[xmlsec] XML digital signature enveloped

Veiko.Sinivee at seb.se Veiko.Sinivee at seb.se
Tue Mar 11 21:07:46 PST 2003


Isn't it also possible to use a reference like:
<Reference URI="#<id-of-your-node>">
This would be a so called detached signature
even if the referenced node is in the same document.


-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com]
Sent: den 12 mars 2003 00:54
To: David Varas
Cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] XML digital signature enveloped

By definition, enveloped transform returns the node set that contains
all the nodes in the document except the <dsig:Signature> subtree.
If you want to sign only a content of a particular node then you probably
need to use XPath transform instead. If you can achieve your goal
with template and xmlsec utility then imgrating to a dynamically
created templates is pretty straigthforward: just call correct functions
in correct order (and you always can dump the dynamically created
template to a file to verify that you are creating exactly what you want).

And there is no difference between missing and empty URI attribute
in the <dsig:Reference> element.


xmlsec mailing list
xmlsec at aleksey.com

More information about the xmlsec mailing list