How to calculate the XML DigestValue?

3

When signing some XML, the signer generates the DigestValue tag containing a hash. I can generate the digest value with a digital certificate, but I would like to generate this hash without having to have a certificate ...

I have seen in some documentation that it is necessary to use SHA1 and Base64, but whenever I use these two algorithms, the hash that returns me is not the one I'm expecting.

Does anyone know the complete algorithm to generate this value?

Scenario:

  • Input is any XML
  • I use the SHA1 encryption algorithm, then
  • I transform the return of the encryption in Base64
  • The base64 return should be the correct hash, but a different hash comes in.
asked by anonymous 15.12.2013 / 19:11

1 answer

2

The process of calculating the DigestValue of an XML file is not limited to calculating the hash of that file, but has other intermediate steps:

  • Place the document in canonical form, as pointed out by @Anthony Accioly;
  • Apply any specified transformations to Reference/Transforms . If there is no element Transforms , or it is empty (without sub-elements), then nothing needs to be done.
  • Make sure these steps have been correctly followed, and if you still have trouble getting a correct result, add more details to your question so that we can help you more (if possible by showing the SignedInfo you want to reach, a link for the XML file and a description of the steps and tools you used).

    Note: my previous answer (in file) does not apply here, since in fact DigestValue is a simple hash and not a digital signature (therefore invariant to the presence of a certificate).

        
    15.12.2013 / 23:46