Yes, you should choose BST_DIRECT_REFERENCE Take a look at http://coheigea.blogspot.in/2013/03/signature-and-encryption-key.html <http://coheigea.blogspot.in/2013/03/signature-and-encryption-key.html>
T.K > On 26-Apr-2017, at 5:33 AM, ayache.k <[email protected]> wrote: > > Hi > > I am using Camel XML security component to sign an xml using the following > setup: > > <recipientList> > > <simple>xmlsecurity:sign://enveloped?keyAccessor=#keyAccessor&parentLocalName=FragmentsToBeHashed&signatureAlgorithm=http://www.w3.org/2000/09/xmldsig#rsa-sha1&digestAlgorithm=http://www.w3.org/2000/09/xmldsig#sha1&addKeyInfoReference=false&canonicalizationMethod=C14n</simple> > </recipientList> > > The signature produced - see below - does not include the X509Certificate > element. This is needed for the verifier client to extract the publicKey. Is > there a way of telling the xml security component to include this? It is not > obvious from the compoent doc page. > > Kind regards, > > Ayache > > > <?xml version="1.0" encoding="UTF-8"?> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > Id="_d0540f2b-661e-4fd7-b3d0-03f5f2ae5afe"> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; /> > <ds:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> > <ds:Reference URI=""> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /> > <ds:Transform > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; /> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > /> > <ds:DigestValue>ND6UKUHRSxgGFqDCchmYxlO/H1k=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > > <ds:SignatureValue>JiG1VlPOywLKDXhzvsanjSEAYHCvwNSTYqWIWHC2qNtvqZSc+j9fh1yLlqh7zKDnQ8u74aWDSKERT6KC2aqECDCF3jY16B1r9T7HgpRP0LH42845MdOe8xamNy91Oi7rE614a9CzXNy0smhUKvIxGxj1D0iCkqVHyhITuOIyjLuzcHCIBAegBoy7LE+rp3pLc6k3UX7YSXeC/1ZQz1AxU9qJakP5GxI3sYPfK7qz0IFU6quLx7UVTl7Iv/iKm6RKOlIuiGbD8KczBpH5kHXg6zrs4P0g06SbLUE7s7RNNZ6uMDZeVIR6SMPPrnYOd5+Zig/rbysDnYCGgo1uSL73gg==</ds:SignatureValue> > <ds:KeyInfo Id="_2a65b9fa-04c5-4d31-b656-6f950d6e4d04"> > <ds:X509Data> > <ds:X509IssuerSerial> > <ds:X509IssuerName>CN=rootCA, OU=vision, O=INPS, L=London, > ST=Greater London, C=UK</ds:X509IssuerName> > <ds:X509SerialNumber>13213122219353237285</ds:X509SerialNumber> > </ds:X509IssuerSerial> > </ds:X509Data> > </ds:KeyInfo> > </ds:Signature> > > > > -- > View this message in context: > http://camel.465427.n5.nabble.com/XMLSecurity-not-generating-tp5798321.html > Sent from the Camel - Users mailing list archive at Nabble.com.
