SV: [xmlsec] namepace and cannoalization methods
Hårek Ryeng
haarek.ryeng at welldiagnostics.com
Wed Jul 23 05:44:16 PDT 2003
Ok I found the xmlSecTransformInclC14Nid define and used it instead of
the xmlSecTransformExclC14NId in xmlSecTmplSignatureCreate().
That did the trick on the canonalization transform stuff.
It still leaves the issue of the namespace.
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
</Signature>
should be accepted by the receiver of a signed message shouldnt it?
And there is no way of specifying the following in XMLSec?
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
</ds:SignedInfo>
-----Opprinnelig melding-----
Fra: xmlsec-admin at aleksey.com [mailto:xmlsec-admin at aleksey.com] På vegne
av Hårek Ryeng
Sendt: 23 July 2003 12:02
Til: xmlsec at aleksey.com
Emne: [xmlsec] namepace and cannoalization methods
I have an ebXML message receiving party that is hassling me for sending
the wrong canonalization transform in the envelope. Also he is not happy
for the lack of namespace in the signature element and sub elements.
Excuse me for asking, but Im not to good at the secure xml syntax
yet
So, here are some simple questions for the gurus on this list:
1) Is there a difference between the cannonalization algorithm
http://www.w3.org/TR/2001/REC-xml-c14n-20010315 and
http://www.w3.org/2001/10/xml-exc-c14n# (which I seem to get from XMLSec
when specifying c14 without comments)? Why the # any not an exact
number?
2) There is still now way of specifying a namespace prefix in XMLSec?
Thanks,
- Haarek -
FYI:
Receiver wants:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:Canonic
alizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMet
hod>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:T
ransform>
<ds:Transform
Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><ds:XPath
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">not(ancestor-
or-self::node()[@SOAP-ENV:actor="urn:oasis:names:tc:ebxml-msg:actor:next
MSH"] |
ancestor-or-self::node()[@SOAP-ENV:actor="http://schemas.xmlsoap.org/soa
p/actor/next"])</ds:XPath></ds:Transform>
<ds:Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:Transfo
rm>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>l+SR9a3LYKC5UMviBnjbqTEZKSY=</ds:DigestValue>
</ds:Reference>
Im producing:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="my-signature">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath>not(ancestor-or-self::node()[@SOAP-ENV:actor="urn:oasis::nam
es:tc:ebxml-msg:actor:nextMSH"]|
ancestor-or-self::node()[@SOAP-ENV:actor="http://schemas.xmlsoap.or
g/soap/actor/next"])</XPath>
</Transform>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>HZa63vnTk3U4nzkklOREemKTNrs=</DigestValue>
</Reference>
W | Hårek Ryeng, Senior System Developer
E | Well Diagnostics AS, Forskningsparken, 9291 Tromsø
L | Tel: +47 77 75 76 79 (70), Cell: +47 970 05 022, Fax: +47 77 75 76
99
L | <http://www.welldiagnostics.com/> http://www.welldiagnostics.com/
<http://www.welldiagnostics.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20030723/c70b42a8/attachment.htm
More information about the xmlsec
mailing list