[xmlsec] Digest Method & Canonicalization

Ashish Agrawal meetashish at gmail.com
Mon Jun 1 08:32:01 PDT 2009 

Hi Aleksey,

Thanks for prompt reply.

The basis of my argument is the newer Widgets DSig specifies certain fixed
values for Canonicalizationmethod & Digest Method.

Eg:
<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
     <SignedInfo>
         <CanonicalizationMethod
             Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
         <SignatureMethod
             Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
/>
         <Reference URI="config.xml">
             <DigestMethod Algorithm="
http://www.w3.org/2001/04/xmlenc#sha256"/>
             <DigestValue>j6...8nk=</DigestValue>
       </Reference>
        <Reference URI="index.html">
             <DigestMethod Algorithm="
http://www.w3.org/2001/04/xmlenc#sha256"/>
             <DigestValue>lm...34=</DigestValue>
      </Reference>
       <Reference URI="icon.png">
             <DigestMethod Algorithm="
http://www.w3.org/2001/04/xmlenc#sha256"/>
             <DigestValue>pq...56=</DigestValue>
       </Reference>
    </SignedInfo>
    <SignatureValue>MC0E~LE=</SignatureValue>
   <KeyInfo>
      <X509Data>
           <X509Certificate>MI...lVN</X509Certificate>
       </X509Data>
    </KeyInfo>
</Signature>


So when i create a signature file with the abov mentioned canonicalizaiton
and Digest method, xmlsec fails.
Pls clarify.

Regards,
Ashish

On Mon, Jun 1, 2009 at 8:55 PM, Aleksey Sanin <aleksey at aleksey.com> wrote:

> xmlsec implements XML DSig and the Widgets DSig is just
> a profile of XML DSig. Thus, I don't see why you claim
> that xmlsec doesn't support it.
>
> Aleksey
>
> Ashish Agrawal wrote:
>
>> Hi Aleksey,
>>
>> I need to support *http://www.w3.org/TR/2009/WD-widgets-digsig-20090331/*
>> and seems that current version of xmlsec doesn't support it, Is there any
>> plan for it.
>>
>> Regards,
>> Ashish
>>
>> On Mon, Jun 1, 2009 at 8:02 PM, Aleksey Sanin <aleksey at aleksey.com<mailto:
>> aleksey at aleksey.com>> wrote:
>>
>>    https://www.aleksey.com/xmlsec/xmldsig.html
>>
>>    Aleksey
>>
>>    Ashish Agrawal wrote:
>>
>>        Hi Aleksey,
>>
>>        i want to know which standards of DigestMethod and
>>        Canonicalization Method is supported by xmlsec currently.
>>
>>        I ve a requirement where i ve the Digest method as:
>>        http://www.w3.org/2000/09/xmldsig#sha256 and Canonicalization
>>        methord as : http://www.w3.org/2006/12/xml-c14n11.
>>        Will this be supported ?
>>
>>        ~Ashish
>>
>>
>>
>>  ------------------------------------------------------------------------
>>
>>        _______________________________________________
>>        xmlsec mailing list
>>        xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>>        http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20090601/cd7d3639/attachment-0001.htm

More information about the xmlsec mailing list