On Tue, 2010-12-28, Adam Tauno Williams wrote: > On Tue, 2010-12-28 at 03:25 +0530, Anurag Chourasia wrote: >> Hi All, > >> I have a requirement to digitally sign a XML Document using SHA1+RSA >> or SHA1+DSA >> Could someone give me a lead on a library that I can use to fulfill >> this requirement? > > <http://stuvel.eu/rsa> Never used it though. > >> The XML Document has values such as >> <RSASK>-----BEGIN RSA PRIVATE KEY----- >> MIIBOgIBAAJBANWzHfF5Bppe4JKlfZDqFUpNLrwNQqguw76g/jmeO6f4i31rDLVQ >> n7sYilu65C8vN+qnEGnPB824t/A3yfMu1G0CAQMCQQCOd2lLpgRm6esMblO18WOG ...
> Is this any kind of standard or just something someone made up? Is > there a namespace for the document? > > It seems quite odd that the document contains a *private* key. > > If all you need to do is parse to document to retrieve the values that > seems straight-forward enough. > >> And the XML also has another node that has a Public Key with Modules >> and Exponents etc that I apparently need to utilize. >> <RSAPK> >> <M>1bMd8XkGml7gkqV9kOoVSk0uvA1CqC7DvqD >> +OZ47p/iLfWsMtVCfuxiKW7rkLy836qcQac8Hzbi38DfJ8y7UbQ==</M> >> <E>Aw==</E> >> </RSAPK> > >> I am a little thin on this concept and expecting if you could guide me >> to a library/documentation that I could utilize. [The original posting by Anurag Chourasia did not reach my news server.] I'd simply invoke GnuPG. A simple example: % gpg --sign --armor foo You need a passphrase to unlock the secret key for user: ... % head foo.asc -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.9 (GNU/Linux) owGs+TuuLdGWRQu9B1hTwsAHaRUhPjN+DjVAWBRgxs+nGAgHA58aUA88RHVw6K3N 2PfefJn5Mg2ko6N99lkrYn7G6KN//m//6//l//C/+N/8X/5P/6//+//u//r/+P/+ ... The result isn't XML, but it *is* a standardized file format readable by anyone. That's worth a lot. You can also create a detached signature and ship it together with the original file, or skip the '--armor' and get a binary signed file. If you really *do* have a requirement to make the result XML-like and incompatible with anything else, I'm afraid you're on your own, and will have a lot of extra work testing and making sure it's all secure. /Jorgen -- // Jorgen Grahn <grahn@ Oo o. . . \X/ snipabacken.se> O o . -- http://mail.python.org/mailman/listinfo/python-list