[xmlsec] How to sign a SOAP message?

Aleksey Sanin aleksey at aleksey.com
Mon Jun 6 13:31:10 UTC 2022


Hi Hristo,

First, I highly recommend reading the actual XMLDSig spec:

https://www.w3.org/TR/xmldsig-core1/

Second, I think you will find the following example to be helpful:

https://github.com/lsh123/xmlsec/blob/master/examples/sign3.c

Last but not least, make sure to read section 3.2 from the FAQ
since you likely run into this in your project:

https://www.aleksey.com/xmlsec/faq.html

Best,

Aleksey

On 6/5/22 6:16 AM, Hristo Konstantinov wrote:
> Hello! I’m trying to sign a simple soap message. The message looks like 
> this:
> 
> <?xml version="1.0" encoding="utf-8"?>
> 
> <e:Envelope xmlns:e="http://schemas.xmlsoap.org/soap/envelope/">
> 
> <e:Header />
> <e:Body>
>               <Data>someData</Data>
> </e:Body>
> 
> </e:Envelope>
> 
> By no means I’m an expert in network stuff (I’m only a beginner and a 
> hobby programmer). As far as I understand, the result should look 
> something like:
> 
> <?xml version="1.0" encoding="utf-8"?>
> 
> <e:Envelope xmlns:e="http://schemas.xmlsoap.org/soap/envelope/">
> 
> <e:Header>
>           <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> 
>           …..
> 
>                   <Reference URI="#signedContent">
> 
>           ……
> 
>          </Signature>
> </e:Header>
> <e:Body id="signedContent"
>               <Data>someData</Data>
> </e:Body>
> 
> </e:Envelope>
> 
> So to my understanding the signature goes into the header, and the 
> signature reference points to the body. I’ve put the signature node into 
> the header by calling
> 
> xmlAddChild(xmlDocGetRootElement(doc)->children, signNode);
> 
> However I don’t know how to tell the library to sign the body. Do I have 
> to place the id attribute in the body by myself, or should I let the 
> library do it? The library isn’t very well documented (or maybe the 
> functions make sense, but not for someone like me). Which functions do I 
> need to call next (I’m using the x509 example as a basis). Probably I 
> should create the reference node like this:
> xmlNodePtr refNode = xmlSecTmplSignatureAddReference(signNode, 
> xmlSecTransformSha256Id,
> 
>         NULL, (const xmlChar*)"signedContent”, NULL);
> …but I’m not very sure at all. I see that there are other functions like 
> xmlSecTmplReferenceAddTransform (the examples call this with 
> xmlSecTransformEnvelopedId, but I don’t need enveloped, perhaps I should 
> call it with something else?).
> Sorry for the dumb question again!
> 
> Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for Windows
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec


More information about the xmlsec mailing list