The |Transforms| specified in this document are defined with respect to the input they require.
The following is the default signature application behavior:
* If the data object is an octet stream and the next transform requires a node-set, the signature application MUST attempt to parse the octets yielding the required node-set via [XML <http://www.w3.org/TR/xmldsig-core/#ref-XML>] well-formed processing. * If the data object is a node-set and the next transform requires octets, the signature application MUST attempt to convert the node-set to an octet stream using Canonical XML [XML-C14N <http://www.w3.org/TR/xmldsig-core/#ref-XML-C14N>].
Which means that if you do not specify C14N then the default one would be used
when needed.
Aleksey
[EMAIL PROTECTED] wrote:
Hi Folks!
I would like to ask you a simple thing - should I canonicalize all signed content before calculating the digest or not? XML-DSIG says I should canonicalize <SignedInfo> but for verifying <Reference> -s XML-DSIG says just apply the Transform-s and calculate the digest. So if a <Reference> contains a digest of some block of xml data, should it be canonicalized or not?
Regards,
Veiko
_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec