Hi Deepak,
I guess you came across some of the very common problems of XML signature
verification. Do you use a ready-made toolkit ( like Bouncy Castle ) ? I guess
you have to dig into the details of reference resolving ...
But I would propose another approach for your scenario :
I'm member of
Hi Marcos,
especially for widget signing we started the adventure of adding EC support to
our signing server and got a little bit suprised by the poor support by the
crypto libs.
Nevertheless I guess we can track down one of our EC-problems to the
ecdsa.cert.pem certificate. Despite using an
Andreas Kuehne
- original Nachricht
Betreff: Re: ENISA Smartphone security study
Gesendet: Do, 20. Mai 2010
Von: Arthur Barstowart.bars...@nokia.com
Giles,
On 5/20/10 5:43 AM, ext Giles Hogben wrote:
Apologies - I should have explained a little more what we are looking for
from
Hi all,
just a minor comment found by build a test case :
Section7.1. Common Constraints for Signature Generation and Validation
1. [...]
2. [...]
3. For each ds:Reference element:
1. The URI attribute MUST be a zip relative path
Hi all,
from the implementors perspective these modifications don't introduce too much
trouble. But I'm a little bit concerned about the explicit ban of
canonicalizations for 'external' documents like config.xml. In real life it
happens very fast that an XML file is still valid but modified in
Hi Frederik, hi Thomas !
I don't want to critisize the decisions taken by your group. To keep
implementations and testing easy is a good reason !
But from my outside view it's a bit suprising : Seeing that XMLDSig is used
let's me expect a complex solution. So it would be good to read at the
Hi Marcos,
thanks for your friendly mail !
I'll upload the latest client version to sourceforge and post a link to the
list. The server version will take some time, we are a bit stuck due to feature
overload ...
Btw.: I would like to ask about the verification side of the widgets. If there
Hi all,
our goal in the OASIS DSS group is make the living with DSig as easy as
possible !
That's why we made a spec to easily access a crypto server component by
webservice and forget about signature standards, algorithms, validity dates ...
My company build a open sourced server
Hi all,
I would like to let you know that we finished the implementation of the widget
signing spec within our open sourced signing server. As an implementaion of the
OASIS DSS spec we focus on server side signature creation. The server side
processing of signing process offers some advantages