The program SC14N performs the canonicalization (C14N) transformations you need to do when creating signed XML documents using XML-DSIG. It takes an input XML file and outputs the canonicalized transformation or its digest value.
Download | BUY NOW! | Documentation | Notes | References | Contact us
When we say "straightforward", we mean the documents not the procedure. We mean the usual XML documents you come across in practice, not the obscure corner cases using the more arcane parts of the XML specification.
SC14N carries out both inclusive and exclusive canonicalization (see Notes). You can canonicalize the entire document (which you'd do for a detached signature), or omit a given element (e.g. the Signature element for an enveloped signature), or just transform a subset of the document (e.g. the SignedInfo element, or a given Id reference).
You can output the result to a new XML file, or compute its SHA-1 or SHA-256 digest value directly. The APIs allow you to work entirely in memory.
You can use SC14N from the Windows command-line or use one of the programming interfaces using C#, VB.NET, C, C++, VBA, VB6 or Python.
If you're reading this then we assume you understand what canonicalization is and how it is used to sign an XML document. For background, see our related pages on the topic Canonicalization of an XML document and Signing an XML document using XMLDSIG.
Here are two quick examples.
This example transforms the input XML document excluding the
This is the transformation used for an
sc14n -x Signature olamundo.xml <Envelope xmlns="http://example.org/envelope"> <Body> Olá mundo </Body> </Envelope> sc14n --digest-value --exclude-bytag=Signature olamundo.xml UWuYTYug10J1k5hKfonxthgrAR8=
For the full command-line syntax see Using Sc14n from the command line.
using Sc14n; // ... // Example 1. Excludes the first element with the tag name <Signature> r = C14n.ToFile("c14nfile1.txt", "input.xml", "Signature", Tran.OmitByTag); // Example 2. Finds and transforms the first element with the tag name <SignedInfo> r = C14n.ToFile("c14nfile2.txt", "input.xml", "SignedInfo", Tran.SubsetByTag);
For more details on using C# (and other programming languages) see Programming interfaces to SC14N.
To check if your XML document is well-formed, just c14n the entire document and check the error message.
New in v3.0: use the
> sc14n --check notxml.xml Error code -9: Invalid XML structure: Error: Invalid at the top level of the document (Line: 1) > sc14n -k olamundo-bad.xml Error code -9: Invalid XML structure: Error: Tag 'Envelope' was not closed (Line: 35) > sc14n -k olamundo.xml OK
Download the Trial Edition of SC14N for Windows now. The Trial Edition is fully-functional and expires after 60 days. Please read the licence conditions for the Trial Edition and the Notes and Limitations below.
Licensed users can download the latest licensed version here.
Most recent production version 3.1.0 compiled 5 April 2022 with updated v188.8.131.52 of sc14n.exe 13 August 2023. Use either
Either unzip the zip file and run the
install.exe program inside it,
or download the exe program directly and run it.
Minimum required operating system is Windows XP-SP2 and above (that is, XP/Vista/W7/W8/W10) or Windows Server 2003 and above.
Trouble installing: If Microsoft Defender Smartscreen gives you a warning, see Unrecognized app error. (TL;DR Click "More info" then "Run anyway"). Check that you see "Publisher: D.I. MANAGEMENT SERVICES PTY LIMITED".
After installing, test by opening a command line window and typing
sc14n --help. See Command-line syntax for more details.
Our free XML Simple Query utility xmlsq makes an ideal companion tool for SC14N. Use xmlsq to query your XML files and use SC14N to canonicalize it. xmlsq is lightweight, free and does not expire. Download now.
You can purchase a licenced version here. (Please make sure you have tested the Trial Edition before purchase and make sure it does what you require.)
Existing licence holders can download the latest Developer Version here.
See the documentation page
So if you need to send signed documents to a server using MS .NET with inclusive c14n, we can't help you. (We think the bad version actually uses exclusive C14n to process the SignedData, even though it's meant to be inclusive). You'll just have to use the MS-CR*P software to reproduce the deliberate error. It should be OK with exclusive c14n, though.
Changes in v3.1 (April 2022)
Changes in v3.0 (August 2021)
-k) option to the CLI.
Changes in v2.1 (December 2019)
Changes in v2.0 (November 2018)
xml:langattributes in a subset.
SC14N_TRAN_EXCLUDEBYoption flags in favour of
SC14N_TRAN_OMITBY. This is to help avoid confusion (!) with the new
For more information about SC14N, please send us a message.
This page first published 11 July 2017. Last updated 13 August 2023
[Go to top]