[xmlsec] Verifying Detached signature

Chandra Nemalikanti chandra.nemalikanti@divine.com
Wed, 25 Jun 2003 20:51:35 +0530


Thanks for the reply, Aleksey!!
And yes, I have subscribed to the group just now. I didn't subscribe earlier
as my official email id is in transition and changing.

In continuation to your reply, I also have some questions:

1) Actually I tried doing what you said, but I am getting some errors.

( I am at a beginner level in XML transforms).
I am trying to sign an xml document like this :
 sign3-testdoc.xml
-------------------------------------
<PARes Id="PARes12345">
        Hello, World!
</PARes>
----------------------------------------
In the code in sign3.c I tried to add a URI by calling the following
function like this:
....
 const xmlChar id[] = "PARes12345";
    const xmlChar uri[] = "#PARes12345";
.......
 refNode = xmlSecTmplSignatureAddReference(signNode, xmlSecTransformSha1Id,
id, uri, NULL);
-------------
/* I also commented out the xmlSecTmplReferenceAddTransform function call as
I want a signature without any transform defined  in the reference element
*/
------------------------------------------------------------

But after I execute this I get the signature file in which the reference
element is defined like this:( I don't know if the string "Id="PARes12345""
is required)
.....
<Reference Id="PARes12345" URI="#PARes12345">
...

Also the signature check fails for this output file from the sign3.

Hope I am clear in my explanation.

Thanks,
Chandra


-----Original Message-----
From: Aleksey Sanin [mailto:aleksey@aleksey.com]
Sent: Wednesday, June 25, 2003 11:21 AM
To: Chandra Nemalikanti
Cc: xmlsec@aleksey.com
Subject: Re: [xmlsec] Verifying Detached signature


XMLSec library does support the de-attached signatures. You just need to
prepare a template with a non-empty URI in the <dsig:Reference/> element :)
Read the spec one more time and look at the examples from the test suite :)

Aleksey

P.S. You will have a much better chance to get you message delivered to
mailing list if you subscribe to it :)