[xmlsec] canonicalization and transcoding
aleksey at aleksey.com
Fri Mar 28 22:26:38 PST 2003
I am not sure what do you mean by transcoding in application to XML but
I believe you are
mixing canonicalization with something different. Canonicalization
(c14N) is a process of
transformng an XML document or a part of XML document to a binary
stream. You *have*
to do c14n in order to sign or digest XML data just because digests and
signature work on
binary data only. Currently, several c14n algorithms are defined by W3C
and all of them
are implemented in xmlsec library.
Next, there is no reason why XML parser should replace
The "<foo/>" is a perfectly valid XML. There is also no reason for XML
to sort nodes (moreover, the parser that does it is actualy not an XML
parser at all :) ).
Also when you specify encoding in the XML document, LibXML is smart
do correct automatic encoding conversion when it reads or writes
all the strings are UTF8 (see libxml documentation). And the
calculated other UTF8 data as it is required by specification. However,
when the result
document is dupmed to output in the example you've mentioned, it is
back to the encoding specified in the document. Of course, you can force
to write document in any other encoding but this is beyond the limits of
the xmlsec library
You can use "xmlsec" command line utility to look "inside" the signature
Try '--store-references' or '--store-signatures' options when verifiying
It'll print out the binary stream just before calculating digest or
signature. You can also
get access to the same data from your application (check the xmlsec
utility sources for details).
>Do you mean that example dsig1.c does canonisation and transcoding?
>I tried to change encoding="Windows-1251" and added two tags without
>pair (<InnerTag attr1="10"/>). And after processing all tags are still
>without pairs and in that lexical order as thay was. Encoding also
>has not been changed.
>Should I describe DTD before trying to sign document?
>xmlsec mailing list
>xmlsec at aleksey.com
More information about the xmlsec