|
Hello. I have found discussion of excluding the
signature with the command line utility using --node-xpath, but I can’t
find an example. When I use this I get “failed to find default node
with name=’Signature’”. Am I misusing the --node-xpath
param? xmlsec sign --pkcs12 private.pfx --store-signatures --print-debug
--node-xpath /Response/Assertion/Subject
--output xmlsec_signed.xml template_dsig.xml Here is a snippet of my template. What I’m
trying to do is create a digest for the Subject only. <Response> <Assertion> <Subject id="Subject"> <NameID Format="urn:oasis:names:tc:1.1:nameid-format:unspecified">{A498DC30-A3F0-48c1-B61C-9C7C849B5675}</NameID> <SubjectConfirmation Method="urn:oasis:names:tc:2.0:cm:bearer"> <SubjectConfirmationData Address="68.87.127.5" NotOnOrAfter="2005-11-04T03:55:49.633Z" /> </SubjectConfirmation> </Subject> </Assertion> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <dsig:Reference URI="#Subject"> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <dsig:DigestValue></dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue></dsig:SignatureValue> </dsig:Signature> </Response> Thanks! |
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
