[xmlsec] Some URI problems

Ulrich Wisser ulrich at wisser.se
Mon Aug 19 07:59:26 PDT 2013


Hi,

while testing a perl implementation of xml-dsig I found some problems with
URI's.

Could it be that xmlsec only supports sha1? I have been trying to verify
rsa-sha512 and signatures and sha-256 digests. Maybe I have the wrong URI's?

http://www.w3.org/2000/09/xmldsig#rsa-sha512
http://www.w3.org/2000/09/xmldsig#sha256

By testing the perl implementation against some live data from working
federations I found more URI issues. Should Canonicalization be given as
  http://www.w3.org/TR/2001/REC-xml-c14n-20010315#
or
  http://www.w3.org/TR/2001/REC-xml-c14n-20010315

The only difference is the missing hash tag. Xmlsec allows only the one
without hash tag. But libxml2 will only output with hashtag.

For Transform xmlsec requires the hashtag
http://www.w3.org/2001/10/xml-exc-c14n#
But refuses the version without hashtag.

Could some please enlighten me? Which URI's should I use and why?
Which digest and signature algorithms does xmlsec support?

Thanks

/Ulrich
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20130819/d40cfe01/attachment.html>


More information about the xmlsec mailing list