The |Transforms| specified in this document are defined with respect to the input they require.
The following is the default signature application behavior:
* If the data object is an octet stream and the next transform
requires a node-set,
the signature application MUST attempt to parse the octets
yielding the required
node-set via [XML <http://www.w3.org/TR/xmldsig-core/#ref-XML>]
well-formed processing.
* If the data object is a node-set and the next transform requires
octets, the signature
application MUST attempt to convert the node-set to an octet
stream using
Canonical XML [XML-C14N
<http://www.w3.org/TR/xmldsig-core/#ref-XML-C14N>].Which means that if you do not specify C14N then the default one would be used
when needed.
Aleksey
[EMAIL PROTECTED] wrote:
Hi Folks!
I would like to ask you a simple thing - should I canonicalize all signed content before calculating the digest or not? XML-DSIG says I should canonicalize <SignedInfo> but for verifying <Reference> -s XML-DSIG says just apply the Transform-s and calculate the digest. So if a <Reference> contains a digest of some block of xml data, should it be canonicalized or not?
Regards,
Veiko
_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
