rtc: Signature verification fails for XMLs that are not in their canonical form #246
Labels
bug
Something isn't working
component: rtc
component: sii_crypto
crypto particular to the SII (unlike 'crypto')
Even though it is assumed that a canonicalization algorithm is applied before performing the digital signature calculations of the XML, even if it is referenced in the
SignedInfo
element, it does not mean that it was necessarily applied. Unfortunately, the SII does not verify that the XML is in its canonical form, so it is common that several of the AECs accepted by the SII are not normalized (See discussion at #242).For this reason, the signature verification algorithm will fail in those XMLs that, by canonicalizing them before verifying their signature, the normalization introduces changes that modify the content of the XML, e.g. documents containing empty-element tags
The text was updated successfully, but these errors were encountered: