[xmlsec] xmlsec1 signing wrong when a child has Signature node

Marcus Pereira marcus at task.com.br
Thu Nov 26 05:47:06 PST 2009 

Hi Aleksey,
  yes my libxml2 is a recent version (2.7.6). I put xml:id on this 
example, but with a normal Id property and using "--id-attr" option I 
have the same problem.

  Have you tried this tamplate example and commands?

Marcus


Aleksey Sanin wrote:
> Please make sure that libxml2 library you use supports "xml:id"
>
> Aleksey
>
> Marcus Pereira wrote:
>> At a file like the one below xmlsec1 is signing the wrong Signature 
>> template when I command to sign the Parent node.
>>
>> # xmlsec1 sign --privkey-pem rsakey.pem --node-id "Child1" xml1_tmpl.xml
>> OK! it is signing the URI="#Chil1" Signature node.
>>
>> # xmlsec1 sign --privkey-pem rsakey.pem --node-id "Parent1" 
>> xml1_tmpl.xml
>> NOT OK! it is still signing the URI="#Child1" node not the 
>> URI="#Parent1".
>>
>> Marcus Pereira
>>
>>
>> ============================================
>> <?xml version="1.0"?>
>> <Family>
>>  <Parent xml:id="Parent1">
>>    <ParentData>I am the first Dad</ParentData>
>>    <Childs>
>>      <Child xml:id="Child1">
>>        <ChildData>I am the first Child</ChildData>
>>      </Child>
>>      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>>        <SignedInfo>
>>          <CanonicalizationMethod 
>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>>          <SignatureMethod 
>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>>          <Reference URI="#Child1">
>>            <Transforms>
>>              <Transform 
>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>>            </Transforms>
>>            <DigestMethod 
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>>            <DigestValue/>
>>          </Reference>
>>        </SignedInfo>
>>        <SignatureValue/>
>>      </Signature>
>>    </Childs>
>>  </Parent>
>>  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>>    <SignedInfo>
>>      <CanonicalizationMethod 
>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>>      <SignatureMethod 
>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>>      <Reference URI="#Parent1">
>>        <Transforms>
>>          <Transform 
>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>>        </Transforms>
>>        <DigestMethod 
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>>        <DigestValue/>
>>      </Reference>
>>    </SignedInfo>
>>    <SignatureValue/>
>>  </Signature>
>> </Family>
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>
>

More information about the xmlsec mailing list