Different DigestValue for the same XML document

Question

I have signed xml document here

The digest value of the document is atHP855e32qDMu4fzAZr+wXRqfeLh9HTpnAlAFy/jDg= When I try to check it with code below the result is Ppk6zE8XY4zaIPco/fY/sSKog3imkmko8CMAIHVNwTw= I think the problem is in Body tag that contain whitespaces. If sign this document without whitespaces, digest values are equal.

Who can spot a mistake?

public static byte[] GetDigest(XmlDocument doc)
    {
        var nodeList = doc.GetElementsByTagName(
          "Signature", "http://www.w3.org/2000/09/xmldsig#");

        var signedXml = new SignedXml(doc);
        signedXml.LoadXml((XmlElement)nodeList[0]);

        var signatureDescription = CryptoConfig.CreateFromName(signedXml.SignedInfo.SignatureMethod) as SignatureDescription;
        var hashAlgorithm = signatureDescription.CreateDigest();

        var xmlDocument = new XmlDocument
        {
            PreserveWhitespace = true
        };

        var body = doc.SelectSingleNode("/ReportEnvelope/Body");

        XmlNodeList transformNode = ((XmlElement)(nodeList[0])).GetElementsByTagName("Transform");

        xmlDocument.AppendChild(xmlDocument.ImportNode(body, true));

        var transform = signedXml.SignedInfo.CanonicalizationMethodObject;
        transform.LoadInnerXml(transformNode);
        transform.LoadInput(xmlDocument);
        return transform.GetDigestedOutput(hashAlgorithm);
    }

score 1 · Answer 1 · edited May 23 '17 at 12:07

1

I encountered this issue as well and it has something to do with how SignedXml creates the hash digest. In .NET 4, it completely ignores any whitespace in the the XML.

SignedXml.CheckSignature fails in .NET 4 but it works in .NET 3.5, 3 or 2

edited May 23 '17 at 12:07

Community

1
1

answered Apr 20 '16 at 05:10

MichaelChan

1,808
17
34

Different DigestValue for the same XML document

1 Answers1