[xmlsec] xml signing binary files

Erwann Abalea Erwann.Abalea at docusign.com
Mon Apr 29 01:07:12 PDT 2019 

Bonjour,

Why not have a standard template, and add a new dsig:Reference node for each of the files you want to sign into the dsig:Signature/dsig:SignedInfo tree?
Normally, you should already have this:
<dsig:Reference URI="">
  <dsig:Transforms>
    <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
  </dsig:Transforms>
  <dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
  <dsig:DigestValue></dsig:DigestValue>
</dsig:Reference>

If you want to sign a file in addition to your XML file, just add this:
<dsig:Reference Id="document_0" URI="myfile.bin">
  <dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
  <dsig:DigestValue></dsig:DigestValue>
</dsig:Reference>

And sign the XML file the normal way (wih myfile.bin being present in your current directory).

Cordialement,
Erwann Abalea

Le 27/04/2019 05:02, « xmlsec au nom de Aleksey Sanin » <xmlsec-bounces at aleksey.com au nom de aleksey at aleksey.com> a écrit :

    This is a very good question. I am traveling and can’t run a test. Can you try to use reference uri and base64 transform? The url parsing depends on the next transform input and by default c14n is applied which requires xml node set which forces xml parsing. I believe if next transform is base64 encoding then it should work but not 100% sure.
    
    
    Aleksey
    
    > On Apr 26, 2019, at 7:40 PM, Skip Carter <skip at taygeta.com> wrote:
    > 
    > Aleksey,
    > 
    > Thanks for your excellent XMLSEC library, I have been using it for
    > several years.  Yet in all that time I have not had the need to use
    > xmlsec for signing anything but XML files but now I do.
    > 
    > How do I sign a binary file ?  I used sign1.c and sign1-tmpl.xml
    > as a starting point and set Reference URI to point to the file, but
    > sign1 clearly expects to see the file as an XML file:
    > 
    > Entity: line 1: parser error : Document is empty
    > func=xmlSecParserPushBin:file=parser.c:line=182:obj=xml-
    > parser:subj=xmlParseChunk:error=5:libxml2 library function
    > failed:size=1024
    > func=xmlSecTransformPump:file=transforms.c:line=1694:obj=xml-
    > parser:subj=xmlSecTransformPushBin:error=1:xmlsec library function
    > failed: 
    > func=xmlSecTransformCtxUriExecute:file=transforms.c:line=1205:obj=unkno
    > wn:subj=xmlSecTransformPump:error=1:xmlsec library function
    > failed:uri=debian.jpg
    > ...
    > 
    > Is the an attribute in Reference that should be set for nonxml data ?
    > 
    > Thanks
    > 
    > -- 
    > Dr Everett (Skip) Carter
    > skip at taygeta.com
    > 
    > Taygeta Scientific Inc
    > 607 Charles Ave
    > Seaside CA 93955
    > 831-641-0645 x103
    > 
    > 
    
    _______________________________________________
    xmlsec mailing list
    xmlsec at aleksey.com
    http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list