[xmlsec] Digest Method & Canonicalization
Aleksey Sanin
aleksey at aleksey.com
Mon Jun 1 08:36:19 PDT 2009
Sure, I see your point. Well, I haven't seen a lot of interest
in C14N 1.1 support so far. BTW, C14N is a part of LibXML2.
If you need C14N 1.1, then I am sure that Daniel will be happy
to apply your patches to the main tree.
Aleksey
Ashish Agrawal wrote:
> Hi Aleksey,
>
> Thanks for prompt reply.
>
> The basis of my argument is the newer Widgets DSig specifies certain
> fixed values for Canonicalizationmethod & Digest Method.
>
> Eg:
> <?xml version="1.0" encoding="UTF-8"?>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod
> Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
> <SignatureMethod
>
> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
> <Reference URI="config.xml">
> <DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
> <DigestValue>j6...8nk=</DigestValue>
> </Reference>
> <Reference URI="index.html">
> <DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
> <DigestValue>lm...34=</DigestValue>
> </Reference>
> <Reference URI="icon.png">
> <DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
> <DigestValue>pq...56=</DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>MC0E~LE=</SignatureValue>
> <KeyInfo>
> <X509Data>
> <X509Certificate>MI...lVN</X509Certificate>
> </X509Data>
> </KeyInfo>
> </Signature>
>
>
> So when i create a signature file with the abov mentioned
> canonicalizaiton and Digest method, xmlsec fails.
> Pls clarify.
>
> Regards,
> Ashish
>
> On Mon, Jun 1, 2009 at 8:55 PM, Aleksey Sanin <aleksey at aleksey.com
> <mailto:aleksey at aleksey.com>> wrote:
>
> xmlsec implements XML DSig and the Widgets DSig is just
> a profile of XML DSig. Thus, I don't see why you claim
> that xmlsec doesn't support it.
>
> Aleksey
>
> Ashish Agrawal wrote:
>
> Hi Aleksey,
>
> I need to support
> *http://www.w3.org/TR/2009/WD-widgets-digsig-20090331/*
> and seems that current version of xmlsec doesn't support it, Is
> there any plan for it.
>
> Regards,
> Ashish
>
> On Mon, Jun 1, 2009 at 8:02 PM, Aleksey Sanin
> <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
> <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>> wrote:
>
> https://www.aleksey.com/xmlsec/xmldsig.html
>
> Aleksey
>
> Ashish Agrawal wrote:
>
> Hi Aleksey,
>
> i want to know which standards of DigestMethod and
> Canonicalization Method is supported by xmlsec currently.
>
> I ve a requirement where i ve the Digest method as:
> http://www.w3.org/2000/09/xmldsig#sha256 and Canonicalization
> methord as : http://www.w3.org/2006/12/xml-c14n11.
> Will this be supported ?
>
> ~Ashish
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>
>
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
More information about the xmlsec
mailing list