Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Enveloped signature accepted or not depending on LF inside the Signature element

Subject: OpenSAML user discussion

List archive

Re: Enveloped signature accepted or not depending on LF inside the Signature element


Chronological Thread 
  • From: Xavier Drudis Ferran <>
  • To:
  • Subject: Re: Enveloped signature accepted or not depending on LF inside the Signature element
  • Date: Mon, 3 Mar 2008 17:52:09 +0100

On Mon, Mar 03, 2008 at 11:32:51AM -0500, Scott Cantor wrote:
> >
> > only means that the part outside the Signature generates the same
> > DigestValue as is in the Signature's SignedInfo, but later some digest
> > of the SignedInfo (or it plus something more) is calculated before
> > validating with the signer's public key, and that fails because of
> > the whitespace differences. Right?
>
> Well, yes, but that's not before validating, that is the validation. The
> SignatureValue is a public key signature over the octets making up that c14n
> step.
>

Ok, it's the signature validation, not before it. I meant before you
apply the public key to the signature value and the hash of the signed
data, but I was confused.

I think I was confusing the digestValue with the hash involved in
signing (and checking signatures). These need to be different things
because you can have more than one reference, and more than one
digestValue (one per reference) , and then sign them all and generate
a single SignatureValue. But in my case I get only one reference,
and I was confused. Now I see. There's one more hash calculation
involved than what I thought.

Thanks for explaining.

--
Xavi Drudis Ferran




Archive powered by MHonArc 2.6.16.

Top of Page