santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Frankinet Philippe" <p.franki...@nsi-sa.be>
Subject RE: how to build a valid XML Signature when the signature already exists
Date Thu, 28 Jul 2005 07:27:25 GMT

> If that is the case, you'll probably find it easier to create new XMLSignatures using
the original source document for which the
> PKCS7 exists, rather than trying to build XMLSignature documents from PKCS7 components.

Perhaps i don't understand how XMLDSIg works but we haven't the private key and i think this
object is required to proceed the XML Signature.
How do you proceed if the private key was lost or if the signature is computed by another
computer/application (not a hardware crypto system) ?

We have the original source document, the certificate and the signature. I will check your
links to see if i can build an XML Signature based on these components (and without using
the Pk).

Feel free to give other advice ;-)


Philippe.

-----Message d'origine-----
De : Arshad Noor [mailto:arshad.noor@strongauth.com] 
Envoyé : mercredi 27 juillet 2005 19:36
À : security-dev@xml.apache.org
Objet : Re: how to build a valid XML Signature when the signature already exists

I'm not certain why you would want to take a PKCS7-based signature and convert it to an XMLSignature
document, Philippe - unless, of course, your application that used to deal with PKCS7 objects,
now wants XMLSignature documents and you're trying to get the existing signatures into this
new format.

If that is the case, you'll probably find it easier to create new XMLSignatures using the
original source document for which the
PKCS7 exists, rather than trying to build XMLSignature documents from PKCS7 components.

http://www.w3.org/Signature/#Code provides many toolkits to do this.
Sun recently released a JSR-105 compliant reference toolkit to do this too, which you can
download at:
http://jcp.org/aboutJava/communityprocess/final/jsr105/index.html

Arshad Noor
StrongAuth, Inc.


Frankinet Philippe wrote:
> Dear,
> How to do if the signature already exists (e.g stored as PKCS7 format 
> on a backup system) ?? How to give the existing signature bytes, 
> certificate, ... to the XML signature process ?
> 
> We have all elements in hands but we don't know how to proceed.
> Sample code will be appreciated
> 
> Thanks a lot,
> Philippe.
> 
> 
> Frankinet Philippe
> NSI s.a.
> Chaussée de Bruxelles 174A
> B-4340 Awans
> 
> Tél. +32 4 239 91 50
> Fax +32 4 246 13 08
> _Http://www.nsi-sa.be_
> 

Mime
View raw message