[xmlsec] Signature in different namespace

Simon Josefsson simon at josefsson.org
Mon Oct 15 14:27:59 PDT 2012

Aleksey Sanin <aleksey at aleksey.com> writes:

> I don't see example but "ds:SignatureType" defines Signature node in
> the DS namespace.

The example is here:


and contains

   <?xml version="1.0" encoding="UTF-8"?>

I have validated the example against the schema using xmllint.  The
XMLSec library templates create a Signature element like this:


With the "ds:" prefix on the Signature element, I get a schema
validation error:

    pskctool/tests/pskc-figure9.xml:30: element Signature: Schemas validity error : Element '{http://www.w3.org/2000/09/xmldsig#}Signature': This element is not expected. Expected is one of ( {urn:ietf:params:xml:ns:keyprov:pskc}KeyPackage, {urn:ietf:params:xml:ns:keyprov:pskc}Signature, {urn:ietf:params:xml:ns:keyprov:pskc}Extensions ).

However, I have come up with a temporary workaround: after
xmlSecDSigCtxSign() succeeds, I do a xmlSetNs (signNode, NULL) to clear
the namespace prefix for the Signature element.  This seems quite ugly
though.  I have yet to write the code to verify these signatures


More information about the xmlsec mailing list