Re: [xmlsec] xmlsec1 signing wrong when a child has Signature node

Thu, 26 Nov 2009 05:47:23 -0800 

Hi Aleksey,
yes my libxml2 is a recent version (2.7.6). I put xml:id on this example, but with a normal Id property and using "--id-attr" option I have the same problem. 

 Have you tried this tamplate example and commands?

Marcus


Aleksey Sanin wrote:

Please make sure that libxml2 library you use supports "xml:id"

Aleksey

Marcus Pereira wrote:

At a file like the one below xmlsec1 is signing the wrong Signature 
template when I command to sign the Parent node.


# xmlsec1 sign --privkey-pem rsakey.pem --node-id "Child1" xml1_tmpl.xml
OK! it is signing the URI="#Chil1" Signature node.


# xmlsec1 sign --privkey-pem rsakey.pem --node-id "Parent1" 
xml1_tmpl.xml
NOT OK! it is still signing the URI="#Child1" node not the 
URI="#Parent1".


Marcus Pereira


============================================
<?xml version="1.0"?>
<Family>
 <Parent xml:id="Parent1">
   <ParentData>I am the first Dad</ParentData>
   <Childs>
     <Child xml:id="Child1">
       <ChildData>I am the first Child</ChildData>
     </Child>
     <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
       <SignedInfo>

         <CanonicalizationMethod 
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
         <SignatureMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

         <Reference URI="#Child1">
           <Transforms>

             <Transform 
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

           </Transforms>

           <DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

           <DigestValue/>
         </Reference>
       </SignedInfo>
       <SignatureValue/>
     </Signature>
   </Childs>
 </Parent>
 <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
   <SignedInfo>

     <CanonicalizationMethod 
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
     <SignatureMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

     <Reference URI="#Parent1">
       <Transforms>

         <Transform 
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

       </Transforms>

       <DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

       <DigestValue/>
     </Reference>
   </SignedInfo>
   <SignatureValue/>
 </Signature>
</Family>

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec





_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec






















					Reply via email to