xml-crypto icon indicating copy to clipboard operation
xml-crypto copied to clipboard
verified publisher icon yaronn

Signature ID: Make it a optional attribute

Open psavelis opened this issue 4 years ago • 2 comments

Hi everyone!

According to https://www.w3.org/TR/xmldsig-core2/#sec-Overview, the ID and URL attributes are defined as optional (with a ?). I believe it should have a option/parameter to indicate whether theses attributes may be generated or not.

However, I see no option for generating and verifying a signature without theses attributes. Is there any related issue or a fix for this requirement?

UPDATE: Just figured out that setting isEmptyUri to true on addReference causes the ID not to render on the output, but it stills does not verify the signature.

Any fix for verifying a signed Xml, having no ID attribute on the reference node?

psavelis avatar Dec 27 '21 20:12 psavelis

@psavelis , we welcome community contributions for improvements in documentation, fixes for incorrect behavior, and changes enabling additional behavior. Please consider contributing a PR with a test suite to at least recreate the weakness that you're encountering and we might be able to help you code a solution.

cjbarth avatar May 29 '23 22:05 cjbarth