Comments (5)
kislyuk
commented on July 27, 2024
Correct, that is the default behavior.
from signxml.
msetina
commented on July 27, 2024
The problem is that signing with a key that has not certificate will produce a signed XMl document that has only KeyVaue
from signxml.
kislyuk
commented on July 27, 2024
Sorry, I'm not quite following. Can you provide a complete example with a specific description of observed vs. expected behavior and either a reference to how the behavior is not consistent with the spec or a description of why the behavior is invalid?
from signxml.
msetina
commented on July 27, 2024
I got to this by having a simple process that signs and then verifies the result. When I signed with only a private key the XMLSigner produced a signed document that had just KeyValue populated with public key information. In the step where the signed document is verified, the verifier complained that it had no X509 ceritificate.
I can not find in the specification (https://www.w3.org/TR/xmldsig-core2/ or https://www.w3.org/TR/xmldsig-core1/) that X509 certificate is needed. For validation procedure it refers to KeyInfo, which is present.
from signxml.
kislyuk
commented on July 27, 2024
Correct, by default the validation procedure in SignXML requires an X.509 certificate, because that is the common behavior and the safe default. You have to explicitly configure it with a key to override that behavior.
from signxml.
Related Issues (20)
- signxml.exceptions.InvalidDigest: Digest mismatch for reference 0 ()
- XMLVerifier.verify() backward compatibility issue HOT 2
- How can I bypass this. HOT 1
- How to sign using a hardware token? HOT 7
- Creating a detached signature HOT 7
- PKCS#11 support HOT 15
- Failed to sign in the desired format HOT 2
- Allow pretty-printing
- Problem with the strip_pem_header function HOT 4
- Sign xml with thumbprint HOT 3
- _check_key_value_matches_cert_public_key overwrites public_key variable for ECDSA HOT 1
- XAdESSigner creates certificate digests that fail to verify HOT 7
- XADES sign has always_add_key_value: bool = True
- Support for multiple signatures HOT 6
- Validate x.509 cert value is a valid certificate before inlining contents into signature HOT 3
- How to sign xml using SHA1 HOT 2
- RSA signature did not verify HOT 2
- Bad Signature - unsure of how to debug further HOT 1
- Can not run the synopsis example: Missing child element(s). HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from signxml.