[xmlsec] Signing over multiple files

[Mike Peat]

Hi

I am using xmlsec at the command line in an ebXML application.  As you 
probably know, ebXML uses SOAP-with-attachments (over HTTP) to send its 
messages.  The message thus consists of multipart-MIME content in the 
HTTP body: the first part being a SOAP document containing (among other 
things) the Signature stuff and the second being an XML document which 
is the business payload.

The Signature->SignedInfo in the SOAP document needs to contain two 
<Reference> elements: one for the SOAP document itself (URI="") and one 
for the payload XML (URI="cid:xxxxxxxx", where "xxxxxxxx" is the content 
ID of the second MIME part).

I am managing to successfully sign simple SOAP messages with no payload 
(and hence no second <Reference> element), but I just can't work out how 
to get xmlsec to sign both documents together.  I have tried many 
different ways, but to no avail.  I am sure I am missing something 
simple, but...  :-(

Any help would be very much appreciated - I've been banging my head off 
this brick wall for a week... and it is starting to really hurt!  :-(  
(That takes a while, because my brain is so dense, but even it starts 
gets sore eventually!)

TIA

Mike Peat