[xmlsec] Encryption and namespace

Aleksey Sanin aleksey at aleksey.com
Mon Mar 22 09:06:00 PST 2004

Let me explain situation in more details. There is an XML

	<aaa:Root xmlns:aaa="http://www.example.org/">

The user wants to encrypt the <aaa:Data/> node and the result
document looks like this:

	<aaa:Root xmlns:aaa="http://www.example.org/">

The actual encrypted data is "<aaa:Data>Something</aaa:Data>".
When one wants to decrypt the document and restore the original
file, s/he needs to be able to parse the part of XML document

and re-insert it back in the source document.

I am not sure I understand how it worked before: I don't see how
the code before managed to find out what "aaa" means.

I don't have a solution right now but there are two trivial options:

   1) Find a way to parse partial XML document in the context of
   a given node in another XML document.
   2) Put all the namespace declarations into the node before
   encrypting (not very good because the encrypted content is changed).

I'll think about this.


Daniel Veillard wrote:

> On Mon, Mar 22, 2004 at 08:47:16AM -0800, Aleksey Sanin wrote:
>>It seems to me that this is only a warning. The code in
>>gnome-xml/parser.c file prints out the error message
>>	"Namespace prefix %s for %s on %s is not defined\n"
>>and continues. It should still create the XML tree.
>   yes but it can't create a decent XML tree. The document
> is not conformant to Namespace in XML Rec. I don't know who or
> why people though that it's an acceptable situation, but it's
> not. To be able to run XPath on a document it MUST be compliant
> to Namespace in XML, as a result I think that XML Sec and DSig
> should fail on such document.
> Daniel

More information about the xmlsec mailing list