Re: [xmlsec] xml signing binary files

Erwann Abalea Mon, 29 Apr 2019 01:08:03 -0700

Bonjour,

Why not have a standard template, and add a new dsig:Reference node for each of 
the files you want to sign into the dsig:Signature/dsig:SignedInfo tree?
Normally, you should already have this:
<dsig:Reference URI="">
  <dsig:Transforms>
    <dsig:Transform 
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
  </dsig:Transforms>
  <dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
  <dsig:DigestValue></dsig:DigestValue>
</dsig:Reference>


If you want to sign a file in addition to your XML file, just add this:
<dsig:Reference Id="document_0" URI="myfile.bin">
  <dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
  <dsig:DigestValue></dsig:DigestValue>
</dsig:Reference>

And sign the XML file the normal way (wih myfile.bin being present in your 
current directory).

Cordialement,
Erwann Abalea

Le 27/04/2019 05:02, « xmlsec au nom de Aleksey Sanin » 
<[email protected] au nom de [email protected]> a écrit :

    This is a very good question. I am traveling and can’t run a test. Can you 
try to use reference uri and base64 transform? The url parsing depends on the 
next transform input and by default c14n is applied which requires xml node set 
which forces xml parsing. I believe if next transform is base64 encoding then 
it should work but not 100% sure.
    
    
    Aleksey
    
    > On Apr 26, 2019, at 7:40 PM, Skip Carter <[email protected]> wrote:
    > 
    > Aleksey,
    > 
    > Thanks for your excellent XMLSEC library, I have been using it for
    > several years.  Yet in all that time I have not had the need to use
    > xmlsec for signing anything but XML files but now I do.
    > 
    > How do I sign a binary file ?  I used sign1.c and sign1-tmpl.xml
    > as a starting point and set Reference URI to point to the file, but
    > sign1 clearly expects to see the file as an XML file:
    > 
    > Entity: line 1: parser error : Document is empty
    > func=xmlSecParserPushBin:file=parser.c:line=182:obj=xml-
    > parser:subj=xmlParseChunk:error=5:libxml2 library function
    > failed:size=1024
    > func=xmlSecTransformPump:file=transforms.c:line=1694:obj=xml-
    > parser:subj=xmlSecTransformPushBin:error=1:xmlsec library function
    > failed: 
    > func=xmlSecTransformCtxUriExecute:file=transforms.c:line=1205:obj=unkno
    > wn:subj=xmlSecTransformPump:error=1:xmlsec library function
    > failed:uri=debian.jpg
    > ...
    > 
    > Is the an attribute in Reference that should be set for nonxml data ?
    > 
    > Thanks
    > 
    > -- 
    > Dr Everett (Skip) Carter
    > [email protected]
    > 
    > Taygeta Scientific Inc
    > 607 Charles Ave
    > Seaside CA 93955
    > 831-641-0645 x103
    > 
    > 
    
    _______________________________________________
    xmlsec mailing list
    [email protected]
    http://www.aleksey.com/mailman/listinfo/xmlsec
    

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Re: [xmlsec] xml signing binary files

Reply via email to