Werner,
I thought the problems were around CDATA and handling thereof when
decrypting and moving the decrypted byes back to DOM.
I *think* (although I may well have forgotten something vital :>) that the
canonicalisation that happens during signature verification should bypass
all of this. (CDATA gets "transformed" to straight text in any case at
this point.)
Cheers,
Berin
> Heyjung
>
> as I understand it you first sign, then encrypt your XML document
> (decrypt/verify to check it).
>
> Depending on the xmlsec-jar you use there may be problems in the
> encryption mehtods.
>
> The problem in some case (note: XML encryption is in beta) is that the
> encryption _may_ change contents of your XML data you just
> signed. This breaks the signature. This happens e.g. if you use
> Content mode as opposed to Element mode, also if your XML
> contains CDATA or comments it may break.
>
> Please refer to some mails about this in the mail archive (December and
> January). There was a fix for one particular problem but not as a
> overall solution.
>
> Regards,
> Werner
>
> -----Urspr�ngliche Nachricht-----
> Von: Hye-Jung Kim [mailto:[EMAIL PROTECTED]
> Gesendet: Montag, 2. Februar 2004 00:51
> An: [EMAIL PROTECTED]
> Betreff: Verification after decrypt
>
>
> Hello,
> I am trying to decrypt and verify data( signed & encrypted ) using the
> XML security suite and the signature.checkSignatureValue(cert) returns
> false which means the signature varification has failed. I am not sure
> why it failed since verification for signed only data and decrypt for
> encrypted only data work fine. Can I simply decrypt the signed &
> encrypted data first then pass it to my verifier to create XMLSignature
> to call checkSignatureValue ? Please advise! Thanks in advance.
>
> Hyejung
>
>
>
>
>
>
>
>
