santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jesse Pelton" <...@PKC.com>
Subject RE: Verify signature: bad for enveloped, ok for enveloping and detached.
Date Wed, 02 Feb 2005 13:55:28 GMT
You need to include the enveloped signature transformation specifically.  This serves to remove
the signature element from the document before signing and verification.  This is required
because the signature element changes during signing; if the original signature element were
part of the signed content, the final signature would be invalid, because part of the signed
content (the signature) would be different.  See http://www.w3.org/TR/xmldsig-core/#sec-EnvelopedSignature
and http://www.w3.org/TR/xmldsig-core/#sec-Transforms.

> -----Original Message-----
> From: def abc [mailto:anon742000@yahoo.fr] 
> Sent: Wednesday, February 02, 2005 8:45 AM
> To: security-dev@xml.apache.org
> Subject: Re: Verify signature: bad for enveloped, ok for 
> enveloping and detached.
> 
>  --- Raul Benito <raul.benito.garcia@gmail.com> a
> écrit : 
> > Does you add enveloped-signature-transformation?
> > It is need to enveloped signatures. If not it will
> > fail.
> 
> Not sure to understand...
> My signed XML does have a transformation (c14n) -- see
> below.
> Do you mean I should apply a transformation to the
> signed document for verification ?
> 
> Regards,
> -- Axelle.
> 
> <policy xmlns="http://xxx"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://xxx/DSP ./DSP.xsd">
>  <dsi_policy>
>  [...]
>  </dsi_policy>
> <ds:Signature
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></
> ds:CanonicalizationMethod>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:Si
> gnatureMethod>
> <ds:Reference
> URI="file:/G:/prog/xml-security-1_2_0/misc.xml">
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>HbVbteOlAwHiVZYotc1E7wWswyo=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> CRCr/II7oFTYANIz3NMqpUgnMLMvyU9rwpZNOBk5+Sp9k+kXyMJNU/7WehvTmh
> tu6mTTXplUpmyw
> [...]
> </ds:SignatureValue>
> </ds:Signature></policy>
> 
> 
> 
> 	
> 
> 	
> 		
> Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de 
> stockage pour vos mails ! 
> Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
> 

Mime
View raw message