[xmlsec] Digest Method & Canonicalization
Aleksey Sanin
aleksey at aleksey.com
Tue Jun 2 09:13:16 PDT 2009
xmlsec support SHA256, your URL is incorrect:
http://www.aleksey.com/pipermail/xmlsec/2005/007037.html
Aleksey
Ashish Agrawal wrote:
> ok , thanks for pointing.
>
> also i need to provide support for the digest method as :
> http://www.w3.org/200009/xmldsig#sha256
> <http://www.w3.org/2000/09/xmldsig#sha256>
>
> for supporting this do i need to modify xmlsec ?
>
> Regards,
> Ashish
>
> On Tue, Jun 2, 2009 at 8:01 PM, Aleksey Sanin <aleksey at aleksey.com
> <mailto:aleksey at aleksey.com>> wrote:
>
> Look at LibXML2 library, file c14n.c
>
> Aleksey
>
> Ashish Agrawal wrote:
>
> Hi Aleksey,
>
> I would like to work on providing the latest canonical support,
> can u give me some pointers on the areas in the code where i
> need to foucs for the changes.
>
> Regards,
> Ashish
>
> On Mon, Jun 1, 2009 at 9:06 PM, Aleksey Sanin
> <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
> <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>> wrote:
>
> Sure, I see your point. Well, I haven't seen a lot of interest
> in C14N 1.1 support so far. BTW, C14N is a part of LibXML2.
> If you need C14N 1.1, then I am sure that Daniel will be happy
> to apply your patches to the main tree.
>
> Aleksey
>
>
> Ashish Agrawal wrote:
>
> Hi Aleksey,
>
> Thanks for prompt reply.
>
> The basis of my argument is the newer Widgets DSig specifies
> certain fixed values for Canonicalizationmethod & Digest
> Method.
>
> Eg:
> <?xml version="1.0" encoding="UTF-8"?>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod
>
> Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
> <SignatureMethod
>
> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
> <Reference URI="config.xml">
> <DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
> <DigestValue>j6...8nk=</DigestValue>
> </Reference>
> <Reference URI="index.html">
> <DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
> <DigestValue>lm...34=</DigestValue>
> </Reference>
> <Reference URI="icon.png">
> <DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
> <DigestValue>pq...56=</DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>MC0E~LE=</SignatureValue>
> <KeyInfo>
> <X509Data>
> <X509Certificate>MI...lVN</X509Certificate>
> </X509Data>
> </KeyInfo>
> </Signature>
>
>
> So when i create a signature file with the abov mentioned
> canonicalizaiton and Digest method, xmlsec fails.
> Pls clarify.
>
> Regards,
> Ashish
>
> On Mon, Jun 1, 2009 at 8:55 PM, Aleksey Sanin
> <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
> <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>
> <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>
> <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>>> wrote:
>
> xmlsec implements XML DSig and the Widgets DSig is just
> a profile of XML DSig. Thus, I don't see why you claim
> that xmlsec doesn't support it.
>
> Aleksey
>
> Ashish Agrawal wrote:
>
> Hi Aleksey,
>
> I need to support
>
> *http://www.w3.org/TR/2009/WD-widgets-digsig-20090331/*
> and seems that current version of xmlsec doesn't
> support
> it, Is
> there any plan for it.
>
> Regards,
> Ashish
>
> On Mon, Jun 1, 2009 at 8:02 PM, Aleksey Sanin
> <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
> <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>
> <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>
> <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>>
> <mailto:aleksey at aleksey.com
> <mailto:aleksey at aleksey.com> <mailto:aleksey at aleksey.com
> <mailto:aleksey at aleksey.com>>
> <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>
> <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>>>> wrote:
>
> https://www.aleksey.com/xmlsec/xmldsig.html
>
> Aleksey
>
> Ashish Agrawal wrote:
>
> Hi Aleksey,
>
> i want to know which standards of
> DigestMethod and
> Canonicalization Method is supported by xmlsec
> currently.
>
> I ve a requirement where i ve the Digest
> method as:
> http://www.w3.org/2000/09/xmldsig#sha256 and
> Canonicalization
> methord as :
> http://www.w3.org/2006/12/xml-c14n11.
> Will this be supported ?
>
> ~Ashish
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> <mailto:xmlsec at aleksey.com> <mailto:xmlsec at aleksey.com
> <mailto:xmlsec at aleksey.com>>
> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>>
> <mailto:xmlsec at aleksey.com
> <mailto:xmlsec at aleksey.com> <mailto:xmlsec at aleksey.com
> <mailto:xmlsec at aleksey.com>>
> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>>>
>
>
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>
> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>>
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list