santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cantor, Scott" <canto...@osu.edu>
Subject Re: Sample code to sign part of XML file
Date Fri, 05 Sep 2014 19:43:01 GMT
On 9/5/14, 3:20 PM, "David Yu" <tsunbonyu@gmail.com> wrote:

>Hi Team,
>
>Does anyone can provide sample code that shows how to digitally sign part
>of XML file?

It really depends how you expect to do it. Signing subsets is a very
complex and very error-prone approach, so a lot depends on the exact
scenario.

As a general matter, there is no difference re: the code at a basic level.
You're adding more References to the SignedInfo object when signing, and
you have to very carefully be able to interrogate them on validation to
guarantee that you're using only what's been signed.

It's possible the newer APIs might have added support for obtaining the
signed octets from each Reference. If so, that's a very key thing to use.

-- Scott


Mime
View raw message