[xmlsec] Question about default transform and multi-signature suggestion

Neko akitsukineko at gmail.com
Sat Jun 9 11:05:14 PDT 2012


Dear Aleksey

About transform, I want to check if my understanding is wrong.
Under self-referencing signature, the result node set of Xpath should be
canonicalized.
The CanonicalizationMethod only decides how the SignedInfo canonicalized.
If no c14n Transform specified, then xmlsec applies the default c14n, which
is http://www.w3.org/TR/2001/REC-xml-c14n-20010315
The enveloped signature transform will remove the signature node in the
content to sign, while nothing needs to be done in enveloping or detached
signature.

And about multi-signature suggestion, is there any suggested rule to
generate signatures?
It seems that enveloped signature is not suitable for this kind of use.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20120610/8e16b6e7/attachment.html>


More information about the xmlsec mailing list