<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html;charset=KOI8-R">
  <title></title>
</head>
<body>
Serial number and subject name are included in the certificate. Current
xmlsec code<br>
can read both &lt;dsig:<big><span class="000430516-24042003"><font
 size="2"><big>X509IssuerSerial/&gt; and &lt;dsig:</big></font></span><span
 class="000430516-24042003"><font size="2"><big>X509SubjectName/&gt;
nodes and<br>
search local certificates store for specified certificates. However, it
does not provide<br>
an ability to write these nodes. As I said, this information is already
available from<br>
the &lt;dsig:X509Certificate/&gt; node and (</big></font></span></big><big><span
 class="000430516-24042003"></span></big><big><span
 class="000430516-24042003"><font size="2"><big>IMHO) </big></font></span></big><big><span
 class="000430516-24042003"><font size="2"><big>duplicating itš</big></font></span></big><big><span
 class="000430516-24042003"><font size="2"><big></big></font></span></big><big><span
 class="000430516-24042003"><font size="2"><big>is just a waste of
traffic.<br>
So the answer is "you could not do it". But I accept contributions and
you can hack it <br>
by yourself </big></font></span></big><big><span
 class="000430516-24042003"><font size="2"><big>:) </big></font></span></big><big><span
 class="000430516-24042003"><font size="2"><big>Probably there should
be a flag(s) in xmlSecKeyInfoCtx that tells xmlsec<br>
how to write certificates: &lt;dsig:X509Data/&gt;, </big></font></span></big>&lt;dsig:<big><span
 class="000430516-24042003"><font size="2"><big>X509IssuerSerial/&gt;,
etc. or it<br>
can be specified in the template; please note that you might have
*multiple* certificates<br>
for the key.</big></font></span></big><big><span
 class="000430516-24042003"><font size="2"><big><br>
<br>
BTW, I would appreciate if you will use xmlsec mailing list for all
xmlsec related<br>
questions. <br>
<br>
Thanks,<br>
Aleksey<br>
</big></font></span></big>
<div><span class="000430516-24042003"><font face="Arial" size="2"><br>
<br>
</font></span></div>
<span class="000430516-24042003"></span><br>
<br>
Victor Sturgeon wrote:<br>
<blockquote type="cite"
 cite="midB5D0B243841E0B4BA7BFCE18D244FFA32B109A@intexchg.isdomain.intrsoft.com">
  <meta http-equiv="Content-Type" content="text/html; ">
  <title>Message</title>
  <meta content="MSHTML 6.00.2800.1141" name="GENERATOR">
  <div><font face="Arial" size="2"><span class="000430516-24042003">Using
the following as my xml file test7.xml, I wanted to sign it via the
xmlsec utility</span></font></div>
  <div><font face="Arial" size="2"><span class="000430516-24042003"></span></font>š</div>
  <div><font face="Arial" size="2"><span class="000430516-24042003">&lt;?xml
version="1.0" encoding="UTF-8"?&gt;<br>
&lt;Signature xmlns="<a href="http://www.w3.org/2000/09/xmldsig">http://www.w3.org/2000/09/xmldsig</a>#"&gt;<br>
š &lt;SignedInfo&gt;<br>
ššš &lt;CanonicalizationMethod Algorithm="<a
 href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315">http://www.w3.org/TR/2001/REC-xml-c14n-20010315</a>"
/&gt;<br>
ššš &lt;SignatureMethod Algorithm="<a
 href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>"
/&gt;<br>
ššš &lt;Reference URI="#object"&gt;<br>
ššššš &lt;DigestMethod Algorithm="<a
 href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>"
/&gt;<br>
ššššš &lt;DigestValue&gt;&lt;/DigestValue&gt;<br>
ššš &lt;/Reference&gt;<br>
š &lt;/SignedInfo&gt;<br>
š &lt;SignatureValue&gt;<br>
š &lt;/SignatureValue&gt;<br>
šš &lt;KeyInfo&gt;<br>
šššš &lt;X509Data&gt;<br>
šššš &lt;/X509Data&gt;<br>
šš &lt;/KeyInfo&gt;<br>
š &lt;Object Id="object"&gt;some text&lt;/Object&gt;<br>
&lt;/Signature&gt;</span></font></div>
  <div>š</div>
  <div><font face="Arial" size="2"><a
 href="mailto:victor@victors:%7E/xmlsec">victor@victors:~/xmlsec</a>&gt;
xmlsec1 --sign --privkey privatekey.pem,certificate.pem
test7.xmlšššššššššššššššš </font></div>
  <div>š</div>
  <div><span class="000430516-24042003"></span><font face="Arial"
 size="2">G<span class="000430516-24042003">ives the following output</span><br>
  </font></div>
  <div><font face="Arial" size="2">&lt;?xml version="1.0"
encoding="UTF-8"?&gt;<br>
&lt;Signature xmlns="</font><a href="http://www.w3.org/2000/09/xmldsig"><font
 face="Arial" size="2">http://www.w3.org/2000/09/xmldsig</font></a><font
 face="Arial" size="2">#"&gt;<br>
š &lt;SignedInfo&gt;<br>
ššš &lt;CanonicalizationMethod Algorithm="</font><a
 href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315%22/"><font
 face="Arial" size="2">http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/</font></a><font
 face="Arial" size="2">&gt;<br>
ššš &lt;SignatureMethod Algorithm="</font><a
 href="http://www.w3.org/2000/09/xmldsig#rsa-sha1%22/"><font
 face="Arial" size="2">http://www.w3.org/2000/09/xmldsig#rsa-sha1"/</font></a><font
 face="Arial" size="2">&gt;<br>
ššš &lt;Reference URI="#object"&gt;<br>
ššššš &lt;DigestMethod Algorithm="</font><a
 href="http://www.w3.org/2000/09/xmldsig#sha1%22/"><font face="Arial"
 size="2">http://www.w3.org/2000/09/xmldsig#sha1"/</font></a><font
 face="Arial" size="2">&gt;<br>
ššššš
&lt;DigestValue&gt;7/XTsHaBSOnJ/jXD5v0zL6VKYsk=&lt;/DigestValue&gt;<br>
ššš &lt;/Reference&gt;<br>
š &lt;/SignedInfo&gt;<br>
š
&lt;SignatureValue&gt;slrp2j30ePW08ObT49frswmN0dQGTOK/SQ9sljMUpfebOudpeI+uebQHU2eUlGI2<br>
A2GpWQqKLichKYO7d9luury5/jxjCMeLIoZtsWo5rCXUaoH9DXLPMymWNYCy0xbW<br>
zOwTyBj6AGPDArsNiz25JOzQZ1Kt36qcsaWCbR8KEru3YhtKLloMYfS83jN0HPMJ<br>
YgjkuH1OXRW3cDe5/kSiwU23d9TodXXa1dhzrq+Qoo4reR7g6MN+uVYe87tcDlzs<br>
+2ozmEW4EquJuwVohrMYJrhInZJs7ooZQ3e4o0WNHfvFSpSptMQ8K9nqjrFi4U9F<br>
Iv4PpTLDvbi9zKzUnqXKVw==&lt;/SignatureValue&gt;<br>
šš &lt;KeyInfo&gt;<br>
šššš &lt;X509Data&gt;<br>
šššš
&lt;X509Certificate&gt;MIIE/DCCA+SgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBsTELMAkGA1UEBhMCVVMx<br>
ETAPBgNVBAgTCElsbGlub2lzMRMwEQYDVQQHEwpOYXBlcnZpbGxlMRYwFAYDVQQK<br>
Ew1TdHVyZ2VvbiBNYWlsMRYwFAYDVQQLEw1TdHVyZ2VvbiBNYWlsMR4wHAYDVQQD<br>
ExVTdHVyZ2VvbiBNYWlsIFJvb3QgQ0ExKjAoBgkqhkiG9w0BCQEWG3Bvc3RtYXN0<br>
ZXJAc3R1cmdlb25tYWlsLmNvbTAeFw0wMzAyMTQxNzAzMzRaFw0xMzAyMTExNzAz<br>
MzRaMIGPMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEzARBgNVBAcT<br>
Ck5hcGVydmlsbGUxFjAUBgNVBAoTDVN0dXJnZW9uIE1haWwxGDAWBgNVBAMTD1Zp<br>
Y3RvciBTdHVyZ2VvbjEmMCQGCSqGSIb3DQEJARYXdmljdG9yQHN0dXJnZW9ubWFp<br>
bC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJUk+v64R7gn0G<br>
A10PhY9Gz3c8qM9f/GFHbjN+/+IwFq9UMyFOt7JiWlRT3+dKxZsNH3tV8bfHy32B<br>
vTQKpd37LAdo99MrSNO2A5+awKLlv8mp7AIEf/Q2aEBSeSBdvbn9aGNTpnOkdmrm<br>
V9ewaUuA/Ew7u8qz1aeMFSm5YAuO1vZSQ3+mqDmO7hZHEJ4XOk+UKDw3A/GMwS7T<br>
IbA9uO1YSaysxkx//pPCJlV3T5uSodmO//xq20GOvRPp6yF7CS/+cypWZn8mIdxE<br>
Eu4ZbydW5JnWFN2dpnn6buPtH57VXh+N/hkJUHCEQvao9xihV+LwWSXjyzxXI7oV<br>
V0mZ53+RAgMBAAGjggE9MIIBOTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P<br>
cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUNXEudkuLZUD9<br>
Kvtl00EskfCceU0wgd4GA1UdIwSB1jCB04AU8KerK52F1WKOJnanhpe9Anq2fJCh<br>
gbekgbQwgbExCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczETMBEGA1UE<br>
BxMKTmFwZXJ2aWxsZTEWMBQGA1UEChMNU3R1cmdlb24gTWFpbDEWMBQGA1UECxMN<br>
U3R1cmdlb24gTWFpbDEeMBwGA1UEAxMVU3R1cmdlb24gTWFpbCBSb290IENBMSow<br>
KAYJKoZIhvcNAQkBFhtwb3N0bWFzdGVyQHN0dXJnZW9ubWFpbC5jb22CAQAwDQYJ<br>
KoZIhvcNAQEEBQADggEBABKB8KYPUt7pwEOc+y+8iZYxHnDhi/DkZW5KOwu4j9J4<br>
MYtdwzFJCQi+51T++7X7cOGcHzhxtVznadlSEH+q2r7NFIRnyZWAKtaK6AWG5l0j<br>
nFN/t3fkgMXtVL4ImrCNme2ZxG+5irTXCSa3EvOCZRLQwPkvWTJpTZs4KRfm+wX5<br>
kDdmfMNpXthkJehNZS+wLsGAoUYkDc5wmeMGf8894l3MzGMiNSuwzv2TILEOGHad<br>
t4dJaIgETmG6HaSErWD4UhN4jp502RWd+nui/p7MVyRq4vYrvBMCd691WccVtWW7<br>
y4zlnVaQXoGHOsymuqvi6toE4By4P6/ssE7FfMDuvTY=&lt;/X509Certificate&gt;<br>
&lt;/X509Data&gt;<br>
šš &lt;/KeyInfo&gt;<br>
š &lt;Object Id="object"&gt;some text&lt;/Object&gt;<br>
&lt;/Signature&gt;</font></div>
  <div>š</div>
  <div><span class="000430516-24042003"><font face="Arial" size="2">Which
verifies fine with </font></span></div>
  <div><span class="000430516-24042003"><font face="Arial" size="2"><a
 href="mailto:victor@victors:%7E/xmlsec">victor@victors:~/xmlsec</a>&gt;
xmlsec1 --verify --trusted cacert.pem sign7.xmlššššššššššššš <br>
OK<br>
SignedInfo References (ok/all): 1/1<br>
Manifests References (ok/all): 0/0</font></span></div>
  <div><span class="000430516-24042003"></span>š</div>
  <div><span class="000430516-24042003"><font face="Arial" size="2">I
notice that the xmlsec utility fills in the X509Data fields with the
X509Certificate info.</font></span></div>
  <div><span class="000430516-24042003"></span>š</div>
  <div><span class="000430516-24042003"><font face="Arial" size="2">My
question is, what do I need to do to have the utility also
automatically fill in the following info:</font></span></div>
  <div><span class="000430516-24042003"><font face="Arial" size="2">X509IssuerSerial</font></span></div>
  <div><span class="000430516-24042003"><font face="Arial" size="2">X509SubjectName</font></span></div>
  <div><span class="000430516-24042003"></span>š</div>
  <div><span class="000430516-24042003"><font face="Arial" size="2">Thanks
for your insight.</font></span></div>
  <div><span class="000430516-24042003"></span>š</div>
  <div><span class="000430516-24042003"></span>š</div>
</blockquote>
</body>
</html>