[xmlsec] Digest Method & Canonicalization
Ashish Agrawal
meetashish at gmail.com
Tue Jun 2 01:35:43 PDT 2009
Hi Aleksey,
I would like to work on providing the latest canonical support, can u give
me some pointers on the areas in the code where i need to foucs for the
changes.
Regards,
Ashish
On Mon, Jun 1, 2009 at 9:06 PM, Aleksey Sanin <aleksey at aleksey.com> wrote:
> Sure, I see your point. Well, I haven't seen a lot of interest
> in C14N 1.1 support so far. BTW, C14N is a part of LibXML2.
> If you need C14N 1.1, then I am sure that Daniel will be happy
> to apply your patches to the main tree.
>
> Aleksey
>
>
> Ashish Agrawal wrote:
>
>> Hi Aleksey,
>>
>> Thanks for prompt reply.
>>
>> The basis of my argument is the newer Widgets DSig specifies certain fixed
>> values for Canonicalizationmethod & Digest Method.
>>
>> Eg:
>> <?xml version="1.0" encoding="UTF-8"?>
>> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>> <SignedInfo>
>> <CanonicalizationMethod
>> Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
>> <SignatureMethod
>> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
>> />
>> <Reference URI="config.xml">
>> <DigestMethod Algorithm="
>> http://www.w3.org/2001/04/xmlenc#sha256"/>
>> <DigestValue>j6...8nk=</DigestValue>
>> </Reference>
>> <Reference URI="index.html">
>> <DigestMethod Algorithm="
>> http://www.w3.org/2001/04/xmlenc#sha256"/>
>> <DigestValue>lm...34=</DigestValue>
>> </Reference>
>> <Reference URI="icon.png">
>> <DigestMethod Algorithm="
>> http://www.w3.org/2001/04/xmlenc#sha256"/>
>> <DigestValue>pq...56=</DigestValue>
>> </Reference>
>> </SignedInfo>
>> <SignatureValue>MC0E~LE=</SignatureValue>
>> <KeyInfo>
>> <X509Data>
>> <X509Certificate>MI...lVN</X509Certificate>
>> </X509Data>
>> </KeyInfo>
>> </Signature>
>>
>>
>> So when i create a signature file with the abov mentioned canonicalizaiton
>> and Digest method, xmlsec fails.
>> Pls clarify.
>>
>> Regards,
>> Ashish
>>
>> On Mon, Jun 1, 2009 at 8:55 PM, Aleksey Sanin <aleksey at aleksey.com<mailto:
>> aleksey at aleksey.com>> wrote:
>>
>> xmlsec implements XML DSig and the Widgets DSig is just
>> a profile of XML DSig. Thus, I don't see why you claim
>> that xmlsec doesn't support it.
>>
>> Aleksey
>>
>> Ashish Agrawal wrote:
>>
>> Hi Aleksey,
>>
>> I need to support
>> *http://www.w3.org/TR/2009/WD-widgets-digsig-20090331/*
>> and seems that current version of xmlsec doesn't support it, Is
>> there any plan for it.
>>
>> Regards,
>> Ashish
>>
>> On Mon, Jun 1, 2009 at 8:02 PM, Aleksey Sanin
>> <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
>> <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>> wrote:
>>
>> https://www.aleksey.com/xmlsec/xmldsig.html
>>
>> Aleksey
>>
>> Ashish Agrawal wrote:
>>
>> Hi Aleksey,
>>
>> i want to know which standards of DigestMethod and
>> Canonicalization Method is supported by xmlsec currently.
>>
>> I ve a requirement where i ve the Digest method as:
>> http://www.w3.org/2000/09/xmldsig#sha256 and
>> Canonicalization
>> methord as : http://www.w3.org/2006/12/xml-c14n11.
>> Will this be supported ?
>>
>> ~Ashish
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>
>>
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20090602/35f0891d/attachment.htm
More information about the xmlsec
mailing list