Re: [xmlsec] more then one signature in the document

Thu, 05 Dec 2002 09:47:30 -0800

I am sorry but I am not sure I clear understand your problem completelly
but I think that you have a known "ID attribute w/o DTD" problem
(see section 3.2 of the FAQ http://www.aleksey.com/xmlsec/faq.html).
On the other hand, I am not sure why you could not use an empty URI
for the last reference:
<Reference Id="my-reference "URI="">
and using an enveloped transform to exclude this signature itself. By doing this
the last signature will sign all the other documents and you'll be fine.


Aleksey.


[EMAIL PROTECTED] wrote:

Aleksey:

I have a document with various signatures, in the end of the document have
to including the signature of ALL the document, like this:
<?xml version="1.0" encoding="UTF-8" ?>
<Document>
<SetDOCID="SetDoc">
<.....>
<Doc1>
<DocumentoID="ID1">
<.......>
</Documento>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"Id="my-signature";>
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
/> <ReferenceId="my-reference"URI="#T33F000002">
.........
</Signature>

</Doc1>
<Doc 2>
<DocumentoID="ID2">
<..........>
</Documento>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"Id="my-signature";>
<.......>
<ReferenceId="my-reference"URI="#T33F000003">

</Signature>
</Doc2>

<Doc3>
<DocumentoID="D3">
<.........>
</Documento>

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"Id="my-signature";>
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
/> <ReferenceId="my-reference"URI="#T33F000004">
......
</Signature>
</Doc3>



</SetDOC>

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"Id="my-signature";>
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
/> <ReferenceId="my-reference"URI="#SetDoc">
<......THIS IS THE FIRM OF THE DOCUMENT>
</Signature>
</Document>

basicly my "document" is a lot of documents signed. but to verify the document
I get some problems with the references.

for do this, the reference id "my reference" should be null, or diferent
for each part of set DTE, it's posible make this with xmlsec or not.

Thanks



_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec


_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to