blautenb 2003/11/20 02:16:22
Modified: targets/security/Java faq.html faq.pdf
targets/security/c faq.html faq.pdf
Log:
New FAQ for signature/element node insertion ordering
Revision Changes Path
1.2 +50 -14 xml-site/targets/security/Java/faq.html
Index: faq.html
===================================================================
RCS file: /home/cvs/xml-site/targets/security/Java/faq.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- faq.html 5 Oct 2003 07:38:00 -0000 1.1
+++ faq.html 20 Nov 2003 10:16:22 -0000 1.2
@@ -185,8 +185,8 @@
<!--================= end middle NavBar ==================-->
<!--================= start Content==================-->
<tr>
-<td align="left" width="10"><img width="10" height="1" alt=""
src="../skin/images/spacer.gif" class="spacer"></td><td align="left"
width="100%">
-<div xmlns:xhtml="http://www.w3.org/1999/xhtml"; class="content">
+<td align="left" width="10"><img width="10" height="1" alt=""
src="../skin/images/spacer.gif" class="spacer"></td><td colspan="2"
align="left" width="100%">
+<div class="content">
<table class="title" summary="">
<tr>
<td valign="middle">
@@ -253,18 +253,23 @@
I get a NullPointerException, and I don't know what's wrong.
</a>
</li>
+<li>
+<a name="elementorder-menu"></a><a href="#elementorder">
+ I sign a document and when I try to verify using the same key,
it fails
+ </a>
+</li>
</ul>
<br>
</li>
</ol>
</div>
-<a name="N10046"></a><a name="Answers"></a>
+<a name="N1004B"></a><a name="Answers"></a>
<h3>Answers</h3>
<div style="margin-left: 0 ; border: 2px">
-<a name="N1004A"></a><a name="general_j"></a>
+<a name="N1004F"></a><a name="general_j"></a>
<h4>1. Questions about Java</h4>
<div style="margin-left: 0 ; border: 2px">
-<a name="N1004E"></a><a name="security_j"></a>
+<a name="N10053"></a><a name="security_j"></a>
<h5>1.1.
I have a Java-(security/cryptography) problem. Can you help me?
<span style="float: right"><a href="#security_j-menu">^</a></span>
@@ -276,7 +281,7 @@
a keypair", etc.
</p>
</div>
-<a name="N1005A"></a><a name="xml_j"></a>
+<a name="N1005F"></a><a name="xml_j"></a>
<h5>1.2.
I have a Java-XML problem.
<span style="float: right"><a href="#xml_j-menu">^</a></span>
@@ -288,10 +293,10 @@
</p>
</div>
</div>
-<a name="N1006A"></a><a name="specific_"></a>
+<a name="N1006F"></a><a name="specific_"></a>
<h4>2. Questions about this package</h4>
<div style="margin-left: 0 ; border: 2px">
-<a name="N1006E"></a><a name="crimson"></a>
+<a name="N10073"></a><a name="crimson"></a>
<h5>2.1.
I'm using Crimson, but it throws Exceptions. Why?
<span style="float: right"><a href="#crimson-menu">^</a></span>
@@ -311,7 +316,7 @@
instead of Crimson.
</p>
</div>
-<a name="N10083"></a><a name="bouncy"></a>
+<a name="N10088"></a><a name="bouncy"></a>
<h5>2.2.
What's up with the Bouncy Castle CSP? / Where is my CSP?
<span style="float: right"><a href="#bouncy-menu">^</a></span>
@@ -354,7 +359,7 @@
More information can be found in the <a
href="../Java/installation.html">Installation</a> section.
</p>
</div>
-<a name="N100BD"></a><a name="logging"></a>
+<a name="N100C2"></a><a name="logging"></a>
<h5>2.3.
How do I enable/turn off logging?
<span style="float: right"><a href="#logging-menu">^</a></span>
@@ -380,7 +385,7 @@
</p>
</div>
-<a name="N100E0"></a><a name="baseURI"></a>
+<a name="N100E5"></a><a name="baseURI"></a>
<h5>2.4.
What is the meaning of BaseURI?
<span style="float: right"><a href="#baseURI-menu">^</a></span>
@@ -424,7 +429,7 @@
say <span
class="codefrag">URI="http://www.acme.com/index.html";</span>.
</p>
</div>
-<a name="N1011E"></a><a name="examples"></a>
+<a name="N10123"></a><a name="examples"></a>
<h5>2.5.
How do I use the package to generate and verify a signature?
<span style="float: right"><a href="#examples-menu">^</a></span>
@@ -444,7 +449,7 @@
</div>
</div>
</div>
-<a name="N10135"></a><a name="jdk140"></a>
+<a name="N1013A"></a><a name="jdk140"></a>
<h5>2.6.
I'm using SUN JDK v1.4.0 or v1.4.1 and it get some exceptions. Any
clues?
<span style="float: right"><a href="#jdk140-menu">^</a></span>
@@ -475,7 +480,7 @@
Unofficial JAXP FAQ </a>.
</p>
</div>
-<a name="N10152"></a><a name="nullptrexception"></a>
+<a name="N10157"></a><a name="nullptrexception"></a>
<h5>2.7.
I get a NullPointerException, and I don't know what's wrong.
<span style="float: right"><a
href="#nullptrexception-menu">^</a></span>
@@ -496,6 +501,37 @@
using DOM1 calls which are not namespace aware, they do not care about
any problem you have because of incorrect hehaviour of Xalan.
</p>
+</div>
+<a name="N10168"></a><a name="elementorder"></a>
+<h5>2.8.
+ I sign a document and when I try to verify using the same key,
it fails
+ <span style="float: right"><a href="#elementorder-menu">^</a></span>
+</h5>
+<div style="margin-left: 15 ; border: 2px">
+<p>
+ After you have created the XMLSignature object, before you
sign the
+ document, you <em>must</em> embed the signature element in
the owning
+ document (using a call to <span
class="codefrag">XMLSignature.getElement()</span> to
+ retrieve the newly created Element node from the signature)
before
+ calling the <span class="codefrag">XMLSignature.sign()</span>
method,
+ </p>
+<p>
+ During canonicalisation of the SignedInfo element, the
library looks
+ at the parent and ancestor nodes of the Signature element to
find
+ any namespaces that the SignedInfo node has inherited. Any
that are
+ found are embedded in the canonical form of the SignedInfo.
(This
+ is not true when Exclusive Canonicalisation is used, but it
is still
+ good practice to insert the element node prior to the sign()
+ method being called).
+ </p>
+<p>
+ If you have not embedded the signature node in the document,
it will
+ not have any parent or ancestor nodes, so it will not inherit
their
+ namespaces. If you then embed it in the document and call
<span class="codefrag">
+ verify()</span>, the namespaces will be found and the
canonical
+ form of SignedInfo will be different to that generated during
+ <span class="codefrag">sign()</span>.
+ </p>
</div>
</div>
</div>
1.2 +233 -205 xml-site/targets/security/Java/faq.pdf
<<Binary file>>
1.2 +45 -9 xml-site/targets/security/c/faq.html
Index: faq.html
===================================================================
RCS file: /home/cvs/xml-site/targets/security/c/faq.html,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- faq.html 5 Oct 2003 07:38:00 -0000 1.1
+++ faq.html 20 Nov 2003 10:16:22 -0000 1.2
@@ -192,8 +192,8 @@
<!--================= end middle NavBar ==================-->
<!--================= start Content==================-->
<tr>
-<td align="left" width="10"><img width="10" height="1" alt=""
src="../skin/images/spacer.gif" class="spacer"></td><td align="left"
width="100%">
-<div xmlns:xhtml="http://www.w3.org/1999/xhtml"; class="content">
+<td align="left" width="10"><img width="10" height="1" alt=""
src="../skin/images/spacer.gif" class="spacer"></td><td colspan="2"
align="left" width="100%">
+<div class="content">
<table class="title" summary="">
<tr>
<td valign="middle">
@@ -234,18 +234,23 @@
Are versions of Xalan prior to 1.6 supported?
</a>
</li>
+<li>
+<a name="elementorder-menu"></a><a href="#elementorder">
+ I sign a document and when I try to verify using the same key,
it fails
+ </a>
+</li>
</ul>
<br>
</li>
</ol>
</div>
-<a name="N1002A"></a><a name="Answers"></a>
+<a name="N1002F"></a><a name="Answers"></a>
<h3>Answers</h3>
<div style="margin-left: 0 ; border: 2px">
-<a name="N1002E"></a><a name="general_c"></a>
+<a name="N10033"></a><a name="general_c"></a>
<h4>1. Compiling and Using the Library</h4>
<div style="margin-left: 0 ; border: 2px">
-<a name="N10032"></a><a name="openssl_c"></a>
+<a name="N10037"></a><a name="openssl_c"></a>
<h5>1.1.
Is OpenSSL required?
<span style="float: right"><a href="#openssl_c-menu">^</a></span>
@@ -263,7 +268,7 @@
call).
</p>
</div>
-<a name="N10040"></a><a name="openssl2_c"></a>
+<a name="N10045"></a><a name="openssl2_c"></a>
<h5>1.2.
Does the library provide a full C++ wrapper for OpenSSL?
<span style="float: right"><a href="#openssl2_c-menu">^</a></span>
@@ -278,7 +283,7 @@
objects and passed into the library.
</p>
</div>
-<a name="N10048"></a><a name="wincapi_c"></a>
+<a name="N1004D"></a><a name="wincapi_c"></a>
<h5>1.3.
What is WinCAPI?
<span style="float: right"><a href="#wincapi_c-menu">^</a></span>
@@ -292,7 +297,7 @@
It is <em>not</em> a C API wrapper for the overall library.
</p>
</div>
-<a name="N10056"></a><a name="xalan_c"></a>
+<a name="N1005B"></a><a name="xalan_c"></a>
<h5>1.4.
Is Xalan required?
<span style="float: right"><a href="#xalan_c-menu">^</a></span>
@@ -307,7 +312,7 @@
configure on UNIX, or use the VC++ "without Xalan" settings.
</p>
</div>
-<a name="N10061"></a><a name="oldXalanC"></a>
+<a name="N10066"></a><a name="oldXalanC"></a>
<h5>1.5.
Are versions of Xalan prior to 1.6 supported?
<span style="float: right"><a href="#oldXalanC-menu">^</a></span>
@@ -318,6 +323,37 @@
versions, the location of include files changed in 1.6. A
decision was made in version 1.0.0 of xml-security-c to
update the source to support these new locations.
+ </p>
+</div>
+<a name="N1006E"></a><a name="elementorder"></a>
+<h5>1.6.
+ I sign a document and when I try to verify using the same key,
it fails
+ <span style="float: right"><a href="#elementorder-menu">^</a></span>
+</h5>
+<div style="margin-left: 15 ; border: 2px">
+<p>
+ After you have created the XMLSignature object, before you
sign the
+ document, you <em>must</em> embed the signature element in
the owning
+ document (which is returned by the call to
+ <span
class="codefrag">DSIGSignature::createBlankSignature(...)</span>) before
+ calling the <span
class="codefrag">DSIGSignature::sign()</span> method,
+ </p>
+<p>
+ During canonicalisation of the SignedInfo element, the
library looks
+ at the parent and ancestor nodes of the Signature element to
find
+ any namespaces that the SignedInfo node has inherited. Any
that are
+ found are embedded in the canonical form of the SignedInfo.
(This
+ is not true when Exclusive Canonicalisation is used, but it
is still
+ good practice to insert the element node prior to the sign()
+ method being called).
+ </p>
+<p>
+ If you have not embedded the signature node in the document,
it will
+ not have any parent or ancestor nodes, so it will not inherit
their
+ namespaces. If you then embed it in the document and call
<span class="codefrag">
+ verify()</span>, the namespaces will be found and the
canonical
+ form of SignedInfo will be different to that generated during
+ <span class="codefrag">sign()</span>.
</p>
</div>
</div>
1.2 +152 -116 xml-site/targets/security/c/faq.pdf
<<Binary file>>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
