santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francisco Sepulveda <shepu_2...@hotmail.com>
Subject RE: doubt with enveloped signature concept
Date Tue, 08 Jan 2008 19:46:14 GMT


thank you Sean for you time, i was almost getting crazy because all the theory was collapsing
in my mind ahahah because of the example of the book...
 
I'm using the xmlsec java classes to sign documents ... i have to develop classes that support
different kind of signatures...
 
my point is ... let's suppose that i get the following XML document as input
 
<doc> 
   <element id="123">
        </signature>
   </element>
</doc> 
 
so if i have to create an enveloped signature for the element "element"
 
the result should be the following rigth?
 
<doc> 
   <element id="123">
        <signature>
            .....
            <reference URI="#123">
        </signature>
   </element>
</doc> 
Using the java API (javax.xml.crypto.dsig) i will have to construct the output xml document
showed above with the signature ??? let say using a DocumentBuilderFactory instance and the
createElement method    or there is a transparent way for the programmer to put the signature
element inside the element "element"?? just using the Reference, SignedInfo and the rest of
the traditional classes...?
 
Is my question a common application of digital signature ??? or am i completely lost ???....
i am and undergraduate student working for his bachelor and this is an investigation thesis
so i'm laying the rules for secure standar communications ..... =( 
Thanks Again
 
Francisco> Date: Tue, 8 Jan 2008 14:30:00 -0500> From: Sean.Mullan@Sun.COM> Subject:
Re: doubt with enveloped signature concept> To: security-dev@xml.apache.org> > Francisco
Sepulveda wrote:> > Hello, I'm having problems with respect to what i understand about
the > > concept of an "enveloped signature"> > > > The W3C define the signature
as /"The signature is over the XML content > > that contains the signature as an element.
The content provides the root > > XML document element. Obviously, enveloped signatures
must take care not > > to include their own value in the calculation of the |SignatureValue|"/>
> > > I have seen that the following xml document has a broad acceptation as a >
> typical use of digital signature .... the classic enveloped signature of > > the
whole document> > > > <document>> > <element>> > </element>>
> <signature>> > <SignedInfo>> > ...> > <Reference URI="">>
> <Transforms>> > <Transform > > Algorithm=http://www.w3.org/2000/09/xmldsig#enveloped-signature/>>
> </Transforms>> > <DigestMethod .../>> > <DigestValue> ....
</DigestValue>> > </Reference>> > </SignedInfo>> > ...>
> </signature>> > </document>> > > > In the above example,
there is clear for me that the signature is child > > of the xml content being signed.>
> > > But i read in a book from McGrawHill an it shows this example of a > >
signature that is enveloped, enveloping and detached...> > > > * *> > >
> *<Contract1>*> > > > * <ImportantContent Id="ImportantElement">*>
> > > * This is important content!*> > > > * </ImportantContent>*>
> > > * *> > > > * <Signature Id="ThreeTypes">*> > > >
* <SignedInfo>*> > > > * <Reference > > URI=**"http://www.remote-server.com/file.doc">*>
> > > * . . .*> > > > * </Reference>*> > > > * <Reference
URI=**"#contract2">*> > > > * . . .*> > > > * </Reference>*>
> > > * <Reference URI=**"#ImportantElement">*> > > > * . . .*>
> > > * </Reference>*> > > > * </SignedInfo>*> > >
> * <SignatureValue> . . . </SignatureValue>*> > > > * <Object
Id="contract2">*> > > > * <Contract2> This is also very important >
> content! </Contract2>*> > > > * </Object>*> > > >
* </Signature>*> > > > *</Contract1>*> > > > * *> >
> > *FOR ME, the detached and enveloping signature are REALLY clear, but i > >
have doubt about the enveloped signature .... the book said*> > > > * *> >
> > *"The Signature Element is enveloped by the <Contract1> element. This >
> particular association gives the XML Signature the enveloped property"*> > >
> * *> > > > * *> > > > > > So, that is my point, maybe i'm
wrong but for me the <Reference > > URI=*"#ImportantElement"> is a detached signature
or not???*> > Based on the example above, you're right and the book is wrong. If in
> the example above, the ImportantElement ID was an attribute of the > Content element
then it would be enveloped. It might be nice to send the > author a comment about that.>
> > > > My final question is, if a really want to sign the <ImportantContent>
> > element using an enveloped signature. Do i really need to put the > > signature
as child of the <ImportantContent> element or not?? does the > > location of the
signature have a significant impact? > > Yes, otherwise it is not an enveloped signature.>
> > or when the > > signature is enveloped it is allways located as the "last
child" of the > > document element inside an XML document..> > It doesn't have
to be the last child, it could be the first, the second, > or any descendant element.>
> --Sean
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Mime
View raw message