[xmlsec] Multiple signatures

Aleksey Sanin aleksey at aleksey.com
Tue Feb 26 17:33:55 PST 2013 

Verifier is pretty stupid and can't do multiple signatures. With xmlsec1
command line tool you can specify the Signature node you want to verify
using xpath

Aleksey

On 2/26/13 8:57 AM, Gpe. Raquel Toledo wrote:
> Right now i have a project includes 2 or many signatures, but i cant
> found any example that is valid for verifier
> (http://www.aleksey.com/xmlsec/xmldsig-verifier.html) with 2 signatures.
> 
> Thanks on advanced.
> 
> 
> <?xml version="1.0" encoding="ISO-8859-1"?>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" id="F01">
> <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>   <CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
>   <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
>   <Reference URI="#TA01">
>     <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
>     <DigestValue>...mAPUI=</DigestValue>
>   </Reference>
>   <Reference URI="#IC01">
>     <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
>     <DigestValue>.../wQ=</DigestValue>
>   </Reference>
> </SignedInfo>
> <SignatureValue>...tlwyE=</SignatureValue>
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#" Id="IC01">
>   <KeyValue>
>      <RSAKeyValue><Modulus>...</Modulus>
>      <Exponent>AQAB</Exponent></RSAKeyValue>
>   </KeyValue><X509Data>
>      <X509Certificate>...ORnQBO5A=</X509Certificate>
>   </X509Data>
> </KeyInfo>
> <Object xmlns="http://www.w3.org/2000/09/xmldsig#" Id="TA01">
>   <DatosTramite>
>     <Informacion>...</Informacion>
>   </DatosTramite>
> </Object>
> </Signature>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" ID="F02">
> <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
>   <CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
>   <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
>   <Reference ID="Id_Referencia002" URI="#F01"
> TYPE="http://uri.etsi.org/01903#CountersignedSignature">
>     <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
>     <DigestValue>...</DigestValue>
>   </Reference>
>   <Reference URI="#IC02">
>     <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
>     <DigestValue>...</DigestValue>
>   </Reference>
> </SignedInfo>
> <SignatureValue ID="IS02">...</SignatureValue>
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#" Id="IC02">
>   <KeyValue>
>      <RSAKeyValue><Modulus>...</Modulus>
>      <Exponent>AQAB</Exponent></RSAKeyValue>
>   </KeyValue>
>   <X509Data>
>      <X509Certificate>..RnQBO5A=</X509Certificate>
>   </X509Data>
> </KeyInfo>
> </Signature>
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>

More information about the xmlsec mailing list