XML Security Library

     LibXML2
     LibXSLT
     OpenSSL

XML Security Library
XML Signature Interoperability Report

Aleksey Sanin
March 2 2003


IETF/W3C XML Signature WG: XML Signature Interoperability

Features and algorithms
Key Word
XMLSec with OpenSSL XMLSec with GnuTLS(0) XMLSec with NSS(0)
Detached Signature
MUST
Y
Y
Y
Enveloping Signature: same document reference with fragment (URI="#Object1")
MUST
Y
Y
Y
Enveloped Signature: same document reference (URI="") with Enveloped Signature Transform .
MUST
Y
Y
Y
SignatureValue generation/validation
MUST
Y
Y
Y
Manifest DigestValue generation/valdiation
MAY Y
Y
Y
Feature: laxly schema valid Signature element generation
MUST
Y
Y
Y
XPointers '#xpointer(/)'
SHOULD
Y
Y
Y
XPointers '#xpointer(id("ID"))'
SHOULD
Y
Y
Y
XPointers: full suppport MAY
Y
Y
Y
XPath
SHOULD
Y
Y
Y
the dsig XPath 'here()' function (can be used to implement enveloped signature)
SHOULD
Y
Y
Y
XSLT (note, the child XSLT element of Transform has been deprecated.)
MAY
Y
Y
Y
RetrievalMethod (e.g., X509Data)
SHOULD
Y
Y
Y
SHA1
MUST
Y
Y
Y
Base64
MUST
Y
Y
Y
HMAC-SHA1
MUST
Y
Y
Y
DSAwithSHA1
(DSS)

MUST
Y(1)
N
N
RSAwithSHA1
SHOULD
Y
N
N
X509 support
SHOULD
Y
N
N
minimal (deprecated)
n/a
N
N
N
Canonical XML (20010315)
MUST
Y
Y
Y
Canonical XML with comments
SHOULD
Y
Y
Y
Exlusive Canonical XML
SHOULD
Y
Y
Y
Exlusive Canonical XML with comments
SHOULD
Y
Y
Y
Enveloped Signature
MUST
Y
Y
Y
Additional algorithms ( * )




HMAC-MD5
 
Y
Y
Y
HMAC-RIPEMD160
 
Y
Y
Y
XPointer transform
 
Y
Y
Y

(0) This feature is currently available only in the development release.
(1) Defining DSA key with Seed and PgenCounter is not supported.


Test vectors:
merlin-xmldsig-twenty-three.tar.gz
merlin-xmldsig-sixteen.tar.gz (features, deprecated)
merlin-xmldsig-fifteen.tar.gz (algorithms, deprecated)

Aleksey Sanin