How to calculate XML DigestValue?
When signing some XML, the subscriber generates the DigestValue tag containing a Hash. I can generate digest value with a digital certificate, but I would like to generate this hash without having the need for a certificate...
I have seen in some documentations, that it is necessary to use SHA1 and Base64, but whenever I use these two algorithms, the hash that returns me is not the one I am expecting.
Does anyone know what the complete algorithm to generate that value?
Scenario:
- input is any XML
- I use SHA1 encryption algorithm, then
- I turn the encryption return to Base64
- the base64 return should be the correct hash, but a different hash comes.
1 answers
The process of calculating the DigestValue
of an XML file does not come down to calculating the hash of that file, but has other intermediate steps:
- put the document in canonical form, as pointed out by @ Anthony Accioly;
- apply any transformations specified in
Reference/Transforms
. If there is no elementTransforms
, or the same is empty (no sub-elements), then nothing needs to be done.
Make sure these steps have been taken correctly and if still having trouble getting a correct result, add more details to your question so we can help more (if possible by showing the SignedInfo
you want to achieve, a link to the XML file and a description of the steps and tools you used).
Note: my previous answer (in file) does not apply here, since in fact DigestValue
is a simple hash and not a digital signature (therefore invariant to the presence or not of a certificate).