santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <sean.mul...@oracle.com>
Subject Re: Two phase signature
Date Mon, 29 Aug 2011 13:42:27 GMT
The JSR 105 API (java.xml.crypto) allows you to separately generate the hash
value for a Reference, but not for a SignedInfo. If this is useful, see
http://download.oracle.com/javase/7/docs/api/javax/xml/crypto/dsig/XMLSignatureFactory.html#newReference%28java.lang.String,%20javax.xml.crypto.dsig.DigestMethod,%20java.util.List,%20java.lang.String,%20java.lang.String,%20byte[]%29

--Sean

On 8/29/11 9:30 AM, Ricardo Borillo wrote:
> Hi all,
> 
> Is it possible with Apache Santuario to generate the hash value of a
> canonicalized SignedInfo, then encrypt this hash with a RSA key in a
> separate process and set back the result as the SignatureValue to the
> orginal signature?
> 
> We are developing a cryptographic applet. Now we generate the full xml
> signature in the client, but it would be nice to complete the
> signature process in two phases. In the first one, a server process
> should init the structure of the xml signature and in the second one,
> the client applet sign the proper hash with a simple RAW RSA
> signature.
> 
> Is this scenario possible?
> 
> Thanks all in advance :)
> 
> ---
> Salut,
> ====================================
> Ricardo Borillo Domenech
> http://xml-utils.com / http://twitter.com/borillo

Mime
View raw message