run xmlsec with --store-signatures Aleksey
On 11/26/11 4:31 AM, Si St wrote:
Given these xml namespaces and declarations from the top node of a xml-file: <MsgHead xmlns="http://www.kith.no/xmlstds/msghead/2006-05-24"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:xsd="http://www.w3.org/2001/XMLSchema.xsd"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://www.kith.no/xmlstds/msghead/2006-05-24 MsgHead-v1_2.xsd"> and the following SignedInfo node (I am including the<Signature> and its xmlns so it can be seen) belonging to that xml-file: <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue></DigestValue> </Reference> </SignedInfo> Which or eventually: what other xmlns/decl are to be included into the start element of the SignedInfo to arrange the right setup for hashing the DigestValue to be signed? In other words I think SignedInfo has to "inherit" xmlns, when being hashed as solitary element before signing a xml-document. Usually this happens during or prior to canonicalization of the SignedInfo. One example is this: <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#";> but it might be something else.
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
