[xmlsec] Enveloped Signature transformation

Javier Borrajo JBorrajo at Laudus.cl
Wed Mar 25 02:31:01 PST 2009


Hi,

I would be very grateful if someone can tell me what is the real 
transformation that xmldsig#enveloped-signature does. In other words:

I have a simple XML document to sign:

<?xml version="1.0" encoding="ISO-8859-1"?>
<document>
    <item>
        <subItem>123456</subItem>
    </item>
</document>

And I sign it using the template file for XMLSec:

<?xml version="1.0" encoding="ISO-8859-1"?>
<document>
    <item>
        <subItem>000000099178</subItem>
    </item>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
            <CanonicalizationMethod 
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
            <SignatureMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <Reference URI="">
                <Transforms>
                    <Transform 
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                </Transforms>
                <DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                <DigestValue></DigestValue>
            </Reference>
        </SignedInfo>
        <SignatureValue/>
        <KeyInfo>
            <KeyValue/>
        </KeyInfo>
    </Signature>
</getToken>

The value for <DigestValue> is calculated canonicalizating the document, 
and it is easy to obtain. But this <DigestValue> is not what is signed; 
it suffers some transformations, and then it is signed. I would like to 
know what are these transformations, and the final string that really 
gets signed in this example.

Thanks a lot,
Javier.


-- 
Javier Borrajo
/ Laudus SA/
/ Coyancura 2241, Of 83  -  Providencia/
( / 469 2100/
* / JBorrajo at Laudus.cl <mailto:JBorrajo at Laudus.cl>/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20090325/2388502b/attachment.htm


More information about the xmlsec mailing list