[xmlsec] Signature in different namespace

Simon Josefsson simon at josefsson.org
Mon Oct 15 12:56:35 PDT 2012

Hi.  I want to implement support for signing/verifying PSKC data (RFC
6030) which uses xmldsig.  The XML schema is here:


In particular it refer to xmldsig like this:

               <xs:element name="Signature"
                    type="ds:SignatureType" minOccurs="0"/>

As far as I can tell (and this is reinforced by the example in section 7
of RFC 6030), this means the XML will have a Signature element in the
PSKC namespace but with children from the xmldsig namespace.  For

   <?xml version="1.0" encoding="UTF-8"?>

I'm having trouble making XMLSec cope with this.  xmlSecDSigCtxSign
calls xmlSecDSigCtxProcessSignatureNode which starts with:

    if(!xmlSecCheckNodeName(node, xmlSecNodeSignature, xmlSecDSigNs)) {

So I get a hard error when trying to sign with a Signature node that
isn't in the xmldsig namespace.  Any ideas on what could be done here?

(Sorry if you get a similar email later on, I recently subscribed to
re-send this e-mail.)


More information about the xmlsec mailing list