[xmlsec] XML canonization

Aleksey Sanin aleksey at aleksey.com
Fri Oct 18 18:32:35 PDT 2002

Well, it depends on the situation:
    1) You are signing an XML file and want to have XML signature in a
    *separate* XML file.
    In this case, you might sign the XML file using external XML signature
    and then this file will be treated as a binary file (i.e., never 
parsed->no need
    in c14n)
    2) You have an XML file and you want to insert XML signature in the   
    *same* file (or construct a new XML file that contains original file 
    thew signature).
    In this case you must do cannonicalization because c14n is a way to 
    XML document from DOM representation to a binary file.

BTW, what kind of file are you trying to sign and do you use xmlsec library?
Some people did performance testing for xmlsec and it showed pretty good
results (for example, signing 10 MB file in 55 sec).


David Wen wrote:

>We have an application where the XML file is
>huge and it takes hours to canonize it but the
>signature is very fast. My understanding of the
>XML Dsig spec is that, although the canonization
>algorithm is mandatory, but it is ok to not apply
>it, right?
>David Wen
>xmlsec mailing list
>xmlsec at aleksey.com

More information about the xmlsec mailing list