[xmlsec] libxml2 --without-http ... and xmlsec
Aleksey Sanin
aleksey at aleksey.com
Fri Jul 4 10:51:42 PDT 2003
>
> My question, as novice for xmlsec is how important for
> "merlin-xmldsig-twenty-three/signature-external-b64-dsa" test is data
> referenced from URIs ?
It's important. This test makes sure that "external signatures" are
supported (see
xmldsig spec for definition).
> when I would instead of external to use enveloping signature, how to
> compute object id, where to look in source or better to remove URI?
It depends on the situation. There are 3 major signature types:
enveloping, enveloped and external.
The first two define signature included in the same document as signed
data. In the 3rd case
the XML signature is applied to an external resource thus it verifies
that this external resource
was not changed. For example, your external data file might be HUGE (say
100-200 GB) and you
just do not want to put it in XML file because XML processor might die
reading it. When xmlsec
processes external signature it does not read the whole binary file in
memory thus it allows
you to sign such huge files.
>
> Really I would like to have my own callback but not in XmlLIB rather
> in XmlSEC.
Actually you probably want to replace both :) Good news is that they
areexactly the same,
just registered in 2 different places. The reason is that LibXML
callbacks are used for XML
files and support some "additional" features like automatic gunzip.
XMLSec uses its own
callbacks for binary files and LibXML callbacks for XML files.
Aleksey
More information about the xmlsec
mailing list