[xmlsec] Problem with excluding signature
Jon Lind
jlind at ign.com
Wed Aug 2 09:53:57 PDT 2006
Hello. I have found discussion of excluding the signature with the
command line utility using --node-xpath, but I can't find an example.
When I use this I get "failed to find default node with
name='Signature'". Am I misusing the --node-xpath param?
xmlsec sign --pkcs12 private.pfx --store-signatures --print-debug
--node-xpath /Response/Assertion/Subject
--output xmlsec_signed.xml template_dsig.xml
Here is a snippet of my template. What I'm trying to do is create a
digest for the Subject only.
<Response>
<Assertion>
<Subject id="Subject">
<NameID
Format="urn:oasis:names:tc:1.1:nameid-format:unspecified">{A498DC30-A3F0
-48c1-B61C-9C7C849B5675}</NameID>
<SubjectConfirmation Method="urn:oasis:names:tc:2.0:cm:bearer">
<SubjectConfirmationData Address="68.87.127.5"
NotOnOrAfter="2005-11-04T03:55:49.633Z" />
</SubjectConfirmation>
</Subject>
</Assertion>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<dsig:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<dsig:Reference URI="#Subject">
<dsig:Transforms>
<dsig:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</dsig:Transforms>
<dsig:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<dsig:DigestValue></dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue></dsig:SignatureValue>
</dsig:Signature>
</Response>
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20060802/2787ef57/attachment-0002.htm
More information about the xmlsec
mailing list