Re: [xml] Re: Attributes without knowing name



When signing, the string that is signed must be identical to the one
which is checked at some later time. The problem with this and XML
is that attribute order isn't important, and libxml and Xerces orders
them diffrently, so I need to sort them. The signer must be general,
so it shouldn't need to know the names of the attributes in the
given element.

If you are doing digital signatures of XML data, you should look at
the IETF/W3C standard for XML Digital signatures.  The process of
ordering attributes like you describe is called canonicalization (c14n);
there are also IETF/W3C standard for XML c14n.

Even better: there is a free library C/C++ (xmlsec) built on top of
xmllib and openssl that implements XML DSIG; it also has XML C14N,
which was donated to xmllib.

You can find all the other URL's of interest here:
   http://www.aleksey.com/xmlsec/

        /r$




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]