The way is I remove NS before check! Do you think that this will always work?
tks De: Cantor, Scott [mailto:[email protected]] Enviada em: terça-feira, 2 de outubro de 2012 00:28 Para: <[email protected]> Cc: [email protected] Assunto: Re: Trying understanding (Xml NS question) On Oct 1, 2012, at 10:58 AM, "Renato Tegon Forti" <[email protected]> wrote: In this case the the signature checks fail! If I remove the NS: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:ds="http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig> " Like this: The signature is validated OK! Why? Probably because you signed the reference and left it with the inclusive c14n algorithm, in which namespaces are certainly going to affect the signature. The signer did not include them, and now they're present so the digest changes. am trying understanding! What I must do to work with NS (xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:ds="http://www.w3.org/2000/09/xmldsig# <http://www.w3.org/2000/09/xmldsig> You can't, not unless the signer changes the signed document and/or uses exclusive c14n as a transform. -- Scott
