[xmlsec] Namespace problem: xmllint (libxml2 version 2.6.19)
Szabó Áron
aron at ik.bme.hu
Tue Jun 28 00:30:05 PDT 2005
Hi all,
I'm trying to use functions of OpenSSL and LibXML2 to create electronic
signatures step-by-step (it is needed for making test cases). I use an
application as reference that is interoperable with Infomosaic and
OpenXAdES, and I've also examined XML Sec which uses the same set of
functions (OpenSSL and LibXML2). The problem is in connection with using
namespaces and providing the data to be hashed by using several transforms.
After C14N canonicalization and "enveloped signature" transform an "xmlns"
attribute appears in the "SignedInfo" of reference application.
When I try to reproduce this structure with OpenSSL and LibXML2 I got the
data to be hashed without this "xmlns" (so my hash is not correct):
<SignedInfo Id="...">
...
</SignedInfo>
The needed input (at reference application) to the data to be hashed would
be:
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#" Id="...">
...
</SignedInfo>
After hashing, and creating "SignatureValue", the whole structure of
"Signature" looks like as the following at the reference application (this
mysterious "xmlns" moves out from "SignedInfo" into its parent element,
"Signature"):
<SignedDoc>
<DataFile Id="...">dGVzdA==</DataFile>
<Signature Id="..." xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo Id="...">
...
</SignedInfo>
...
</SignedDoc>
I've examined this with the reference application and with Infomosaic that
have been tested by W3C/IETF (interoperability tests), so this must be the
good way, but I don't understand what happens during the process. I haven't
checked yet, but I think same things (appearence and disapperance of new
"xmlns" attributes) can happen with "SignedProperties" at providing the data
to be hashed by transforming.
Could anyone explain me in detail what the steps are at transformations and
providing the data to be hashed? What exact inputs and outputs are?
Thanks in advance!
Aron
----------------------------------------------------
Aron Szabo, M. Sc.
Research Associate,
Center of Information Technology
Budapest University of Technology and Economics
---
Well, you can always find latest and greatest version of libxml2
in the daily cvs snapshot tarballs or directly in CVS :) However,
without more details I can not tell you if the problem you experience
is fixed or not :) Can you provide an example that shows this problem,
please?
Aleksey
More information about the xmlsec
mailing list