[xmlsec] signing specific nodes

Aleksey Sanin aleksey at aleksey.com
Wed Jan 15 11:38:12 PST 2014 

Use "--store-references" command line option for xmlsec1 utility. It
will print you the exact data you are signing so you can verify it
yourself :)

Aleksey

On 1/15/14, 7:09 AM, Putinei .Ionut wrote:
> Hello,
> 
> I have this xml file:
> 
> <misc_data>
>     <capture_time>"2001-10-26T21:32:52"</capture_time>
>     <data>
>         <name>UEUE</name>
>         <diagnostic_request_id>213123</diagnostic_request_id>
>         <onboard_data_definition_id>qeqeqwqw</onboard_data_definition_id>
>         <value>2423423</value>
>     </data>
>     <data>
>         <name>UEUE</name>
>         <diagnostic_request_id>213123</diagnostic_request_id>
>         <onboard_data_definition_id>qeqeqwqw</onboard_data_definition_id>
>         <value>2423423</value>
>     </data>
>     <data>
>         <name>UEUE</name>
>         <diagnostic_request_id>213123</diagnostic_request_id>
>         <onboard_data_definition_id>qeqeqwqw</onboard_data_definition_id>
>         <value>2423423</value>
>     </data>
>     <data>
>         <name>UEUE</name>
>         <diagnostic_request_id>213123</diagnostic_request_id>
>         <onboard_data_definition_id>qeqeqwqw</onboard_data_definition_id>
>         <value>2423423</value>
>     </data>
>     <mumu>asdas </mumu>
> </misc_data>
> 
> and i want to sign :"capture_time" node and all "data" nodes.
> 
> tried adding this to template:
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>       <SignedInfo>
>           <CanonicalizationMethod Algorithm=
>            "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>           <SignatureMethod Algorithm=
>            "http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>           <Reference>
>           <Transforms>
>               <Transform Algorithm=
>               "http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
>               <Transform Algorithm=
>               "http://www.w3.org/TR/1999/REC-xpath-19991116">
>                   <XPath>ancestor::capture_time</XPath>
>               </Transform>
>           </Transforms>
>           <DigestMethod Algorithm=
>           "http://www.w3.org/2000/09/xmldsig#sha1"/>
>           <DigestValue></DigestValue>
>           </Reference>
>           <Reference>
>           <Transforms>
>               <Transform Algorithm=
>               "http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
>               <Transform Algorithm=
>               "http://www.w3.org/TR/1999/REC-xpath-19991116">
>                   <XPath>select /misc_data/data</XPath>
>               </Transform>
>           </Transforms>
>           <DigestMethod Algorithm=
>           "http://www.w3.org/2000/09/xmldsig#sha1"/>
>           <DigestValue></DigestValue>
>           </Reference>
>       </SignedInfo>
>       <SignatureValue />
>       <KeyInfo>
>           <KeyValue />
>       </KeyInfo>
> 
> 
> I not sure if do thing right here and also that the signed document is
> correct.
> 
> 
> Thanks,
> Ionut
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>

More information about the xmlsec mailing list