It's a strange task, because for xml there is a XMLDSIG standard for signing XML documents. I recommend trying https://github.com/russellhaering/goxmldsig for this. If XMLDSig is not suitable and you definitely want to create a digital signature of an xml - you should think about xml normalization and also about embedding empty tag for signature in the same format for signer and verifier. For example, you can use http://www.w3.org/2001/10/xml-exc-c14n# canonicalization algorithm. Check https://github.com/russellhaering/goxmldsig/blob/main/canonicalize.go for details.
On Wed, Feb 14, 2024 at 10:18 PM Shivli Srivastava < shivlisrivastav...@gmail.com> wrote: > I have the task of generating the digital signature of an xml, enveloping > it in a PKCS7 packet and attaching it to the xml . I decided to use > https://pkg.go.dev/go.mozilla.org/pkcs7 , and was able to generate the > sign but it is not matching with the expected output . It seems to me that > xml has to be canonicalized before signing . Do we have any reference how > to do it in golang ? > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/eeeb47db-8bca-4883-8cf5-342c55e4f836n%40googlegroups.com > <https://groups.google.com/d/msgid/golang-nuts/eeeb47db-8bca-4883-8cf5-342c55e4f836n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Kind regards, Alexey -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAMDzThhv%3DG%2BwrkV_atUdpSPJY6KgdJ%3DJJToOj9Jg2J6H9dkf7A%40mail.gmail.com.
