• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

XML Signature and canonicalization

 
Dan Drillich
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Good Day,

It seems to me that canonicalization is a prerequisite for XML Signature. I just wonder if it is mandatory. After all, we can have integrity of the message even without canonicalization.

Any thoughts?

Regards,
Dan
 
amit punekar
Ranch Hand
Posts: 544
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,
In my opinion Canonicalization is necessary so that you compute Hash on the basic form of the data without any other characters like spaces.

Regards,
Amit
 
Dan Drillich
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Right, but Canonicalization is considered to be a resource intensive operation and if one wants only to guarantee the integrity of the a particular message, Canonicalization doesn't seem to be needed.

Regards,
Dan
 
Ivan Krizsan
Ranch Hand
Posts: 2198
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
The question is slightly old, but I couldn't resist the prospects of a good discussion!

Assume the following trivial XML fragments:

and

With ns1 and ns2 both referring to the same namespace.

We can both tell that the first XML fragment is a valid version of the second XML fragment that has not been tampered with.
However, in order for a piece of software to be able to determine this, I feel we need to transform the XML fragments into some kind of normalized (i.e. canonical) form.
Having been "normalized", the program will then be able to determine if the XML fragments are equal or not.
Best wishes!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic