[xmlsec] Re: XML digital signature enveloped

Aleksey Sanin aleksey at aleksey.com
Fri May 9 09:26:40 PDT 2003


The short answer: you could not do it with enveloped transform only.
By definition [1], enveloped transform signs all document but the current
<dsig:Signature/> element and its subtree.
You have to use either XPath transform in addition to (or instead of)
enveloped signature or use URI attribute in <dsig:Reference/> element.

Aleksey
   
[1] http://www.w3.org/TR/xmldsig-core/#sec-EnvelopedSignature

Francisco Lechón wrote:

> Hi,
>
> I'm using your api for sign and verify digital signatures, and I want 
> to sign with  Enveloped Transform, a document like this:
>
> <root>
>  <item>
>      <data>111111<data>
>  </item>
> </root>
>
> But only I want to sign the content of the "data"
> I'm signed the document with xmlsec, but when I'm use
>
> xmlSecReferenceAddTransform(referenceNode,xmlSecTransformEnveloped);
>
> and the reference node create like this
>
> xmlSecSignedInfoAddReference(signedInfoNode,NULL,"",NULL);
>
> ALL the document it's signed, not only the content of the <data>.
>
> How I can with transform ennveloped do that (without ID's)?
> It's Ok  that way or not?.
>
> The signed document must be of the following form:
> <root>
>  <item>
>      <data>111111<data>
>  </item>
>  <Signature>
>    ..... .
>     .......
>  </Signature>
> </root>
>
> But that the signature only includes as data the node < data >.
>
> It is this possible one?  It would thank for a little aid.
> Thanks.
>
> _________________________________________________________________
> Descubre el mayor catálogo de coches de la Red en MSN Motor. 
> http://motor.msn.es/researchcentre/





More information about the xmlsec mailing list