[xmlsec] Detached signature validation problem

Frank Gross fg at 4js.com
Thu Mar 6 01:46:27 PST 2008


    I have a problem when I try to validate a detached signature against 
my document. The 'xmlSecDSigCtxVerify' function takes two parameters, 
the DSig context, and the node pointing to the signature 
<dsig:Signature/> <http://www.w3.org/TR/xmldsig-core/#sec-Signature> 
node. But as my detached signature has no URI, how can can I specify to 
the context the document that it has to validate. (The XML-Signature 
specification says that in such case, the application is supposing to 
know what was signed). Indeed, I try to build an API that sign any 
document build in memory and then saved with the detached signature to 
the disk (as a separated XML document of course), and another one to 
load both XML documents to validate the signature.
    I was able to sign and verify an enveloped signature, because in 
that case the signature is inside the document itself, but with detached 
signatures, what is the procedure ?

Can someone help, or point me to the documentation explaining how to do.

Thanks a lot,


More information about the xmlsec mailing list