[xmlsec] Digest Method & Canonicalization

Ashish Agrawal meetashish at gmail.com
Tue Jun 2 09:09:15 PDT 2009 

ok , thanks for pointing.

also i need to provide support for the digest method as :
http://www.w3.org/200009/xmldsig#sha256<http://www.w3.org/2000/09/xmldsig#sha256>

for supporting this do i need to modify xmlsec ?

Regards,
Ashish

On Tue, Jun 2, 2009 at 8:01 PM, Aleksey Sanin <aleksey at aleksey.com> wrote:

> Look at LibXML2 library, file c14n.c
>
> Aleksey
>
> Ashish Agrawal wrote:
>
>> Hi Aleksey,
>>
>> I would like to work on providing the latest canonical support, can u give
>> me some pointers on the areas in the code where i need to foucs for the
>> changes.
>>
>> Regards,
>> Ashish
>>
>> On Mon, Jun 1, 2009 at 9:06 PM, Aleksey Sanin <aleksey at aleksey.com<mailto:
>> aleksey at aleksey.com>> wrote:
>>
>>    Sure, I see your point. Well, I haven't seen a lot of interest
>>    in C14N 1.1 support so far. BTW, C14N is a part of LibXML2.
>>    If you need C14N 1.1, then I am sure that Daniel will be happy
>>    to apply your patches to the main tree.
>>
>>    Aleksey
>>
>>
>>    Ashish Agrawal wrote:
>>
>>        Hi Aleksey,
>>
>>        Thanks for prompt reply.
>>
>>        The basis of my argument is the newer Widgets DSig specifies
>>        certain fixed values for Canonicalizationmethod & Digest Method.
>>
>>        Eg:
>>        <?xml version="1.0" encoding="UTF-8"?>
>>        <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>>            <SignedInfo>
>>                <CanonicalizationMethod
>>                    Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
>>                <SignatureMethod
>>                          Algorithm="
>> http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
>>                <Reference URI="config.xml">
>>                    <DigestMethod
>>        Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>>                    <DigestValue>j6...8nk=</DigestValue>
>>              </Reference>
>>               <Reference URI="index.html">
>>                    <DigestMethod
>>        Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>>                    <DigestValue>lm...34=</DigestValue>
>>             </Reference>
>>              <Reference URI="icon.png">
>>                    <DigestMethod
>>        Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>>                    <DigestValue>pq...56=</DigestValue>
>>              </Reference>
>>           </SignedInfo>
>>           <SignatureValue>MC0E~LE=</SignatureValue>
>>          <KeyInfo>
>>             <X509Data>
>>                  <X509Certificate>MI...lVN</X509Certificate>
>>              </X509Data>
>>           </KeyInfo>
>>        </Signature>
>>
>>
>>        So when i create a signature file with the abov mentioned
>>        canonicalizaiton and Digest method, xmlsec fails.
>>        Pls clarify.
>>
>>        Regards,
>>        Ashish
>>
>>        On Mon, Jun 1, 2009 at 8:55 PM, Aleksey Sanin
>>        <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
>>        <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>> wrote:
>>
>>           xmlsec implements XML DSig and the Widgets DSig is just
>>           a profile of XML DSig. Thus, I don't see why you claim
>>           that xmlsec doesn't support it.
>>
>>           Aleksey
>>
>>           Ashish Agrawal wrote:
>>
>>               Hi Aleksey,
>>
>>               I need to support
>>               *http://www.w3.org/TR/2009/WD-widgets-digsig-20090331/*
>>               and seems that current version of xmlsec doesn't support
>>        it, Is
>>               there any plan for it.
>>
>>               Regards,
>>               Ashish
>>
>>               On Mon, Jun 1, 2009 at 8:02 PM, Aleksey Sanin
>>               <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
>>        <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>
>>               <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>
>>        <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>>> wrote:
>>
>>                  https://www.aleksey.com/xmlsec/xmldsig.html
>>
>>                  Aleksey
>>
>>                  Ashish Agrawal wrote:
>>
>>                      Hi Aleksey,
>>
>>                      i want to know which standards of DigestMethod and
>>                      Canonicalization Method is supported by xmlsec
>>        currently.
>>
>>                      I ve a requirement where i ve the Digest method as:
>>                      http://www.w3.org/2000/09/xmldsig#sha256 and
>>        Canonicalization
>>                      methord as : http://www.w3.org/2006/12/xml-c14n11.
>>                      Will this be supported ?
>>
>>                      ~Ashish
>>
>>
>>
>>  ------------------------------------------------------------------------
>>
>>                      _______________________________________________
>>                      xmlsec mailing list
>>                      xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>>        <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>
>>               <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>>        <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>>
>>
>>
>>                      http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>>               _______________________________________________
>>               xmlsec mailing list
>>               xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>>        <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>
>>               http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20090602/7d816f5a/attachment-0001.htm

More information about the xmlsec mailing list