA1 digest).
4. Convert the binary digest to Base-64 and insert into
<DigestValue>
My question is not about how the digest is calculated, but on
what. For example,
<Header>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Body">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue />
</Reference>
</SignedInfo>
<SignatureValue />
<KeyInfo>
<X509Data>
<X509Certificate />
</X509Data>
</KeyInfo>
</Signature>
</Header>
<Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
So as per the rule, results at each step are:
1- <Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
2- <Body Id="Body"><Timestamp>2006-May-04
20:16:21</Timestamp></Body>
3- The SHA1 on the data of step2
4- hI2M81Ns4JNPVeHVlBaxOtu8HPY=
I get "hI2M81Ns4JNPVeHVlBaxOtu8HPY=" as a DigestValue which is
different than the expected one, which is
"pV9SUz/WktNbDo+R4dW9MBuWDgs=".
Can anyone please tell me what is the data here (point 1) on
which the digest is calculated?
Best Regards,
Shyam Shukla
DISCLAIMER ========== This e-mail may contain privileged and
confidential information which is the property of Persistent Systems
Pvt. Ltd. It is intended only for the use of the individual or entity to
which it is addressed. If you are not the intended recipient, you are
not authorized to read, retain, copy, print, distribute or use this
message. If you have received this communication in error, please notify
the sender and delete all copies of this message. Persistent Systems
Pvt. Ltd. does not accept any liability for virus infected mails.
AW: Calculating the DigestValue over a URI
Posted by "Dittmann, Werner" <we...@siemens.com>.
Well, "use the source" :-)
The computation of all these digests are part of the xmlsec library.
Regards,
Werner
________________________________
Von: Shyam Shukla [mailto:shyam_shukla@persistent.co.in]
Gesendet: Dienstag, 5. Dezember 2006 14:06
An: axis-dev@ws.apache.org; wss4j-dev@ws.apache.org
Betreff: Calculating the DigestValue over a URI
Hi All,
I am trying to figure out the way to calculate the <DigestValue>
in <Reference> tag. I went through the link
http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig>
and my findings are as below as per this document:
For each <Reference> in the <Signature> calculate the
<DigestValue> value by:-
1. Extract the portion of the document indicated in the
<Reference>.
2. Canonicalize
<mk:@MSITStore:E:\Shyam\Proserv%20Projects\Project%20Documents\UK_Gov\Po
rtal%20Pack2\Gateway%20Portal%20Pack%204.1.0.1%20Documentation.chm::/HTM
L/Concepts/Canonicalization.html> the extract.
3. Run the digest method referred to in <DigestMethod> over
the canonicalized extract (in this case the SHA1 digest).
4. Convert the binary digest to Base-64 and insert into
<DigestValue>
My question is not about how the digest is calculated, but on
what. For example,
<Header>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#Body">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue />
</Reference>
</SignedInfo>
<SignatureValue />
<KeyInfo>
<X509Data>
<X509Certificate />
</X509Data>
</KeyInfo>
</Signature>
</Header>
<Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
So as per the rule, results at each step are:
1- <Body Id="Body">
<Timestamp>2006-May-04 20:16:21</Timestamp>
</Body>
2- <Body Id="Body"><Timestamp>2006-May-04
20:16:21</Timestamp></Body>
3- The SHA1 on the data of step2
4- hI2M81Ns4JNPVeHVlBaxOtu8HPY=
I get "hI2M81Ns4JNPVeHVlBaxOtu8HPY=" as a DigestValue which is
different than the expected one, which is
"pV9SUz/WktNbDo+R4dW9MBuWDgs=".
Can anyone please tell me what is the data here (point 1) on
which the digest is calculated?
Best Regards,
Shyam Shukla
DISCLAIMER ========== This e-mail may contain privileged and
confidential information which is the property of Persistent Systems
Pvt. Ltd. It is intended only for the use of the individual or entity to
which it is addressed. If you are not the intended recipient, you are
not authorized to read, retain, copy, print, distribute or use this
message. If you have received this communication in error, please notify
the sender and delete all copies of this message. Persistent Systems
Pvt. Ltd. does not accept any liability for virus infected mails.