[xmlsec] namepace and cannoalization methods
Hårek Ryeng
haarek.ryeng at welldiagnostics.com
Wed Jul 23 03:01:43 PDT 2003
I have an ebXML message receiving party that is hassling me for sending
the wrong canonalization transform in the envelope. Also he is not happy
for the lack of namespace in the signature element and sub elements.
Excuse me for asking, but I’m not to good at the secure xml syntax –
yet
So, here are some simple questions for the gurus on this list:
1) Is there a difference between the cannonalization algorithm
http://www.w3.org/TR/2001/REC-xml-c14n-20010315 and
http://www.w3.org/2001/10/xml-exc-c14n# (which I seem to get from XMLSec
when specifying c14 without comments)? Why the “#” any not an exact
number?
2) There is still now way of specifying a namespace prefix in XMLSec?
Thanks,
- Haarek -
FYI:
Receiver wants:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:Canonic
alizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMet
hod>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:T
ransform>
<ds:Transform
Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><ds:XPath
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">not(ancestor-
or-self::node()[@SOAP-ENV:actor="urn:oasis:names:tc:ebxml-msg:actor:next
MSH"] |
ancestor-or-self::node()[@SOAP-ENV:actor="http://schemas.xmlsoap.org/soa
p/actor/next"])</ds:XPath></ds:Transform>
<ds:Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:Transfo
rm>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>l+SR9a3LYKC5UMviBnjbqTEZKSY=</ds:DigestValue>
</ds:Reference>
I’m producing:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="my-signature">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath>not(ancestor-or-self::node()[@SOAP-ENV:actor="urn:oasis::nam
es:tc:ebxml-msg:actor:nextMSH"]|
ancestor-or-self::node()[@SOAP-ENV:actor="http://schemas.xmlsoap.or
g/soap/actor/next"])</XPath>
</Transform>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>HZa63vnTk3U4nzkklOREemKTNrs=</DigestValue>
</Reference>
W | Hårek Ryeng, Senior System Developer
E | Well Diagnostics AS, Forskningsparken, 9291 Tromsø
L | Tel: +47 77 75 76 79 (70), Cell: +47 970 05 022, Fax: +47 77 75 76
99
L | <http://www.welldiagnostics.com/> http://www.welldiagnostics.com/
<http://www.welldiagnostics.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20030723/95f89301/attachment.htm
More information about the xmlsec
mailing list