[xmlsec] Signing a document that will be altered
Brian.Myers at zootweb.com
Brian.Myers at zootweb.com
Fri Jun 27 08:21:36 PDT 2008
Hello,
I think I'm running into a problem where the digital signature is being
made invalid due to an http post.
Before I send my message to serverB I encrypt it and sign it, I then post
the message to the server.
The post obviously adds http headers to the beginning of the message, such
as ContentType, ContentLength, ect.
I'm guessing that even though these headers are not inside the xml
document, they are still affecting my digest.
Is there a way to force the sign method to only sign the xml as opposed to
the whole string? and also force
the severB verifier to verify the xml?
Thank you,
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20080627/bb1d181f/attachment-0002.htm
More information about the xmlsec
mailing list