What we decided to do is to create a hash of the data we REALLY want signed, and put the hash into a nice little xml tree, and sign THAT. That way we can pluck out the signature from the document and call it "detached" if we want to.
To check, we recalculate the hash of the original data, compare it with what is in the signed document blob, then use the xmlsec functions to check the signature against the public key. In this way we can avoid using URI references while still masking the content of our original data. Thanks again, meg Aleksey Sanin wrote: > > Actually, you have one more option: use a special protocol name > (like "thisismyprotocol://....") and write custom protocol handlers > that will read document from memory. Thought, it might be not such > a good idea because of interop issues in the future. > > Aleksey -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Meg Morgan 425/450-2754 [EMAIL PROTECTED] http://www.votehere.net _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
