<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><span style="color: rgb(68, 68, 68); font-size: 15px; line-height: 21.3px; background-color: rgb(255, 255, 255);">Thanks for the answer. I removed the --trusted-pem option, but the signed file stills with two x509Certifcate tags.</span><br><br><div>> Subject: Re: [xmlsec] Duplicated X509Certificate<br>> To: marcosbontempo@hotmail.com; xmlsec@aleksey.com<br>> From: aleksey@aleksey.com<br>> Date: Sun, 3 Jan 2016 13:19:42 -0800<br>> <br>> Remove --trusted-pem ca.crt, you don't need it for signing<br>> <br>> Aleksey<br>> <br>> On 1/3/16 1:15 PM, Marcos Bontempo wrote:<br>> > Hello,<br>> > <br>> > I'm signing a XML file with this command:<br>> > <br>> > xmlsec1 --sign --output signed.xml --pkcs12 ia.p12 --pwd password<br>> > --trusted-pem ca.crt to-sign.xml<br>> > <br>> > And here is my signature info:<br>> > <br>> >    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><br>> >       <SignedInfo><br>> >          <Canonical tizationMethod<br>> > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /><br>> >          <SignatureMethod<br>> > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><br>> >          <Reference URI=""><br>> >             <Transforms><br>> >                <Transform<br>> > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><br>> >                <Transform<br>> > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /><br>> >             </Transforms><br>> >             <DigestMethod<br>> > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><br>> >             <DigestValue></DigestValue><br>> >          </Reference><br>> >       </SignedInfo><br>> >       <SignatureValue></SignatureValue><br>> >       <KeyInfo><br>> >          <X509Data></X509Data><br>> >       </KeyInfo><br>> >    </Signature><br>> > <br>> > It's working but I get two X509Certificate tags:<br>> > <br>> >          <X509Data><br>> > <X509Certificate>MIIEBzCCAu+gAwIBAgIJANN+QDNqjUZHMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD<br>> > VQQGEwJCUjEVMBMGA1UECAwMTWluYXMgR2VyYWlzMR4wHAYDVQQHDBVTYW50YSBS<br>> > aXRhIGRvIFNhcHVjYWkxGjAYBgNVBAoMEXd3dy5uaXRlcmUuY29tLmJyMQ8wDQYD<br>> > VQQLDAZOaXRlcmUxDzANBgNVBAMMBm5pdGVyZTEVMBMGCSqGSIb3DQEJARYGbml0<br>> > ZXJlMB4XDTE2MDEwMzE5MzgwNloXDTE2MTIyNDE5MzgwNlowgZkxCzAJBgNVBAYT<br>> > AkJSMRUwEwYDVQQIDAxNaW5hcyBHZXJhaXMxHjAcBgNVBAcMFVNhbnRhIFJpdGEg<br>> > ZG8gU2FwdWNhaTEaMBgGA1UECgwRd3d3Lm5pdGVyZS5jb20uYnIxDzANBgNVBAsM<br>> > Bk5pdGVyZTEPMA0GA1UEAwwGbml0ZXJlMRUwEwYJKoZIhvcNAQkBFgZuaXRlcmUw<br>> > ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCamYGpTT06/+UTNX4KqRw3<br>> > 2rhi2vzfCXadBu4sfPKX/UrkX8zzm/MLKblJdI0x7S2Cwe+uI/mj863Xwvu3A13B<br>> > MpuUmZ8JAxeSyB9N64I1Dq2eT2M0zNoNWC9siiVZsscaNOrZMb2aReyb3P/i5JQc<br>> > U0K/326dtVDA2rK2Loh5bXrMz2MDk0IXOaMprTDllOPtVma8uIutfJkmjt/6eE3P<br>> > Da/J4oRjB20HYyDdI78XbXFBH8YxTpg8xTpRyLuT6/hlBi00gSLU62t7vpgo9o02<br>> > bz2jrw8njP8prZjJ1oP+42YdHa4RQ+ecCjUYzQxhkODOBo7H2Ls8MTWNwOfab/UT<br>> > AgMBAAGjUDBOMB0GA1UdDgQWBBS6V/pC6Zl8yqDebDbrp2M1dvuUtTAfBgNVHSME<br>> > GDAWgBS6V/pC6Zl8yqDebDbrp2M1dvuUtTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3<br>> > DQEBCwUAA4IBAQAfAPQmG2ger41eMlM39mz0x6gSPITOYsi19WoSaXhT/3tLIS2l<br>> > Zo8GrYg8ENi7w20dJ0LkCRcDqPpNdM8rMpkoL8dsFGmx+33E7Wl9YrtHNK59BwyU<br>> > TpQJtPOe1mJGtauY4k4BhFUVK9TU6zXlaLzXzPOYEKeOkCR26NsV/o3qcu8vPs5/<br>> > Ghu3/I1TTyUAeAArMjg24gmoJogUo9bD188AI1fIegRRC549KIOjTIouJyrvTyvb<br>> > /oj6Ur8n4yBxW6sVTkFF5XFSGuC9iqZ4ZLb3vXXK0zQR9LsKx5GOxolQ8uT+QYqV<br>> > Xh7GnsnabeU2n47L93uW2VMpjDEp75JuAC1/</X509Certificate><br>> > <br>> > <X509Certificate>MIIDpDCCAowCAQEwDQYJKoZIhvcNAQELBQAwgZkxCzAJBgNVBAYTAkJSMRUwEwYD<br>> > VQQIDAxNaW5hcyBHZXJhaXMxHjAcBgNVBAcMFVNhbnRhIFJpdGEgZG8gU2FwdWNh<br>> > aTEaMBgGA1UECgwRd3d3Lm5pdGVyZS5jb20uYnIxDzANBgNVBAsMBk5pdGVyZTEP<br>> > MA0GA1UEAwwGbml0ZXJlMRUwEwYJKoZIhvcNAQkBFgZuaXRlcmUwHhcNMTYwMTAz<br>> > MTkzODM5WhcNMTYxMjI0MTkzODM5WjCBlTELMAkGA1UEBhMCQlIxFTATBgNVBAgM<br>> > DE1pbmFzIEdlcmFpczEeMBwGA1UEBwwVU2FudGEgUml0YSBkbyBTYXB1Y2FpMRYw<br>> > FAYDVQQKDA1uaXRlcmUuY29tLmJyMQ8wDQYDVQQLDAZOaXRlcmUxDzANBgNVBAMM<br>> > Bm5pdGVyZTEVMBMGCSqGSIb3DQEJARYGbml0ZXJlMIIBIjANBgkqhkiG9w0BAQEF<br>> > AAOCAQ8AMIIBCgKCAQEAw4AysesK3+UfLc9fRrGzxmZ/eGwgKS+DygkV+LNRl2eK<br>> > ZkvLi7rM/5jl2cCVS5gBHGoH2FX/Lv7BkcQMD/AHnk2bYA33S6cnrU5U3cYrAUTe<br>> > Vb0nf8joivlK1dCFBoLX/L1xByMyW3/ZGXOK7W2qBQyS50uk0PKDruU5pu2Uaf0v<br>> > 9EmKru3ReAIakj4HmTYlSl6ZdF2NZvReEvEx8VrAyoiyXApa6uXsaRkL+nYNqWhO<br>> > RNEhqMgSAK+vW4ywSNC3saW/Gwep9LXMpN1klRseJSkcCe0JsUspai9/OsVESPQx<br>> > CdH/o0xmoeysUtVNF3ujX8jD1HaOmsJLSrMnX6EA/wIDAQABMA0GCSqGSIb3DQEB<br>> > CwUAA4IBAQBG6PyNlC/YmEnfzmjXOKRubUIqaCkf4PO2YS23p+6kVUmKB0w+AbO/<br>> > mK3m6Aq/BABqcfDwtFY1kCOl1tcRtF3HD5Kwpoq8xveIwnRHyOeBjeSKgPVnRQmI<br>> > sXWjQ48jl8lFbs+LbEAumIGI4eIfIb0wzhyKRZSFjXjZijDi9LktzuHjNftHxGti<br>> > THc4dzXpSHKgBFWr6OjQvbCMa+jRIraSWk4fknGF9mCxez7BGAZnQmhfJAnMSYLw<br>> > KIRWd7JsYMjzt9x/hcQjcRsdyrRXUX29kfuL7ic2CyoitVTjzJSldajf/quxiymx<br>> > QDSNSCy+B65llKZnoNx5gpeV0Q/ZFzqe</X509Certificate><br>> > </X509Data><br>> > <br>> > Does anybody know why it's happening? I'm expecting only one<br>> > X509Certificate tag.<br>> > <br>> > Any tip will be very helpful,<br>> > Thanks.<br>> > <br>> > <br>> > _______________________________________________<br>> > xmlsec mailing list<br>> > xmlsec@aleksey.com<br>> > http://www.aleksey.com/mailman/listinfo/xmlsec<br>> > <br></div>                                      </div></body>
</html>