santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cédric POTHIN <cedric.pot...@inovatel.sfr.com>
Subject RE: Problem with verifying enveloped XML signatures
Date Wed, 09 Feb 2005 13:51:51 GMT
Many Thks Raul

> -----Message d'origine-----
> De : Raul Benito [mailto:raul.benito.garcia@gmail.com]
> Envoyé : mercredi 9 février 2005 10:59
> À : security-dev@xml.apache.org
> Objet : Re: Problem with verifying enveloped XML signatures
> 
> You need to add enveloped transformation to your reference. This will
> fix your problem.
> 
> Regards,
> 
> 
> On Wed, 26 Jan 2005 13:08:58 +0000 (UTC), Neil Bennett <ndb23@dl.ac.uk>
> wrote:
> > I am trying to verify an enveloped XML signature.  If the signed
> document is
> > saved to a file and then read back in, there is no problem.  The
> signature is
> > shown as valid.
> >
> > However, as I am using enveloped signatures, I do not really want to
> save the
> > signature to a file.  When I verify the signature, I just want to load
> in the
> > signed DOM Document from memory and verify it directly rather than
> having to
> > build a DOM Document from scratch and load in a signature file.
> >
> > However, when I pass in my signed DOM Document, I always get an error
> stating
> > that the signature is invalid.
> >
> > I have manually checked the XML signatures generated by the two methods
> and
> > they are identical (except for digest and signature values obviously).
> >
> > My only guess is that the problem lies with the XMLSignature
> constructor.  I am
> > using "new XMLSignature( signatureElement, baseURI )".  Where I am
> loading in a
> > file, I just use the same baseURI as I used to generate the signature.
> > However, when I am reading the DOM Document directly, what parameter
> should I
> > pass in to the XMLSignature constructor, bearing in mind that there is
> no
> > signature file?
> >
> > Any help would be much appreciated.
> > Neil
> >
> >


Mime
View raw message