[xmlsec] Signing a document that will be altered

Brian.Myers at zootweb.com Brian.Myers at zootweb.com
Fri Jun 27 08:21:36 PDT 2008

I think I'm running into a problem where the digital signature is being 
made invalid due to an http post.
Before I send my message to serverB I encrypt it and sign it, I then post 
the message to the server.
The post obviously adds http headers to the beginning of the message, such 
as ContentType, ContentLength, ect.
I'm guessing that even though these headers are not inside the xml 
document, they are still affecting my digest.

Is there a way to force the sign method to only sign the xml as opposed to 
the whole string? and also force
the severB verifier to verify the xml?

Thank you,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20080627/bb1d181f/attachment-0002.htm

More information about the xmlsec mailing list