SignData produces bad XML Signature when ref target contains Id attribute
There is a very strange bug in Adobe's XML Data Signatures support. If the target of a manifest includes an "Id" element, the correct transform will not run.
<Reference URI="#410">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>6LIx9NZKzbyFXC+qOW/n9bo0RS8=</DigestValue>
</Reference>
If I remove the Id attribute from the Data DOM, it works
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
<XPath Filter="intersect" xmlns="http://www.w3.org/2002/06/xmldsig-filter2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">here()/ancestor::dsig:Signature[1]/../../RBM[1]//. |
here()/ancestor::dsig:Signature[1]/../../RBM[1]//@* |
here()/ancestor::dsig:Signature[1]/../../RBM[1]//namespace::*</XPath>
</Transform>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>...</DigestValue>
</Reference>
<signData target="ballot_stub" ref="$data.signatures">
<manifest>
<ref>$data.RBM</ref>
</manifest>
</signData>
1
vote
![](https://secure.gravatar.com/avatar/e6a7ac29d4938af72a35e9ea5fa29e35?size=40&default=https%3A%2F%2Fassets.uvcdn.com%2Fpkg%2Fadmin%2Ficons%2Fuser_70-6bcf9e08938533adb9bac95c3e487cb2a6d4a32f890ca6fdc82e3072e0ea0368.png)