On Oct 1, 2012, at 10:58 AM, "Renato Tegon Forti" <[email protected]<mailto:[email protected]>> wrote:
In this case the the signature checks fail! If I remove the NS: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Like this: The signature is validated OK! Why? Probably because you signed the reference and left it with the inclusive c14n algorithm, in which namespaces are certainly going to affect the signature. The signer did not include them, and now they're present so the digest changes. ‘am trying understanding! What I must do to work with NS (xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:ds="http://www.w3.org/2000/09/xmldsig# You can't, not unless the signer changes the signed document and/or uses exclusive c14n as a transform. -- Scott
