You can select the canonicalization algorithm to be used for a document from the dialog
box that is displayed by using the Canonicalize action that is
available from the Source submenu when invoking the contextual menu in
Text mode.
The Canonicalize dialog box allows you to set the following
options:
- Exclusive - If selected, the exclusive (uncommented) canonicalization method is used.
Note: Exclusive Canonicalization just copies the namespaces you
are actually using (the ones that are a part of the XML syntax). It does not look into
attribute values or element content, so the namespace declarations required to process these
are not copied. This is useful if you have a signed XML document that you want to insert into
other XML documents (or you need self-signed structures that support placement within various
XML contexts), as it will ensure the signature is verified correctly each time.
- Exclusive with comments - If selected, the exclusive with comments
canonicalization method is
used.
- Inclusive - If selected, the inclusive (uncommented) canonicalization method is used.
Note: Inclusive Canonicalization copies all the declarations,
even if they are defined outside of the scope of the signature, and all the declarations you
might use will be unambiguously specified. Inclusive Canonicalization is useful
when it is less likely that the signed data will be inserted in other XML document and it is
the safer method from the security standpoint because it requires no knowledge of the data
that are to be secured to safely sign them. A problem may occur if the signed document is
moved into another XML document that has other declarations because the Inclusive
Canonicalization will copy them and the signature will be invalid.
- Inclusive with comments - If selected, the inclusive with comments
canonicalization method is
used.
- XPath - The XPath expression provides the fragments of the XML
document to be signed.