Hi!
I have a general question concerning xml digital signatures.
Is XML-DSIG verifying that the content of the XML document isn't modified or
does XML-DSIG really signs the binary representation of some data (mostly
xml i guess).
To make my question more clearly i have an example:
Are the following 2 XML-Documents the same when signed? Do they result in
the same Signature?
XML 1:
<data><user>someuser</user></data>
XML 2 (indented):
<data>
<user>someuser</user>
</data>
The content is the same on a DOM-view but its different if you compare it
byte by byte.
So we have a specific problem when i get a signed XML from an external
module and transmit this xml document via soap to a webservice.
The soap serializer builds a dom and serializes it, but it looses is indent
when serialized although the content stays the same.
When the webservice now tries to verify the signature if fails. It can only
verify exactly the same XML-Document i get from the external module (byte by
byte).
So we have to decide if the verification routine is wrong of if its wrong to
build a DOM from a signed document for transmition to the service.
Thanks a lot for any help on this topic!!
Best wishes
Markus
