santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Inma Marín <i...@dif.um.es>
Subject Problem verifying an XML enveloped signature
Date Mon, 01 Dec 2008 16:06:31 GMT
Hello,

 

I have a problem when validating an XML enveloped signature. The point is
that I want to verify an XML document which includes 3 enveloped signatures.
These enveloped signatures are independent, in such a way that each of them
are generated only over the XML document (removing the already existing
signatures). To that extent, an xpath expression
(not(ancestor-or-self::node()=//*[namespace-uri()='http://www.w3.org/2000/09
/xmldsig#' and local-name()='Signature'])) is used instead of an enveloped
transform (as an enveloped transform only removes the actual signature
element, and I need all existing signatures elements be removed). However,
when verifying this document, the verification last a lot of time!

 

Particularly, if I try to verify an XML document with only one signature, if
it has been generated using the XPath expression , the verification lasts 15
minutes more than if the signature has been generated using the enveloped
transform!!

 

I am using xmlsec v1.2.1.

 

Could you be so kind as to tell me why it happens, please? Does any later
version make this kind of verification quicker? If no, any idea of making
this verification more rapid?

 

Thank you very much in advance.

 

 

------------------------------------------------------------
Inmaculada Marín López
Edificio ATICA - Planta baja
Campus de Espinardo
Universidad de Murcia
Teléfono +34 968 367906
e-mail:  <mailto:inma@dif.um.es> inma@dif.um.es
------------------------------------------------------------

 


Mime
View raw message