[xmlsec] Xml embedded signatures

Aleksey Sanin aleksey at aleksey.com
Wed Feb 11 11:40:48 PST 2015


I am not exactly sure I understand your question but in general you just
need to sign the signatures in the right order: embedded signature first
and embedding signature last.

Aleksey

On 2/11/15 8:11 AM, Alex Boese wrote:
> I guess the assumption I'm making is that any alteration of the signed block prevents it from being reverted to its previous state. If the lib handling the xml is smart enough on verification, it might as well reinsert the missing namespaces. I guess that is regular behavior.
> -A
> 
> Sent from my iPad
> 
>> On Feb 11, 2015, at 10:18 AM, Alex Boese <alexanderashleyboese at gmail.com> wrote:
>>
>> Is there a list of conditions that would be best practices for signed xml nodes embedded in signed xml nodes? I state this because it seems that an inside signature could be easily invalidated by the c14n process on the outer signature.
>>
>> I'm supposing best practice #1 would be to make sure all namespace prefixing within the internal node is different from the rest of the document, regardless of reuse of the namespace elsewhere.
>>
>> Is there anything else that comes to mind?
>>
>> -A
>>
>> Sent from my Planet
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
> 


More information about the xmlsec mailing list