xml dsig question from Alexander Dimitrov on 2004-04-05 (w3c-ietf-xmldsig@w3.org from April to June 2004)

From: Alexander Dimitrov <alexander@progress.inetg.bg>
Date: Mon, 5 Apr 2004 11:57:45 +0300
To: <w3c-ietf-xmldsig@w3.org>
Message-ID: <003301c41aec$0ff64ba0$a400000a@IT>

Hi Mark,
I want to ask you to give me a little help on my problem. If you don't have
time
just tell me a link to a forum where xml digital signatures are discussed.

Let me explain my problem.
I'm creating an applet to digitally sign xml documents according to w3c
recommendation.
I use enveloped signatures. Because I use only my code for signing I need to
know
exactly what is signed. When I sign a document like this everything is OK.

Document to sign:

<?xml version="1.0" ?>
<MyDocument Id="MyDocument">
<MyData>Data to be signed!</MyData>
</MyDocument>

I create SignedInfo element which looks like this (after canonization):

<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Canonicalizati
onMethod>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
<Reference URI="#MyDocument">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transfor
m>
<Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></Transform>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
<DigestValue>G4J2tuGKazay8hcG8hRBzQoobpg=</DigestValue>
</Reference>
</SignedInfo>

I sign this SignedInfo compose Signature element and everything is ok.
(I use a third party software for validation and it validates my document
correctly).

The problem occured when I want to sign document, containing namespace
declaration.

Document to sign:

<?xml version="1.0" ?>
<MyDocument Id="MyDocument">
<MyData xmlns="http://www.test.com">Data to be signed!</MyData>
</MyDocument>

Again I create the same SignedInfo element (except the DigestValue,
but verification fails. My supposition is that I have to modify
SignedInfo element because my initial xml document has declared a
namespace. Can anyone give me some suggestions how my SignedInfo
element should look like. I need the final SignedInfo element, just
before it is actually signed.

Thanks in advance.

Alexander

Received on Monday, 5 April 2004 05:03:47 UTC