Well, sorry but if you have unknown transfor the digest/signature will not be valid anyway. I don't see reasons to continue verification in this case. Writing your own transform should not be that hard. Take any transform from xmlsec code, modify it as you need and register in xmlsec on startup of your application. Aleksey