Hi Vishal, Sometime back, there was a discussion going on about this cascading in one thread with subject "going from signing xml file with DTD to signing xml file with Schema". Do you any clue about the conclusion? Can't I somehow stop cascading?
Please do suggest me. Thanks & Regards, Ayyappan Gandhirajan --------------------------------------------- Office: 91.80.2225.1554 Extn 1472 Mobile: 91.94483.14969 E-Mail: [EMAIL PROTECTED] ----------------------------------------------- -----Original Message----- From: Vishal Mahajan [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 6:55 PM To: [EMAIL PROTECTED] Subject: Re: Problem with verification of .NET signed XML I think (I am not sure) that this might be happening because of the namespace attributes cascading that's done by apache dsig library on the xml document. This, combined with the fact that there's no canonicalization transform inside the signed-info-reference (ds:Reference) might be resulting in the interop problem that you are facing. It would be interesting to know, what happens when you perform a canon transform on the signature input to be digested. Vishal GANDHIRAJAN,AYYAPPAN (HP-India,ex2) wrote: >Oop! I forgot to attach the xml message. Please here you go! > > >Thanks & Regards, >Ayyappan Gandhirajan >--------------------------------------------- >Office: 91.80.2225.1554 Extn 1472 >Mobile: 91.94483.14969 >E-Mail: [EMAIL PROTECTED] >----------------------------------------------- > > >-----Original Message----- >From: GANDHIRAJAN,AYYAPPAN (HP-India,ex2) >Sent: Wednesday, March 31, 2004 4:52 PM >To: '[EMAIL PROTECTED]' >Subject: RE: Problem with verification of .NET signed XML > > >Hi Berin, > >Thanks for your mail. > >My client is written using .NET. It creates an XML envelope and sign it. > >My server is written in apache xml security. It verifies the signed xml >messages, which was sent by the client. The "boolean verify = >sig1.checkSignatureValue(sig1.getKeyInfo().getPublicKey())" statement always >return false. The digest value generated is different from the digest value >present in the xml message. > >Please find the attached signed xml mesage. > > >Thanks & Regards, >Ayyappan Gandhirajan >--------------------------------------------- >Office: 91.80.2225.1554 Extn 1472 >Mobile: 91.94483.14969 >E-Mail: [EMAIL PROTECTED] >----------------------------------------------- > > >-----Original Message----- >From: Berin Lautenbach [mailto:[EMAIL PROTECTED] >Sent: Wednesday, March 31, 2004 4:31 PM >To: [EMAIL PROTECTED] >Subject: Re: Problem with verification of .NET signed XML > > >The Object element is simply an artifact for including information to be >signed or to be used in the signature inside the Signature element. It >is not directly included in any signture operation. > >How is the signature breaking? > >Cheers, > Berin > > >GANDHIRAJAN,AYYAPPAN (HP-India,ex2) wrote: > > > >>Folks, >> >>Though I have been working with XML security for the past four months, I >>have never used "<Object>" tag inside <Signature> element. Can anyone of >> >> >you > > >>please tell me as to what is this Object tag and how it affects the >>signature verification functionlaity? >> >>I have used apahe XML security to sign and verify the digital signature. >>When both server and client are using apache libraries, the functionlity >>worksfine. When I generated the signed xml using .NET, the functionlity >>breaks. I see one extra <Object> inside the <Signature> element. The >>interoperability seems to be a problem here. Can someone help me in >>resolving this? >> >> >>Thanks & Regards, >>Ayyappan Gandhirajan >>--------------------------------------------- >>Office: 91.80.2225.1554 Extn 1472 >>Mobile: 91.94483.14969 >>E-Mail: [EMAIL PROTECTED] >>----------------------------------------------- >> <<dotNETsignedMsg.xml>> >> >> > > >
