Take a look at xmlsec command line help. There are bunch of options that allow you to dump the exact content before digest/signature/verification so you will know exactly what was digested or signed.
Aleksey On 5/16/12 6:40 AM, Rich Duzenbury wrote: > On Tue, May 15, 2012 at 11:02 PM, Aleksey Sanin <[email protected]> wrote: >> You probably want to contact RSA FIM to figure out what this >> exception means. > > RSA responded with: You must get the partner to change so that they > are signing the responses only. > > Based on the template I mentioned previously, and the fact that the > reference URI is emtpy, doesn't that mean that I'm signing the entire > response? As a test, I used the online validator successfully. If I > update the issueinstant in the <response> tag, the validator then > fails the message as I expect. > > I'm still unclear on the following, as well: > > I presume enveloped signature means to sign the whole message, right? > Is it enough to simply include <ds:Transform > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> in the signature > method, and the conicalization will magically be done by the library? > Or do I have to signal xmlsec to do it in some way? or does it have > tobe done with a different tool before the signing is completed? > > Thank you. > > Regards, > Rich > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
