Generating XADES-BES with “ds” prefix

Question

I used signedxml class for generating xml signature. And the result xml like below;

Answer 1

I don't really understand why do you want to add ds prefix in the namespace.

Having this:

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature">
  <ds:SignedInfo Id="SignedInfo">
 <ds:CanonicalizationMethod ...

Is totally equivalent to:

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="Signature">
   <SignedInfo Id="SignedInfo">
 <CanonicalizationMethod ...

In the first case you have to specify ds for elements in http://www.w3.org/2000/09/xmldsig# namespace, in the second case this namespace is the default namespace so each element in the xml without declared prefix is from this namespace.

Furthermore you say that you need to add ds prefix in order to have a XAdES-BES, and you comment something about difference between xmldsig and xades signatures. You have to know that XAdES is only a specification which says what attributes are needed by an XMLDSIG signature to become XAdES signature. Roughly XAdES is an XMLDSIG signature which incorporates:<Object http://www.w3.org/2000/09/xmldsig#> that will be the bag for the whole set of qualifying properties, some of them signed (signedProperties) and some of them unsigned (unsignedProperties). For a XAdES-BES case you must add <xades:SigningCertificate xmlns:xades="http://uri.etsi.org/01903/v1.3.2#"> inside <xades:SignedProperties> element.

Here I give you an example of XAdES-BES signature "without" ds prefix.

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="Signature">
<SignedInfo Id="SignedInfo">
    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    <Reference Id="SignedProperties-Reference" Type="http://uri.etsi.org/01903/v1.2.2#SignedProperties" URI="#SignedProperties">
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>fiKTaqJzLSmC73cMXZSzjhd877w=</DigestValue>
    </Reference>
    <Reference Id="SignedDataObject-Reference-1" URI="DetachedObjectReference-1">
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>8ruIS/4MRp2wAwVX4/pTCYxTyWc=</DigestValue>
    </Reference>
</SignedInfo>
<SignatureValue Id="DocumentSignatureValue">
    R40YdEEEl0YIZVdl4pm3yyF7qGAG8ZN8PPf0aBRXbvRgdIcvJZtI5AS5NexaO5T4O0gMHWRIKjNb
    2QzlfwxlQ3/KqMW4W0QkMLpF4csBpXt9bJ3t+smEeTnxkBcQRXAw5v9kwf20mfz1LtIUhbsU/PMd
    YwaGCsItF2rzl3rtcq4=
</SignatureValue>
<KeyInfo Id="KeyInfo">
    <X509Data>
        <X509Certificate>
            MIIIUTCCBzmgAwI...
        </X509Certificate>
    </X509Data>
    <KeyValue>
        <RSAKeyValue>
            <Modulus>
              pb0cJioffffdCDVe/t+7...
            </Modulus>
            <Exponent>AQAB</Exponent>
        </RSAKeyValue>
    </KeyValue>
</KeyInfo>
<Object>
    <xades:QualifyingProperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="QualifyingProperties" Target="#Signature">
        <xades:SignedProperties Id="SignedProperties">
            <xades:SignedSignatureProperties>
                <xades:SigningCertificate>
                    <xades:Cert>
                        <xades:CertDigest>
                            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                            <DigestValue>UZq4NIL9eVVA7aJixPeiUTM3nOM=</DigestValue>
                        </xades:CertDigest>
                        <xades:IssuerSerial>
                            <X509IssuerName>XXXXXXXXXXXX....</X509IssuerName>
                            <X509SerialNumber>705964899...</X509SerialNumber>
                        </xades:IssuerSerial>
                    </xades:Cert>
                </xades:SigningCertificate>
            </xades:SignedSignatureProperties>
            <xades:SignedDataObjectProperties/>
        </xades:SignedProperties>
    </xades:QualifyingProperties>
</Object>

Hope this helps,