Re: [xml] Canonicalization (C14N) of an XML element

From: Göran Halfvarson <goooran gmail com>
To: Aleksey Sanin <aleksey aleksey com>
Cc: xml gnome org
Subject: Re: [xml] Canonicalization (C14N) of an XML element
Date: Tue, 8 Feb 2005 22:12:00 +0100

Thanks for your prompt responses.

Hm... I am sorry but I have to ask if you really want to
write xmldsig implementation yourself. I did it once
(http://www.aleksey.com/xmlsec)...


Sorry, I forgot to tell you: We are aware of your XML Security Library. 

I am sure it is a very fine product, but we decided not to use it. We
could not figure out how to make XML Sec fit into our environment, for
the following reasons (I'm leaving out some details, to avoid
revealing product or security details which I'm not supposed to
reveal.):

- For signature generation, and for key unwrapping (decryption), we
use an RSA private key, stored in hardware.
- Our cryptograpic library is proprietary. 
- We are working in an embedded system, where memory footprint is very
important.

We are not making our own xmldsig implementation. We only have a small
subset of the xmldsig and xmlenc cryptographic operations, and those
operations are heavily constrained by technical specifications.

The xmlC14NExecute function allows one to
provide a callback that would be called to determine if
a given node is "visible" (i.e. included in c14n output)
or not. To canonicalize just a given node (with all the
attributes and children nodes) you can write a callback
function that would return "true" for your node, its attributes,
namespaces and children nodes and "false" for all other
nodes in the document.

Aleksey


Thank you, I will try that. 

/Göran

References:
- [xml] Canonicalization (C14N) of an XML element
  - From: =?ISO-8859-1?Q?G=F6ran_Halfvarson?=
- Re: [xml] Canonicalization (C14N) of an XML element
  - From: Aleksey Sanin

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]