RE: Multiple signing on same set of items and on same file from Christian Geuer-Pollmann on 2023-11-30 (w3c-ietf-xmldsig@w3.org from October to December 2023)

From: Christian Geuer-Pollmann <Christian.Geuer-Pollmann@microsoft.com>
Date: Thu, 30 Nov 2023 13:55:43 +0000
To: "Rashmi Ramanna (rasraman)" <rasraman@cisco.com>, "w3c-ietf-xmldsig@w3.org" <w3c-ietf-xmldsig@w3.org>
Message-ID: <AM9PR83MB049883821DFC8C8546B80FD3C082A@AM9PR83MB0498.EURPRD83.prod.outlook.com>

Yes, you can have multiple XML Signatures in a file, and they can cover the same contents. However, you must check how you construct the signatures. (your sample below isn't a well-formed XML doc, as it has no single document element). You essentially want to avoid that the signatures 'disturb' each other. Therefore, you cannot simply say "I sign the whole document and use an enveloping signature".

From: Rashmi Ramanna (rasraman) <rasraman@cisco.com>
Sent: 2023-Nov-29 21:32
To: w3c-ietf-xmldsig@w3.org
Subject: [EXTERNAL] Multiple signing on same set of items and on same file

You don't often get email from rasraman@cisco.com<mailto:rasraman@cisco.com>. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>
Hi Team,

I would like to know if multiple signing of same items  and on same xml file is possible?
If yes can you please point me to the document explaining how that can be done?

I want to dual sign xml file using both SHA1 and SHA256 because of some internal requirement.

Eg: my abc.xml have below contents
     <name>Rashmi</name>
     <company>Cisco</company>
     <address>zyx</address>

I want to include all the items in abc.xml under the signatures SHA1 and SHA256

Really appreciate your respone.

Thanks,
Rashmi

Received on Thursday, 30 November 2023 13:55:54 UTC