First of all, this is absolutely correct because namespace prefix *does not* matter at all (look up XML namespaces spec for details).
Now, the short answer on your question is: there is no way to make xmlsec use "custom" namespace prefix for dsig namespace. I really don't see reasons for making this change but if you would be interested in creating a patch then I'll be happy to apply it. Aleksey > Yes I am seeing the same thing with numerous templates. > > -----Original Message----- > From: Alexander Trishin [mailto:[EMAIL PROTECTED] > Sent: December 23, 2005 12:20 PM > To: [EMAIL PROTECTED] > Cc: [email protected] > Subject: Re: [xmlsec] xmlsec > > I'm using xCBL 4.0 documents which define dgs prefix for xmldsig <Invoice > xmlns:dgs="http://www.w3.org/2000/09/xmldsig#"; > So I'm defining signature > template as <dgs:Signature> > <dgs:SignedInfo> > <dgs:CanonicalizationMethod > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> > <dgs:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > <dgs:Reference URI=""> > <dgs:Transforms> > <dgs:Transform > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> > </dgs:Transforms> > <dgs:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > <dgs:DigestValue/> > </dgs:Reference> > </dgs:SignedInfo> > <dgs:SignatureValue/> > <dgs:KeyInfo> > <dgs:KeyName/> > <dgs:X509Data><dgs:X509Certificate/> > </dgs:X509Data> > </dgs:KeyInfo> > </dgs:Signature> > > After document is signed all elements still have dgs prefix but > X509Certificate: > <dgs:X509Data> > <X509Certificate > xmlns="http://www.w3.org/2000/09/xmldsig#";>MIICAjCCAWugAwIBAgIQnS98DETrP7RGk > aTvoI4evjANBgkqhkiG9w0BAQQFADAY > [skip] > </X509Certificate> > </dgs:X509Data> > > Although it does not create a verification problem, I find it strange. > Is there a way to keep it consistent? > > Thank you, > Alex. > > > Edward Shallow wrote: > >>Hi Alex, >> >> Aleksey did understand you correctly. Simply initialize the >><KeyName> in a template file (sample attached) and the private signing >>key will be extracted from the MS system key store (i.e. 'MY'). Rough >>sequence of calls >>(simplified) as follows: >> >> xmlParseFile('the template') >> xmlDocGetRootElement() >> xmlSecFindNode(rootNode, 'Signature', >>'http://www.w3.org/2000/09/xmldsig#') >> xmlSecKeysMngrCreate() >> xmlSecCryptoAppDefaultKeysMngrInit(keysMngr) >> xmlSecDSigCtxCreate() >> xmlSecDSigCtxInitialize(dsigCtx, keysMngr) >> xmlSecDSigCtxSign(dsigCtx, sigNode) >> >> Depending on which crypto you are using the <KeyName> can contain >>either the short friendly name (from CN=...) or the full X509 >> Distinguished > Name. >>Both will work. mscrypto for example will look first in the Simple Key >>Store if you have adopted one and then in the 'MY' certificate store >>for your signing key. In the above sequence, I did not load or adopt a >>Key Store, so mscrypto goes directly to the system key store 'MY'. >> >> Note: OpenSSL does not have a system key store. >> >>Cheers, >>Ed >> >> >> >>-----Original Message----- >>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On >>Behalf Of Alexander Trishin >>Sent: December 19, 2005 7:00 PM >>To: Aleksey Sanin >>Cc: [email protected] >>Subject: Re: [xmlsec] xmlsec >> >>Aleksey, >> >>I probably didn't make myself clear. >>I'm looking at the code to produce a signed xml, the key info and >>certificate come from the external file for the sample. >>My question is - what functions should I use to change that? So that >>key info and Certificate come from the system store, and not from the >> file. >> >>Thank you in advance, >>Alex >> >>Aleksey Sanin wrote: >> >> >> >>>I am not a big mscrypto user myself and I hope someone will correct my >>>lies here... but I believe that you just need to put the key name >>>(i.e. certificate subject) into the <KeyName> element of your >>>signature template. >>> >>>Aleksey >>> >>>Alexander Trishin wrote: >>> >>> >>> >>>>Dear Friends, >>>> >>>>I'm trying to create a test console app to sign XML files with the >>>>X509 certificate. I took a look at samples provided but yet to figure >>>>out how do I sign an XML file with the Certificate that I already >>>>have in "MY" store. Certificate does have a private key. >>>> >>>>If someone can point me in the right direction or has sample I'd be >>>>greatly appreciated. >>>> >>>>Platform is Windows with ms crypto library. >>>> >>>>Thank you, >>>>Alex. >>>>_______________________________________________ >>>>xmlsec mailing list >>>>[email protected] >>>>http://www.aleksey.com/mailman/listinfo/xmlsec >>>> >>>> >>> >>> >>> >>> >>_______________________________________________ >>xmlsec mailing list >>[email protected] >>http://www.aleksey.com/mailman/listinfo/xmlsec >> >> > > > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
