[xmlsec] Applying Multiple Signatures

Thomas Jones securebuddha at gmail.com
Thu Feb 16 21:25:56 PST 2006


I am attempting to verify that multiple signatures may be applied to a
single document instance. However reagrdless of my attemptes I am
unabel to successfully apply multiple signatures. Here is my relevant
source:

...
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="First">
        <SignedInfo>
            <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
            <SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <Reference URI="#DocumentManifest"
Type="http://www.w3.org/2000/09/xmldsig#Manifest">
                <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <DigestValue></DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue></SignatureValue>
        <Object>
            <Manifest Id="DocumentManifest">
                <Reference URI="#Document">
                    <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                    <DigestValue></DigestValue>
                </Reference>
            </Manifest>
        </Object>
    </Signature>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="Second">
        <SignedInfo>
            <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
            <SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <Reference URI="#DocumentManifest"
Type="http://www.w3.org/2000/09/xmldsig#Manifest">
                <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <DigestValue></DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue></SignatureValue>
    </Signature>
...

The First signture is appIied without problem. However, upon applying
a second signature I can only reapply over the first again. I am
attempting to utilize the following command sequence for the second
attempt:
xmlsec1 --sign --id-attr:Id Signature --node-id Second --privkey-pem
rsakey.pem document-template.xml

I identified each signature by an Id attribute because of the
validating parser(xmllint). Then xmlsec1 was looking for "id" rather
than "Id" so I had to declare it on the command-line. After that is
all said and done, I then attempted to access the signature with the
"Second" identification. But to no avail.

Where am I going wrong?
Thomas


More information about the xmlsec mailing list