Am assuming you are using the Java library?
Have a look at :
http://cvs.apache.org/viewcvs.cgi/xml-security/src_unitTests/org/apache/xml/security/test/interop/IAIKTest.java?rev=1.10&view=markup
in particular, the method :
test_coreFeatures_signatures_anonymousReferenceSignature
Cheers,
Berin
Lyudmila Balakireva wrote:
Hello,
I need help to understand my options.
We have a situation when I have to verify xmlsignature of in memory
document .
Signature is a separate document and has no URI and transforms, and
look like:
dsig:Signature xsi:schemaLocation="http://www.w3.org/2000/09/xmldsig#
http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>bhfW/9PpxZpL/uHzFXCJAPNvvbo=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>
Is It possible and how?
The W3C Sig. Spec states that: "If the URI attribute is omitted , the
receiving application is expected to know the identity of the object. For
example, a lightweight data protocol might omit this attribute given the
identity of the object is part of the application context."
Luda