[Mono-list] SignedXML: Where does the digest come from

Andy Hume andyhume32 at yahoo.co.uk
Thu May 29 09:19:25 EDT 2008 

Don't know whether this MSDN Magazine article is of any help
http://msdn.microsoft.com/en-us/magazine/cc185723.aspx 

Andy


> -----Original Message-----
> From: mono-list-bounces at lists.ximian.com 
> [mailto:mono-list-bounces at lists.ximian.com] On Behalf Of 
> Sebastien Pouliot
> Sent: 29 May 2008 12:56
> To: Mathias Tausig
> Cc: Mono-list at lists.ximian.com
> Subject: Re: [Mono-list] SignedXML: Where does the digest come from
> 
> Hello Mathias,
> 
> On Thu, 2008-05-29 at 11:16 +0200, Mathias Tausig wrote:
> > Hy!
> > 
> > I am creating a signed xml document using:
> > 
> > XmlDocument objdoc=new XmlDocument();
> > objdoc.Load("test.xhtml");
> > DataObject dObj=new DataObject();
> > dObj.Id="xmldsig-dataobj";
> > dObj.Data=objdoc.ChildNodes;
> > Reference dRef=new Reference("#xmldsig-dataobj"); SignedXml 
> xmlsig=new 
> > SignedXml(); xmlsig.AddObject(dObj); xmlsig.AddReference(dRef); RSA 
> > rsa=new RSASignatureCard(SigCard); KeyInfo keyinfo=new KeyInfo(); 
> > keyinfo.AddClause(new RSAKeyValue(rsa)); xmlsig.KeyInfo=keyinfo; 
> > xmlsig.SigningKey=rsa; xmlsig.ComputeSignature();
> > 
> > (RSASignatureCard is a self-written class derived from RSA 
> which uses 
> > a
> > smartcard)
> 
> Pretty cool :-) The model always allowed this (expect that fx 
> 1.x made it harder with some bugs) but still it's pretty rare 
> to find someone using it.
> 
> > This works fine, the signature can be calculated and is 
> also verified 
> > correctly.
> > But if I look at the data that has actually been signed
> > via		rsa.EncryptValue(xmlsig.Signature.SignatureValue);
> > the digest that can be found there is different from the 
> one residing 
> > in
> > 
> > sigref=xmlsig.Signature.SignedInfo.References[0] as Reference; 
> > sigref.DigestValue;
> > 								
> 	Weird, isn't it?
> 
> It's been years since I looked into xmldsig (and I've been 
> trying, hard, to reclaim those neurons for other duties ;-) 
> but IIRC each reference is digested then the "header", 
> including all the references digest, is digested too. Only 
> the later, not part of the XML itself, is signed.
> 
> Of course the perfect answer is in the specification itself...
> 
> Sebastien
> 
> 
> > 
> > cheers
> > Mathias
> > 
> > _______________________________________________
> > Mono-list maillist  -  Mono-list at lists.ximian.com 
> > http://lists.ximian.com/mailman/listinfo/mono-list
> 
> _______________________________________________
> Mono-list maillist  -  Mono-list at lists.ximian.com 
> http://lists.ximian.com/mailman/listinfo/mono-list

More information about the Mono-list mailing list