[c ++] xml security - Sugnature -

2007-04-04 Thread [EMAIL PROTECTED]
Hi, I'm new to xml security. I'd like to perform the signature of an xml document (file.xml) which is paresd using DOM (xerces lib). This signature have to be done NOT as usal, using sign() method of DSIGSignature class, but I have to perform it in two step: 1) compute the digest vaule 2) compu

DO NOT REPLY [Bug 38668] - Add XMLCipher.encryptData method that takes serialized data as parameter

2007-04-04 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

Re: XML Security Users List?

2007-04-04 Thread Sean Mullan
This list is for both developers and users of the Apache XML Security software, so if your question is about that, it is appropriate. If it is just a general XML Security question, then it may still be useful so feel free to go ahead and post it and someone may respond. --Sean Kelly Graus wrote:

DO NOT REPLY [Bug 41801] - 1.4.1 Release Bugs

2007-04-04 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

DO NOT REPLY [Bug 41892] - XML Security 1.4.0 does not build with IBM's JDK

2007-04-04 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

What is XMLUtils::addReturnToElement for?

2007-04-04 Thread Michael McIntosh
I know what XMLUtils::addReturnToElement does, by why do it? I acknowledge that adding the occasional line to an XML document makes it more readable in certain circumstances, but I'd really like to be able to turn it off. Actually I'd like to leave it alone, but a system I need to interoperate w

RE: What is XMLUtils::addReturnToElement for?

2007-04-04 Thread Jesse Pelton
By my reading of the Apache License, Version 2.0 (which is the XML Security license), you are under no obligation to distribute source code. Of course, if you plan to distribute the code for your project, that pretty much has to include your modifications to XML Security code. If that's the situa

Re: What is XMLUtils::addReturnToElement for?

2007-04-04 Thread Raul Benito
Hi Mike, With your notation I think you are referring to C++ version. Don't you? On 4/4/07, Michael McIntosh <[EMAIL PROTECTED]> wrote: I know what XMLUtils::addReturnToElement does, by why do it? I acknowledge that adding the occasional line to an XML document makes it more readable in certain

Re: What is XMLUtils::addReturnToElement for?

2007-04-04 Thread Michael McIntosh
I was refering to the Java version - but my notation has betrayed my C++ roots ;-) [EMAIL PROTECTED] wrote on 04/04/2007 03:31:49 PM: > Hi Mike, > With your notation I think you are referring to C++ version. Don't you? > On 4/4/07, Michael McIntosh < [EMAIL PROTECTED]> wrote: > I know what XMLU

Re: What is XMLUtils::addReturnToElement for?

2007-04-04 Thread Raul Benito
I think, you can change the code as much as you want. But there is some feature to make this return optionals. The only place where the standard force it are in the Base64 representation of the digest and signature value, that must be split at 80 chars (apache xmlsec does not have any problem with

Standard for embedding KeyInfo

2007-04-04 Thread Kelly Graus
I'm working on signing an XML document using a X509 certificate. As part of the signing process, I am appending DSIGKeyInfoX509 information in the signature (by calling appendX509Data on the DSIGSignature object). Once that is there, I am manually adding the name of the certificate, and then

Re: What is XMLUtils::addReturnToElement for?

2007-04-04 Thread Michael McIntosh
Perhaps I was not clear. I know I can change the code. But due to constraints imposed by other organizations I cannot easily redistribute the changed code or binaries produced from it. I'd prefer that this code be changed in the Apache source. In the Java source there is currently no way to mak

RE: Standard for embedding KeyInfo

2007-04-04 Thread Scott Cantor
> I'm working on signing an XML document using a X509 certificate. As > part of the signing process, I am appending DSIGKeyInfoX509 information > in the signature (by calling appendX509Data on the DSIGSignature > object). Once that is there, I am manually adding the name of the > certificate, and

Re: Standard for embedding KeyInfo

2007-04-04 Thread Arshad Noor
Agree with many of the comments made by Scott. In the architecture of StrongKey (www.strongkey.org), a symmetric key-management software, we've created the concept of a Global Key ID (GKID) to identify every symmetric key used to encrypt something. We chose to use the XML Encryption schema for e