[xmlsec] encrypting/signing parts of xml
Varun Sekhri
varunsekhri at yahoo.co.uk
Sun Jul 25 18:31:47 PDT 2004
Hello Aleksey,
I followed the code and encryption and decryption
works just as I wanted :).
I was doing the same procedure for signatures.
my sample xml file is given below.
i read the code and also executed the utility with two
different options
1. xmlsec1 --sign --output out1.xml --node-xpath
//daily-values[1] --privkey-pem rsakey.pem
mysample.xml
2. xmlsec1 --sign --output out1.xml --node-xpath
//daily-values[2] --privkey-pem rsakey.pem
mysample.xml
My both runs gave me exact same answer, as i checked
the digest values and ny diff utility. As i read the
code, the first command shld give me an error because
in the code
data->startNode=xmlSecFindNode(cur,defStartNodeName,defStartNodeNs);
should be NULL.
While the second command should work.
In any case, even if the API xmlSecFindNode finds the
xmlnode, still the results should be different.
Please correct me where am I wrong.
One more question
When I execute commmand
xmlSecDSigCtxSign(dsigCtx, signNode), signNode is
always the template, So this means that the API
calculates the digest of the parent node of the
template and then signs it.
Thanks
Varun
<?xml version="1.0"?>
<?xml-stylesheet type="text/css"
href="nutrition.css"?>
<nutrition>
<daily-values>
<sodium units="mg">2400</sodium>
<carb units="g">30444440</carb>
<fiber units="g">25</fiber>
<protein units="g">50</protein>
</daily-values>
<daily-values>
<carb units="g">300</carb>
<fiber units="g">111111125</fiber>
<protein units="g">50</protein>
<Signature
xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/>
<Reference URI="">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue/>
<KeyInfo>
<KeyName/>
</KeyInfo>
</Signature>
</daily-values>
</nutrition>
--- Aleksey Sanin <aleksey at aleksey.com> wrote: > Take
a look inside xmlsec command line utility:
> apps/xmlsec.c
> It has an option "--node-xpath" that does exactly
> what you need.
> Just follow the code to find out the c code that
> does it.
>
> Aleksey
>
___________________________________________________________ALL-NEW Yahoo! Messenger - all new features - even more fun! http://www.allnewmessenger.com
More information about the xmlsec
mailing list