Return-Path: X-Original-To: apmail-santuario-dev-archive@www.apache.org Delivered-To: apmail-santuario-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E188F7338 for ; Mon, 29 Aug 2011 13:30:56 +0000 (UTC) Received: (qmail 79900 invoked by uid 500); 29 Aug 2011 13:30:56 -0000 Delivered-To: apmail-santuario-dev-archive@santuario.apache.org Received: (qmail 79751 invoked by uid 500); 29 Aug 2011 13:30:55 -0000 Mailing-List: contact dev-help@santuario.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@santuario.apache.org Delivered-To: mailing list dev@santuario.apache.org Received: (qmail 79738 invoked by uid 99); 29 Aug 2011 13:30:55 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Aug 2011 13:30:55 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of borillo@gmail.com designates 209.85.160.182 as permitted sender) Received: from [209.85.160.182] (HELO mail-gy0-f182.google.com) (209.85.160.182) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Aug 2011 13:30:48 +0000 Received: by gyd10 with SMTP id 10so6954754gyd.27 for ; Mon, 29 Aug 2011 06:30:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; bh=jrS0w46+bVbBHrnRA1CljlU8KkAA53qg+4mxif1JrW0=; b=IqCY+Y2q0tQegOZeLmguEdatNshmj4qUYwtvohABBEwB2sYtThz0JnQNo8jJ9pkW9/ i4FUGKpdafxArQh3tq8M+WOzZtMUqhB2Y0ehLR2XRYpdghwnJlM17/l4lreQ6vMJBtwC r5I3HIuU9NlKQcb920RUs1fF0vg3ENyPjKqCQ= Received: by 10.42.97.68 with SMTP id m4mr5130667icn.184.1314624627134; Mon, 29 Aug 2011 06:30:27 -0700 (PDT) MIME-Version: 1.0 Received: by 10.42.219.137 with HTTP; Mon, 29 Aug 2011 06:30:06 -0700 (PDT) From: Ricardo Borillo Date: Mon, 29 Aug 2011 15:30:06 +0200 Message-ID: Subject: Two phase signature To: dev@santuario.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org Hi all, Is it possible with Apache Santuario to generate the hash value of a canonicalized SignedInfo, then encrypt this hash with a RSA key in a separate process and set back the result as the SignatureValue to the orginal signature? We are developing a cryptographic applet. Now we generate the full xml signature in the client, but it would be nice to complete the signature process in two phases. In the first one, a server process should init the structure of the xml signature and in the second one, the client applet sign the proper hash with a simple RAW RSA signature. Is this scenario possible? Thanks all in advance :) --- Salut, ==================================== Ricardo Borillo Domenech http://xml-utils.com / http://twitter.com/borillo