Aleksey Sanin <[email protected]> writes: > I don't see example but "ds:SignatureType" defines Signature node in > the DS namespace.
The example is here: http://tools.ietf.org/html/rfc6030#section-7 and contains <?xml version="1.0" encoding="UTF-8"?> <KeyContainer xmlns="urn:ietf:params:xml:ns:keyprov:pskc" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; Version="1.0"> ... <Signature> <ds:SignedInfo> ... I have validated the example against the schema using xmllint. The XMLSec library templates create a Signature element like this: ... <ds:Signature> <ds:SignedInfo> ... With the "ds:" prefix on the Signature element, I get a schema validation error: pskctool/tests/pskc-figure9.xml:30: element Signature: Schemas validity error : Element '{http://www.w3.org/2000/09/xmldsig#}Signature': This element is not expected. Expected is one of ( {urn:ietf:params:xml:ns:keyprov:pskc}KeyPackage, {urn:ietf:params:xml:ns:keyprov:pskc}Signature, {urn:ietf:params:xml:ns:keyprov:pskc}Extensions ). However, I have come up with a temporary workaround: after xmlSecDSigCtxSign() succeeds, I do a xmlSetNs (signNode, NULL) to clear the namespace prefix for the Signature element. This seems quite ugly though. I have yet to write the code to verify these signatures though... /Simon _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
