[xmlsec] Digest Method & Canonicalization

Aleksey Sanin aleksey at aleksey.com
Tue Jun 2 07:31:55 PDT 2009


Look at LibXML2 library, file c14n.c

Aleksey

Ashish Agrawal wrote:
> Hi Aleksey,
> 
> I would like to work on providing the latest canonical support, can u 
> give me some pointers on the areas in the code where i need to foucs for 
> the changes.
> 
> Regards,
> Ashish
> 
> On Mon, Jun 1, 2009 at 9:06 PM, Aleksey Sanin <aleksey at aleksey.com 
> <mailto:aleksey at aleksey.com>> wrote:
> 
>     Sure, I see your point. Well, I haven't seen a lot of interest
>     in C14N 1.1 support so far. BTW, C14N is a part of LibXML2.
>     If you need C14N 1.1, then I am sure that Daniel will be happy
>     to apply your patches to the main tree.
> 
>     Aleksey
> 
> 
>     Ashish Agrawal wrote:
> 
>         Hi Aleksey,
> 
>         Thanks for prompt reply.
> 
>         The basis of my argument is the newer Widgets DSig specifies
>         certain fixed values for Canonicalizationmethod & Digest Method.
> 
>         Eg:
>         <?xml version="1.0" encoding="UTF-8"?>
>         <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>             <SignedInfo>
>                 <CanonicalizationMethod
>                     Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
>                 <SignatureMethod
>                    
>         Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
>                 <Reference URI="config.xml">
>                     <DigestMethod
>         Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>                     <DigestValue>j6...8nk=</DigestValue>
>               </Reference>
>                <Reference URI="index.html">
>                     <DigestMethod
>         Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>                     <DigestValue>lm...34=</DigestValue>
>              </Reference>
>               <Reference URI="icon.png">
>                     <DigestMethod
>         Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
>                     <DigestValue>pq...56=</DigestValue>
>               </Reference>
>            </SignedInfo>
>            <SignatureValue>MC0E~LE=</SignatureValue>
>           <KeyInfo>
>              <X509Data>
>                   <X509Certificate>MI...lVN</X509Certificate>
>               </X509Data>
>            </KeyInfo>
>         </Signature>
> 
> 
>         So when i create a signature file with the abov mentioned
>         canonicalizaiton and Digest method, xmlsec fails.
>         Pls clarify.
> 
>         Regards,
>         Ashish
> 
>         On Mon, Jun 1, 2009 at 8:55 PM, Aleksey Sanin
>         <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
>         <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>> wrote:
> 
>            xmlsec implements XML DSig and the Widgets DSig is just
>            a profile of XML DSig. Thus, I don't see why you claim
>            that xmlsec doesn't support it.
> 
>            Aleksey
> 
>            Ashish Agrawal wrote:
> 
>                Hi Aleksey,
> 
>                I need to support
>                *http://www.w3.org/TR/2009/WD-widgets-digsig-20090331/*
>                and seems that current version of xmlsec doesn't support
>         it, Is
>                there any plan for it.
> 
>                Regards,
>                Ashish
> 
>                On Mon, Jun 1, 2009 at 8:02 PM, Aleksey Sanin
>                <aleksey at aleksey.com <mailto:aleksey at aleksey.com>
>         <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>
>                <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>
>         <mailto:aleksey at aleksey.com <mailto:aleksey at aleksey.com>>>> wrote:
> 
>                   https://www.aleksey.com/xmlsec/xmldsig.html
> 
>                   Aleksey
> 
>                   Ashish Agrawal wrote:
> 
>                       Hi Aleksey,
> 
>                       i want to know which standards of DigestMethod and
>                       Canonicalization Method is supported by xmlsec
>         currently.
> 
>                       I ve a requirement where i ve the Digest method as:
>                       http://www.w3.org/2000/09/xmldsig#sha256 and
>         Canonicalization
>                       methord as : http://www.w3.org/2006/12/xml-c14n11.
>                       Will this be supported ?
> 
>                       ~Ashish
> 
> 
>                            
>         ------------------------------------------------------------------------
> 
>                       _______________________________________________
>                       xmlsec mailing list
>                       xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>         <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>
>                <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>         <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>>
> 
> 
>                       http://www.aleksey.com/mailman/listinfo/xmlsec
> 
> 
> 
>              
>          ------------------------------------------------------------------------
> 
>                _______________________________________________
>                xmlsec mailing list
>                xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>         <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>
>                http://www.aleksey.com/mailman/listinfo/xmlsec
> 
> 
> 


More information about the xmlsec mailing list