Open JDziurlaj opened 5 years ago
There is a very strange bug in Adobe's XML Data Signatures support. If the target of a manifest includes an "Id" element, the correct transform will not run.
<Reference URI="#410">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>6LIx9NZKzbyFXC+qOW/n9bo0RS8=</DigestValue>
</Reference>
If I remove the Id attribute from the Data DOM, it works
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
<XPath Filter="intersect" xmlns="http://www.w3.org/2002/06/xmldsig-filter2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">here()/ancestor::dsig:Signature[1]/../../RBM[1]//. |
here()/ancestor::dsig:Signature[1]/../../RBM[1]//@* |
here()/ancestor::dsig:Signature[1]/../../RBM[1]//namespace::*</XPath>
</Transform>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>...</DigestValue>
</Reference>
<signData target="ballot_stub" ref="$data.signatures">
<manifest>
<ref>$data.RBM</ref>
</manifest>
</signData>
XML Signatures can provide assurances that the ballot was not modified in transit, and that it comes from the election jurisdiction. However, because the voter's selections are currently stored in nodes covered by the XML signature, it will become invalid as soon as the voter marks the ballot. A workaround is to place the selections under
datasets/data
, but as a different tag, i.e.selections
instead ofeml
. This has the side benefit of making the EML instance more conformant with the OASIS version.