[xmlsec] Re: XML digital signature enveloped
Aleksey Sanin
aleksey at aleksey.com
Fri May 9 09:26:40 PDT 2003
The short answer: you could not do it with enveloped transform only.
By definition [1], enveloped transform signs all document but the current
<dsig:Signature/> element and its subtree.
You have to use either XPath transform in addition to (or instead of)
enveloped signature or use URI attribute in <dsig:Reference/> element.
Aleksey
[1] http://www.w3.org/TR/xmldsig-core/#sec-EnvelopedSignature
Francisco Lechón wrote:
> Hi,
>
> I'm using your api for sign and verify digital signatures, and I want
> to sign with Enveloped Transform, a document like this:
>
> <root>
> <item>
> <data>111111<data>
> </item>
> </root>
>
> But only I want to sign the content of the "data"
> I'm signed the document with xmlsec, but when I'm use
>
> xmlSecReferenceAddTransform(referenceNode,xmlSecTransformEnveloped);
>
> and the reference node create like this
>
> xmlSecSignedInfoAddReference(signedInfoNode,NULL,"",NULL);
>
> ALL the document it's signed, not only the content of the <data>.
>
> How I can with transform ennveloped do that (without ID's)?
> It's Ok that way or not?.
>
> The signed document must be of the following form:
> <root>
> <item>
> <data>111111<data>
> </item>
> <Signature>
> ..... .
> .......
> </Signature>
> </root>
>
> But that the signature only includes as data the node < data >.
>
> It is this possible one? It would thank for a little aid.
> Thanks.
>
> _________________________________________________________________
> Descubre el mayor catálogo de coches de la Red en MSN Motor.
> http://motor.msn.es/researchcentre/
More information about the xmlsec
mailing list