[xmlsec] Enveloped Signature transformation
Javier Borrajo
JBorrajo at Laudus.cl
Wed Mar 25 02:31:01 PST 2009
Hi,
I would be very grateful if someone can tell me what is the real
transformation that xmldsig#enveloped-signature does. In other words:
I have a simple XML document to sign:
<?xml version="1.0" encoding="ISO-8859-1"?>
<document>
<item>
<subItem>123456</subItem>
</item>
</document>
And I sign it using the template file for XMLSec:
<?xml version="1.0" encoding="ISO-8859-1"?>
<document>
<item>
<subItem>000000099178</subItem>
</item>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue/>
<KeyInfo>
<KeyValue/>
</KeyInfo>
</Signature>
</getToken>
The value for <DigestValue> is calculated canonicalizating the document,
and it is easy to obtain. But this <DigestValue> is not what is signed;
it suffers some transformations, and then it is signed. I would like to
know what are these transformations, and the final string that really
gets signed in this example.
Thanks a lot,
Javier.
--
Javier Borrajo
/ Laudus SA/
/ Coyancura 2241, Of 83 - Providencia/
( / 469 2100/
* / JBorrajo at Laudus.cl <mailto:JBorrajo at Laudus.cl>/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20090325/2388502b/attachment.htm
More information about the xmlsec
mailing list