[xmlsec] What xmlns and declarations are propagated into the SignedInfo element before xmlsec1 is hashing the SignedInfo
Aleksey Sanin
aleksey at aleksey.com
Sat Nov 26 08:32:57 PST 2011
run xmlsec with --store-signatures
Aleksey
On 11/26/11 4:31 AM, Si St wrote:
> Given these xml namespaces and declarations from the top node of a
> xml-file:
>
> <MsgHead xmlns="http://www.kith.no/xmlstds/msghead/2006-05-24"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema.xsd"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://www.kith.no/xmlstds/msghead/2006-05-24
> MsgHead-v1_2.xsd">
>
> and the following SignedInfo node (I am including the<Signature> and
> its xmlns so it can be seen) belonging to that xml-file:
>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <Reference URI="">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> <Transform
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue></DigestValue>
> </Reference>
> </SignedInfo>
>
> Which or eventually: what other xmlns/decl are to be included into the
> start element of the SignedInfo to arrange the right setup for hashing
> the DigestValue to be signed?
>
> In other words I think SignedInfo has to "inherit" xmlns, when being
> hashed as solitary element before signing a xml-document. Usually this
> happens during or prior to canonicalization of the SignedInfo.
>
> One example is this:
>
> <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>
> but it might be something else.
>
>
More information about the xmlsec
mailing list