[xmlsec] xmlsec1 signing wrong when a child has Signature node
Marcus Pereira
marcus at task.com.br
Tue Nov 24 12:18:39 PST 2009
At a file like the one below xmlsec1 is signing the wrong Signature
template when I command to sign the Parent node.
# xmlsec1 sign --privkey-pem rsakey.pem --node-id "Child1" xml1_tmpl.xml
OK! it is signing the URI="#Chil1" Signature node.
# xmlsec1 sign --privkey-pem rsakey.pem --node-id "Parent1" xml1_tmpl.xml
NOT OK! it is still signing the URI="#Child1" node not the URI="#Parent1".
Marcus Pereira
============================================
<?xml version="1.0"?>
<Family>
<Parent xml:id="Parent1">
<ParentData>I am the first Dad</ParentData>
<Childs>
<Child xml:id="Child1">
<ChildData>I am the first Child</ChildData>
</Child>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Child1">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue/>
</Reference>
</SignedInfo>
<SignatureValue/>
</Signature>
</Childs>
</Parent>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Parent1">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue/>
</Reference>
</SignedInfo>
<SignatureValue/>
</Signature>
</Family>
More information about the xmlsec
mailing list