Thanks, I'll check it out.
On Mon, Nov 30, 2020 at 1:17 PM Aleksey Sanin <[email protected]> wrote: > > For cases like this, XML Dsig spec has Object elements: > > https://www.w3.org/TR/xmldsig-core1/#sec-Object > > That can be used to validate the digest w/o invalidating > the signature itself if something goes wrong. > > Aleksey > > On 11/30/20 8:46 AM, Timothy Legge wrote: > > Hi Aleksey > > > > That does make sense to me. I don't have full information about the > > original XML file so I can't say if it was a problem with what was > > provided to me. I am working on perl's XML::Sig and this case caught > > me by surprise. I will need to get some more information on where and > > how the file was generated. > > > > Tim > > > > On Mon, Nov 30, 2020 at 12:41 PM Aleksey Sanin <[email protected]> wrote: > >> > >> Hi Tim, > >> > >> I believe that technically inability to resolve a URI for a Reference > >> (e.g. ID in your case) should result in a failure for calculating digest > >> thus making the signature invalid. > >> > >> Best, > >> > >> Aleksey > >> > >> On 11/25/20 7:31 PM, Timothy Legge wrote: > >>> Hi > >>> > >>> I recently had a file that had three signatures but one of the > >>> References in the file did not point to anything in the XML file. > >>> > >>> https://pastebin.com/raw/8TWV0AZW > >>> > >>> What does one do with that? In my case I used the reference to look > >>> for a matching node with the ID set to the value of the reference. > >>> Since it was not in the file, I skipped processing that signature. > >>> > >>> I know it's a little off topic for this list but I imagine you have > >>> seen something similar before. > >>> > >>> Tim > >>> _______________________________________________ > >>> xmlsec mailing list > >>> [email protected] > >>> http://www.aleksey.com/mailman/listinfo/xmlsec > >>> _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
