[xmlsec] whitespaces inside the XML Signature element

Alex Salcianu asalcianu at itasoftware.com
Wed May 9 08:55:11 PDT 2007


Hello!

I'm trying to generate XML signatures that are "resistent" to
changes in the whitespaces used for indentation.  I've managed to
make my signatures resistent to some changes in the indentation
(e.g., by using a whitespace-stripping XSLT transform).

Still, I don't see how I can achieve resistance to whitespaces used
for indentation inside the Signature element.  E.g., I want to
preserve the signature validity regardless of the number of spaces
before <SignedInfo> in the example below.

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  <SignedInfo>
    <CanonicalizationMethod 
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>

The canonicalization alg. takes care of some of the whitespaces
(e.g., the ones between attributes), but, as explained at

http://www.research.ibm.com/trl/projects/xml/xss4j/docs/dsig-howto.html

all canonicalization algs. "are sensitive to whitespace outside tags."

Any ideas? 

The reason I'm trying to do this is that I consider indentation
whitespaces irrelevant for the actual document, and I think they
should be irrelevant for the signature.

Thanks,

Alex




More information about the xmlsec mailing list