XMLSec Library

XMLSec Library
XML-Signature Interoperability Report

Aleksey Sanin
March 30, 2002


Features and algorithms
Key Word
Support
Detached Signature
MUST
Y
Enveloping Signature: same document reference with fragment (URI="#Object1")
MUST
Y
Enveloped Signature: same document reference (URI="") with Enveloped Signature Transform .
MUST
Y
SignatureValue generation/validation
MUST
Y
Manifest DigestValue generation/valdiation
MAY Y
Feature: laxly schema valid Signature element generation
MUST
Y
XPointers '#xpointer(/)'
SHOULD
Y
XPointers '#xpointer(id("ID"))'
SHOULD
Y
XPath
SHOULD
Y
the dsig XPath 'here()' function (can be used to implement enveloped signature)
SHOULD
Y
XSLT (note, the child XSLT element of Transform has been deprecated.)
MAY
Y
RetrievalMethod (e.g., X509Data)
SHOULD
Y
SHA1
MUST
Y
Base64
MUST
Y
HMAC-SHA1
MUST
Y
DSAwithSHA1
(DSS)

MUST
Y(*)
RSAwithSHA1
SHOULD
Y
X509 support
SHOULD
Y
minimal (deprecated)
n/a
N
Canonical XML (20010315)
MUST
Y
Canonical XML with comments
SHOULD
Y
Exlusive Canonical XML
SHOULD
Y
Exlusive Canonical XML with comments
SHOULD
Y
Enveloped Signature
MUST
Y
Additional algorithms (*)


HMAC-MD5
 
Y
HMAC-RIPEMD160
 
Y

(*) Defining DSA key with Seed and PgenCounter is not supported yet.

Test suites:
merlin-xmldsig-twenty-three.tar.gz
merlin-xmldsig-sixteen.tar.gz (features, deprecated)
merlin-xmldsig-fifteen.tar.gz (algorithms, deprecated)