mace-opensaml-users - RE: Enveloped signature accepted or not depending on LF inside the Signature element
Subject: OpenSAML user discussion
List archive
RE: Enveloped signature accepted or not depending on LF inside the Signature element
Chronological Thread
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: Enveloped signature accepted or not depending on LF inside the Signature element
- Date: Mon, 3 Mar 2008 10:52:01 -0500
- Organization: The Ohio State University
Short answer: you're wrong about how signatures work. ;-)
The signature step that's failing is digesting the actual content of the
Signature element (minus ds:KeyInfo, which is not signed). Any whitespace
changes inside there will break the signature. If you can "fix" it by
removing whitespace then you're not transporting the message intact to begin
with.
The overall signature c14n algorithm governs how the node set of that
element is turned into octets, same as with the individual References using
the c14n transform.
-- Scott
- Enveloped signature accepted or not depending on LF inside the Signature element, Xavier Drudis Ferran, 03/03/2008
- RE: Enveloped signature accepted or not depending on LF inside the Signature element, Scott Cantor, 03/03/2008
- <Possible follow-up(s)>
- Re: Enveloped signature accepted or not depending on LF inside the Signature element, Xavier Drudis Ferran, 03/03/2008
- RE: Enveloped signature accepted or not depending on LF inside the Signature element, Scott Cantor, 03/03/2008
- Re: Enveloped signature accepted or not depending on LF inside the Signature element, Xavier Drudis Ferran, 03/03/2008
Archive powered by MHonArc 2.6.16.