The error you have says that instead of expected <dsig:Signature> node in the xmlSecDSigGenerate() function you've got something else. Using "testXPath" utility from LibXML package I can confirm that:
[EMAIL PROTECTED] ferrel]$ ./testXPath --input test-signed.xml "//Contact[1]"
Object is a Node Set :
Set contains 1 nodes:
1 ELEMENT Contact
ATTRIBUTE Id
TEXT
content=f6b1af52-0ba8-11d7-87ec-c3c034e4ae6aAs you can see, you have selected a wrong "start node" (Contact instead of <dsig:Signature>). Simple changing the xpath expression helps:
[EMAIL PROTECTED] ferrel]$ ./testXPath --input test-signed.xml "//Contact/*[6]"
Object is a Node Set :
Set contains 1 nodes:
1 ELEMENT sig:Signature
namespace sig href=http://www.w3.org/2000/09/xmldsig#
[EMAIL PROTECTED] ferrel]$ xmlsec sign --node-xpath '//Contact/*[6]' --privkey rsakey.pem
test-signed.xml
<?xml version="1.0" encoding="UTF-8"?>
<Keys Source="Atlanta"><!-- generated TestKey keygen --><Contacts><Contact Id="f6b1af52-0ba8-11d7-87ec-c3c034e4ae6a">
....
From my point of view, your original XPath expression to select <dsig:Signature> node
is incorrect and I am not sure that I understand how it used to work. May be there was
a bug in LibXML and you got it fixed with new LibXML version.
With best regards, Aleksey
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
