[xmlsec] Enveloped signing with multiple signatures
Dmitry Belyavsky
beldmit at cryptocom.ru
Wed Oct 6 01:02:40 PDT 2004
Hello!
On Wed, 6 Oct 2004, Aleksey Sanin wrote:
> Remove "dsig:" from XPath expressions or declare dsit namespace prefix.
> The current transform selects everything (not from nothing).
Thank you. It maked XPath happy, but unfortunately this is not enough to
exclude <Signature> tag from digest.
So whether I should prepend XPath transform manually to transform chain
before xmlSecDSigCtxSign call or this idea is absolutely wrong?
Thank you.
> Aleksey
>
> > <Envelope xmlns="urn:envelope">
> > <Data>
> > Hello, World!
> > </Data>
> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <SignedInfo>
> > <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> > <SignatureMethod Algorithm="http://www.cryptocom.ru#sign"/>
> > <Reference>
> > <Transforms>
> > <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
> > <XPath>not(ancestor-or-self::Signature)</XPath>
> > </Transform>
> > </Transforms>
> > <DigestMethod Algorithm="http://www.cryptocom.ru#digest"/>
> > <DigestValue></DigestValue>
> > </Reference>
> > </SignedInfo>
> > <SignatureValue></SignatureValue>
> > </Signature>
> > </Envelope>
>
>
--
SY, Dmitry Belyavsky (ICQ UIN 11116575)
More information about the xmlsec
mailing list