[xmlsec] What xmlns and declarations are propagated into the SignedInfo element before xmlsec1 is hashing the SignedInfo
Si St
sigbj-st at operamail.com
Sat Nov 26 04:31:22 PST 2011
Given these xml namespaces and declarations from the top node of a
xml-file:
<MsgHead xmlns="http://www.kith.no/xmlstds/msghead/2006-05-24"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xsd="http://www.w3.org/2001/XMLSchema.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.kith.no/xmlstds/msghead/2006-05-24
MsgHead-v1_2.xsd">
and the following SignedInfo node (I am including the <Signature> and
its xmlns so it can be seen) belonging to that xml-file:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
Which or eventually: what other xmlns/decl are to be included into the
start element of the SignedInfo to arrange the right setup for hashing
the DigestValue to be signed?
In other words I think SignedInfo has to "inherit" xmlns, when being
hashed as solitary element before signing a xml-document. Usually this
happens during or prior to canonicalization of the SignedInfo.
One example is this:
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
but it might be something else.
--
Si St
sigbj-st at operamail.com
--
http://www.fastmail.fm - Access all of your messages and folders
wherever you are
More information about the xmlsec
mailing list