[xmlsec] Canonicalization question
Aleksey Sanin
aleksey at aleksey.com
Tue Feb 25 07:48:42 PST 2003
http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel:
The |Transforms| specified in this document are defined with respect to
the input they require.
The following is the default signature application behavior:
* If the data object is an octet stream and the next transform
requires a node-set,
the signature application MUST attempt to parse the octets
yielding the required
node-set via [XML <http://www.w3.org/TR/xmldsig-core/#ref-XML>]
well-formed processing.
* If the data object is a node-set and the next transform requires
octets, the signature
application MUST attempt to convert the node-set to an octet
stream using
Canonical XML [XML-C14N
<http://www.w3.org/TR/xmldsig-core/#ref-XML-C14N>].
Which means that if you do not specify C14N then the default one would
be used
when needed.
Aleksey
Veiko.Sinivee at seb.se wrote:
>Hi Folks!
>
>I would like to ask you a simple thing - should I canonicalize
>all signed content before calculating the digest or not?
>XML-DSIG says I should canonicalize <SignedInfo> but
>for verifying <Reference> -s XML-DSIG says just apply the Transform-s
>and calculate the digest. So if a <Reference> contains a digest of some
>block of xml data, should it be canonicalized or not?
>
>Regards,
>
>Veiko
>
>_______________________________________________
>xmlsec mailing list
>xmlsec at aleksey.com
>http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
More information about the xmlsec
mailing list