[xmlsec] xmlsec1 signing wrong when a child has Signature node

Aleksey Sanin aleksey at aleksey.com
Tue Nov 24 13:43:04 PST 2009 

Please make sure that libxml2 library you use supports "xml:id"

Aleksey

Marcus Pereira wrote:
> At a file like the one below xmlsec1 is signing the wrong Signature 
> template when I command to sign the Parent node.
> 
> # xmlsec1 sign --privkey-pem rsakey.pem --node-id "Child1" xml1_tmpl.xml
> OK! it is signing the URI="#Chil1" Signature node.
> 
> # xmlsec1 sign --privkey-pem rsakey.pem --node-id "Parent1" xml1_tmpl.xml
> NOT OK! it is still signing the URI="#Child1" node not the URI="#Parent1".
> 
> Marcus Pereira
> 
> 
> ============================================
> <?xml version="1.0"?>
> <Family>
>  <Parent xml:id="Parent1">
>    <ParentData>I am the first Dad</ParentData>
>    <Childs>
>      <Child xml:id="Child1">
>        <ChildData>I am the first Child</ChildData>
>      </Child>
>      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>        <SignedInfo>
>          <CanonicalizationMethod 
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>          <SignatureMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>          <Reference URI="#Child1">
>            <Transforms>
>              <Transform 
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>            </Transforms>
>            <DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>            <DigestValue/>
>          </Reference>
>        </SignedInfo>
>        <SignatureValue/>
>      </Signature>
>    </Childs>
>  </Parent>
>  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>    <SignedInfo>
>      <CanonicalizationMethod 
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>      <SignatureMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>      <Reference URI="#Parent1">
>        <Transforms>
>          <Transform 
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>        </Transforms>
>        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>        <DigestValue/>
>      </Reference>
>    </SignedInfo>
>    <SignatureValue/>
>  </Signature>
> </Family>
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list