santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <Sean.Mul...@Sun.COM>
Subject Re: Invalid Signature problem through Empty elements are converted to start-end tag pairs
Date Wed, 28 Jan 2009 21:05:42 GMT
Harakiri wrote:
> --- On Wed, 1/28/09, Sean Mullan <Sean.Mullan@Sun.COM> wrote:
> 
>> From: Sean Mullan <Sean.Mullan@Sun.COM>
>> Subject: Re: Invalid Signature problem through Empty elements are converted to start-end
tag pairs
> 
>> This is a very strange signature. If you just want to sign
>> the contents of the document (the tbone element) without the
>> signature, you should just use the enveloped transform:
>> http://www.w3.org/TR/xmldsig-core/#sec-EnvelopedSignature
> 
> I think the code was based on this example:
> 
> http://svn.apache.org/repos/asf/xml/security/trunk/src_samples/javax/xml/crypto/dsig/samples/GenEnveloped.java

But that example uses the Enveloped Signature Transform.

>> You need to also dump out the same pre-digested input when
>> generating the signature and then compare them.
> 
> I have been unable to figure out how to dump the pre-digested input when signing with
the SUN xmldsig jars. Can you hint on how to enable debugging in my last sample code for signing?

When you say SUN xmldsig jars, I'm still not sure what version of the software 
you are using. Can you give me more details as to what you are using?

--Sean



Mime
View raw message