Hi all, I want to create a signature inside an xml file, i use several transforms to get a portion of the original xml with xpath, and to canonize. I decided to don't attach the public keys.
<?xml version="1.0" encoding="UTF-8"?> <hr:Candidate xmlns:df="http://defactops.com"; xmlns:hr="http://ns.hr-xml.org/2004-08-02"; xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <hr:CandidateRecordInfo> <hr:Id> <hr:IdValue name="id">1158138667963</hr:IdValue> </hr:Id> <hr:Id> <hr:IdValue name="version">0.9.0</hr:IdValue> </hr:Id> <hr:Id> <hr:IdValue name="model">0.9.0</hr:IdValue> </hr:Id> <hr:Id> <hr:IdValue name="host">127.0.0.1</hr:IdValue> </hr:Id> </hr:CandidateRecordInfo> <hr:CandidateProfile> [...] </hr:UserArea> <HRSignature id="protean-xmldsig-01"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:Reference URI="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <dsig-xpath:XPath Filter="intersect" xmlns:dsig-xpath="http://www.w3.org/2002/06/xmldsig-filter2";>/hr:Candidate/hr:CandidateRecordInfo</dsig-xpath:XPath> </ds:Transform> <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>ICBDC9GdWcp8S373I1jlKCilSbI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>l0N6Ll3/tlSoBz26QdIHyWMA1D95xcPClBz8oy8y7Oj69QQxTVF9GA==</ds:SignatureValue> </ds:Signature></HRSignature></hr:Resume> </hr:Candidate> It works pretty well, (the sign and the verification process) but, when i indent the whole file, the Signature element content is indented too and the validation process fails. is there any way to canonice the Signature element? is this a common problem? how can i solve this? thank you! pd: i'm new in this mailing list, and sorry if this issue was commented before. -- ;-) ____________________________________ Jorge Martin Cuervo Analista Programador Outsourcing Emarketplace deFacto Powered by Standards email <[EMAIL PROTECTED]> voz +34 985 129 820 voz +34 660 026 384 ____________________________________
