[xmlsec] Digest Method & Canonicalization

Aleksey Sanin aleksey at aleksey.com
Tue Jun 2 09:13:16 PDT 2009


xmlsec support SHA256, your URL is incorrect:

http://www.aleksey.com/pipermail/xmlsec/2005/007037.html

Aleksey

Ashish Agrawal wrote:
> ok , thanks for pointing.
> 
> also i need to provide support for the digest method as : 
> http://www.w3.org/200009/xmldsig#sha256 
> <http://www.w3.org/2000/09/xmldsig#sha256>
> 
> for supporting this do i need to modify xmlsec ?
> 
> Regards,
> Ashish
> 
> On Tue, Jun 2, 2009 at 8:01 PM, Aleksey Sanin <aleksey at aleksey.com 
> <mailto:aleksey at aleksey.com>> wrote:
> 
>     Look at LibXML2 library, file c14n.c
> 
>     Aleksey
> 
>     Ashish Agrawal wrote:
> 
>         Hi Aleksey,
> 
>         I would like to work on providing the latest canonical support,
>         can u give me some pointers on the areas in the code where i
>         need to foucs for the changes.
> 
>         Regards,
>         Ashish
> 
>         On Mon, Jun 1, 2009 at 9:06 PM, Aleksey Sanin
>         <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
>         <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>> wrote:
> 
>            Sure, I see your point. Well, I haven't seen a lot of interest
>            in C14N 1.1 support so far. BTW, C14N is a part of LibXML2.
>            If you need C14N 1.1, then I am sure that Daniel will be happy
>            to apply your patches to the main tree.
> 
>            Aleksey
> 
> 
>            Ashish Agrawal wrote:
> 
>                Hi Aleksey,
> 
>                Thanks for prompt reply.
> 
>                The basis of my argument is the newer Widgets DSig specifies
>                certain fixed values for Canonicalizationmethod & Digest
>         Method.
> 
>                Eg:
>                <?xml version="1.0" encoding="UTF-8"?>
>                <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>                    <SignedInfo>
>                        <CanonicalizationMethod
>                          
>          Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
>                        <SignatureMethod
>                                
>          Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
>                        <Reference URI="config.xml">
>                            <DigestMethod
>                Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>                            <DigestValue>j6...8nk=</DigestValue>
>                      </Reference>
>                       <Reference URI="index.html">
>                            <DigestMethod
>                Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>                            <DigestValue>lm...34=</DigestValue>
>                     </Reference>
>                      <Reference URI="icon.png">
>                            <DigestMethod
>                Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>                            <DigestValue>pq...56=</DigestValue>
>                      </Reference>
>                   </SignedInfo>
>                   <SignatureValue>MC0E~LE=</SignatureValue>
>                  <KeyInfo>
>                     <X509Data>
>                          <X509Certificate>MI...lVN</X509Certificate>
>                      </X509Data>
>                   </KeyInfo>
>                </Signature>
> 
> 
>                So when i create a signature file with the abov mentioned
>                canonicalizaiton and Digest method, xmlsec fails.
>                Pls clarify.
> 
>                Regards,
>                Ashish
> 
>                On Mon, Jun 1, 2009 at 8:55 PM, Aleksey Sanin
>                <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
>         <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>
>                <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>
>         <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>>> wrote:
> 
>                   xmlsec implements XML DSig and the Widgets DSig is just
>                   a profile of XML DSig. Thus, I don't see why you claim
>                   that xmlsec doesn't support it.
> 
>                   Aleksey
> 
>                   Ashish Agrawal wrote:
> 
>                       Hi Aleksey,
> 
>                       I need to support
>                      
>         *http://www.w3.org/TR/2009/WD-widgets-digsig-20090331/*
>                       and seems that current version of xmlsec doesn't
>         support
>                it, Is
>                       there any plan for it.
> 
>                       Regards,
>                       Ashish
> 
>                       On Mon, Jun 1, 2009 at 8:02 PM, Aleksey Sanin
>                       <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
>         <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>
>                <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>
>         <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>>
>                       <mailto:aleksey at aleksey.com
>         <mailto:aleksey at aleksey.com> <mailto:aleksey at aleksey.com
>         <mailto:aleksey at aleksey.com>>
>                <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>
>         <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>>>> wrote:
> 
>                          https://www.aleksey.com/xmlsec/xmldsig.html
> 
>                          Aleksey
> 
>                          Ashish Agrawal wrote:
> 
>                              Hi Aleksey,
> 
>                              i want to know which standards of
>         DigestMethod and
>                              Canonicalization Method is supported by xmlsec
>                currently.
> 
>                              I ve a requirement where i ve the Digest
>         method as:
>                              http://www.w3.org/2000/09/xmldsig#sha256 and
>                Canonicalization
>                              methord as :
>         http://www.w3.org/2006/12/xml-c14n11.
>                              Will this be supported ?
> 
>                              ~Ashish
> 
> 
>                                        
>          ------------------------------------------------------------------------
> 
>                              _______________________________________________
>                              xmlsec mailing list
>                              xmlsec at aleksey.com
>         <mailto:xmlsec at aleksey.com> <mailto:xmlsec at aleksey.com
>         <mailto:xmlsec at aleksey.com>>
>                <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>         <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>>
>                       <mailto:xmlsec at aleksey.com
>         <mailto:xmlsec at aleksey.com> <mailto:xmlsec at aleksey.com
>         <mailto:xmlsec at aleksey.com>>
>                <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>         <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>>>
> 
> 
>                              http://www.aleksey.com/mailman/listinfo/xmlsec
> 
> 
> 
>                            
>         ------------------------------------------------------------------------
> 
>                       _______________________________________________
>                       xmlsec mailing list
>                       xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>         <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>
>                <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>         <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>>
>                       http://www.aleksey.com/mailman/listinfo/xmlsec
> 
> 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec


More information about the xmlsec mailing list