[xmlsec] whitespaces inside the XML Signature element
Alex Salcianu
asalcianu at itasoftware.com
Wed May 9 08:55:11 PDT 2007
Hello!
I'm trying to generate XML signatures that are "resistent" to
changes in the whitespaces used for indentation. I've managed to
make my signatures resistent to some changes in the indentation
(e.g., by using a whitespace-stripping XSLT transform).
Still, I don't see how I can achieve resistance to whitespaces used
for indentation inside the Signature element. E.g., I want to
preserve the signature validity regardless of the number of spaces
before <SignedInfo> in the example below.
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
The canonicalization alg. takes care of some of the whitespaces
(e.g., the ones between attributes), but, as explained at
http://www.research.ibm.com/trl/projects/xml/xss4j/docs/dsig-howto.html
all canonicalization algs. "are sensitive to whitespace outside tags."
Any ideas?
The reason I'm trying to do this is that I consider indentation
whitespaces irrelevant for the actual document, and I think they
should be irrelevant for the signature.
Thanks,
Alex
More information about the xmlsec
mailing list