[xmlsec] How to generate a manifest?

[Aleksey Sanin]

RTFM: http://www.w3.org/TR/xmldsig-core/#sec-Manifest

<Signature Id="MySignature" ...>
   ...
   <Reference URI="#MyManifest"
              Type="http://www.w3.org/2000/09/xmldsig#Manifest">
     <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
     <DigestValue>345x3rvEPO0vKtMup4NbeVu8nk=</DigestValue>
   </Reference>
   ...
   <Object>
     <Manifest Id="MyManifest">
       <Reference>
         ...
       </Reference>
       <Reference>
       <Reference>
         ...
       </Reference>
     </Manifest>
   </Object>
</Signature>

Aleksey

Li, Yunhong wrote:

>  
> 
> Hi, All:
> 
>  
> 
> I have a template as following and tried to generate a manifest. I tried 
> “xmlsec1 –sign –privkey-pem rsakey.pem –node-id MyManifest temp.xml”. It 
> always signs the <Signature> node, NOT the <Manifest> node even if I 
> specified it in the command line.
> 
> What did I do wrong?
> 
>  
> 
> |<?xml version="1.0" encoding="UTF-8">|
> 
> |<!DOCTYPE test [|
> 
> |<!ATTLIST Data id ID #IMPLIED>|
> 
> |<!ATTLIST Manifest id ID #IMPLIED>|
> 
> |<!ATTLIST Signature id ID #IMPLIED>|
> 
> |]>|
> 
> 
> |<Root>|
> 
> |<Data Id="data1">|
> 
> |data1|
> |</Data>|
> 
> |      <Data Id="data2">|
> |            data2|
> |      </Data>|
> 
> | |
> 
> |            <Manifest Id=”MyManifest”>|
> 
> |                  <Reference URI=”#data1”> . . . </Reference>|
> 
> |                  <Reference URI=”#data2”> . . . </Reference>|
> 
> |            </Manifest>|
> 
> | |
> 
> |            <Signature Id = “sig”>|
> 
> |                  . . .|
> 
> |            <Reference URI=”#MyManifest”> . . . </Reference>|
> 
> |                  . . .|
> 
> |            </Signature>|
> 
> |</Root>|
> 
> | |
> 
> |Thanks.|
> 
> |--Yunhong|
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec