I found this info in the standard:
***
The Object's Id is commonly referenced from a Reference in SignedInfo, or
Manifest. This element is typically used for enveloping signatures where the
object being signed is to be included in the signature element. The digest
is calculated over the entire Object element including start and end tags.
Note, if the application wishes to exclude the <Object> tags from the digest
calculation the Reference must identify the actual data object (easy for XML
documents) or a transform must be used to remove the Object tags (likely
where the data object is non-XML).
****
So this explains why digest value would be different in both cases. To
remove <Object> tag in the calculation of digest value, what should I do?
"Raghu" <Ra***@nospamzzzqcsi.com> wrote in message
news:ey**************@tk2msftngp13.phx.gbl...
According to the xml digital signature standard
(http://www.w3.org/TR/xmldsig-core/), signature can be one of following:
enveloping, enveloped and detached. The standard says that signature
element should be excluded when signing using enveloped signature. It also says
that Object element (in case of enveloping signatgure) is not part of digital
signature.
So I started expermienting with SignedXml object in .net framework. To my
surprise, the digest value of a reference changed depending on whether the
signature is envloping or enveloped. I even used the transform for the
reference for canonicalization in both cases.
Why is this case? Can any one explain?
Thanks.
Raghu/..
