Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
XML Signature
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== XML canonicalization == The creation of XML Signatures is substantially more complex than the creation of an ordinary digital signature because a given XML Document (an "[[XML Infoset|Infoset]]", in common usage among XML developers) may have more than one legal serialized representation. For example, whitespace inside an XML Element is not syntactically significant, so that <code><Elem ></code> is syntactically identical to <code><Elem></code>. Since the digital signature ensures data integrity, a single-byte difference would cause the signature to vary. Moreover, if an XML document is transferred from computer to computer, the [[Newline|line terminator]] may be changed from CR to LF to CR LF, etc. A program that digests and validates an XML document may later render the XML document in a different way, e.g. adding excess space between attribute definitions with an element definition, or using relative (vs. absolute) URLs, or by reordering namespace definitions. Canonical XML is especially important when an XML Signature refers to a remote document, which may be rendered in time-varying ways by an errant remote server. To avoid these problems and guarantee that logically-identical XML documents give identical digital signatures, an XML [[canonicalization]] transform (frequently abbreviated '''C14n''') is employed when signing XML documents (for signing the <code>SignedInfo</code>, a canonicalization is mandatory). These algorithms guarantee that semantically-identical documents produce exactly identical serialized representations. Another complication arises because of the way that the default canonicalization algorithm handles namespace declarations; frequently a signed XML document needs to be embedded in another document; in this case the original canonicalization algorithm will not yield the same result as if the document is treated alone. For this reason, the so-called ''Exclusive Canonicalization'', which serializes [[XML namespace]] declarations independently of the surrounding XML, was created.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)