[xmlsec] Xml Signature verification failure

Rich Salz rsalz at datapower.com
Fri Jun 20 08:41:39 PDT 2003

>     Although XPath selects "<Object></Object>", after c14n 
> transforming, it will be
>     "<Object xmlns="http://www.w3.org/2000/09/xmldsig#"></Object>".     

That's not right.  The "default namespace" node is no different than any 
other namespace node (except that it is assigned the name "xmlns").  You 
have to include the namspace in your Xpath expression.

This is a common problem -- Xpath subsetting leaves out inherited 
namespaces.  That is why exc-c14n was created.  You should look at that 
spec, particularly section 2
It explains why c14n doesn't do what you want.

Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

More information about the xmlsec mailing list