https://www.w3.org/TR/xmldsig-core1/#sec-CanonicalizationMethod
"CanonicalizationMethod is a required element that specifies the
canonicalization algorithm applied to the SignedInfo element prior to
performing signature calculations."
If you want to apply exc-c14n to the Reference, then you need to
specify it as a transform in the Reference itself.
Best,
Aleksey
On 8/8/19 9:17 AM, Nimish Telang wrote:
Hi,
Consider the following XML
doc:https://gist.github.com/nimish/b00fb8a75a8b4c424553783c7adb7656
I’m trying to verify the wsu:Timestamp element using the sibling
detached signature.
xmlsec1 --verify --id-attr:ID
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd:Timestamp";
--print-debug --store-references ./timestamp-wrapped.xml
will fail signature verification.
Output:https://gist.github.com/nimish/868029115e41fee5fe56b0b5b40872f4
I don’t see a “=== Transform: exc-c14n
(href=http://www.w3.org/2001/10/xml-exc-c14n#)” under the “REFERENCE
VERIFICATION CONTEXT” as I’d expect, which is likely what’s causing the
verification to fail. The only defined c14n algo is xml-exc-c14n.
The python package signxml, which was used to generate this signature,
can verify this just fine. I am not sure if this is signxml behaving
badly, or xmlsec1.
Any idea what I’m doing wrong?
Nimish
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
