Hi Eric, Thanks for your point. I will definetly review generateDigestValues function.
Sounds very promissing!!! --- Salut, ==================================== Ricardo Borillo Domenech http://xml-utils.com / http://twitter.com/borillo On Tue, Aug 30, 2011 at 19:29, eric fu <[email protected]> wrote: > That is possible with Apache api, not JSR 105. You need to get <SignedInfo> > as string and create a digest of it based on digest algorithm on > SignatureMethod. To fill in blanks(reference digest values) in SignedInfo > first, ask signedInfo to generateDigestValues. The digest/hasg is the piece > of data you want. > > Eric > > On Tue, Aug 30, 2011 at 5:45 AM, Ricardo Borillo <[email protected]> wrote: >> >> Hi Sean, >> >> Thanks for your clarification :) >> Do you think this scenario could be accomplished outside the standard >> interfaces with some inheritance on DOMXMLSignature class? >> >> --- >> Salut, >> ==================================== >> Ricardo Borillo Domenech >> http://xml-utils.com / http://twitter.com/borillo >> >> >> >> On Mon, Aug 29, 2011 at 15:42, Sean Mullan <[email protected]> wrote: >> > The JSR 105 API (java.xml.crypto) allows you to separately generate the >> > hash >> > value for a Reference, but not for a SignedInfo. If this is useful, see >> > >> > http://download.oracle.com/javase/7/docs/api/javax/xml/crypto/dsig/XMLSignatureFactory.html#newReference%28java.lang.String,%20javax.xml.crypto.dsig.DigestMethod,%20java.util.List,%20java.lang.String,%20java.lang.String,%20byte[]%29 >> > >> > --Sean >> > >> > On 8/29/11 9:30 AM, Ricardo Borillo wrote: >> >> Hi all, >> >> >> >> Is it possible with Apache Santuario to generate the hash value of a >> >> canonicalized SignedInfo, then encrypt this hash with a RSA key in a >> >> separate process and set back the result as the SignatureValue to the >> >> orginal signature? >> >> >> >> We are developing a cryptographic applet. Now we generate the full xml >> >> signature in the client, but it would be nice to complete the >> >> signature process in two phases. In the first one, a server process >> >> should init the structure of the xml signature and in the second one, >> >> the client applet sign the proper hash with a simple RAW RSA >> >> signature. >> >> >> >> Is this scenario possible? >> >> >> >> Thanks all in advance :) >> >> >> >> --- >> >> Salut, >> >> ==================================== >> >> Ricardo Borillo Domenech >> >> http://xml-utils.com / http://twitter.com/borillo >> > > >
