[xmlsec] Signing a document that will be altered

Aleksey Sanin aleksey at aleksey.com
Sun Jun 29 19:19:02 PDT 2008

I highly doubt that http headers are involved in the signatures...
At least, not with xmlsec.


Brian.Myers at zootweb.com wrote:
> Hello,
> I think I'm running into a problem where the digital signature is being 
> made invalid due to an http post.
> Before I send my message to serverB I encrypt it and sign it, I then 
> post the message to the server.
> The post obviously adds http headers to the beginning of the message, 
> such as ContentType, ContentLength, ect.
> I'm guessing that even though these headers are not inside the xml 
> document, they are still affecting my digest.
> Is there a way to force the sign method to only sign the xml as opposed 
> to the whole string? and also force
> the severB verifier to verify the xml?
> Thank you,
> Brian
> ------------------------------------------------------------------------
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list