DO NOT REPLY [Bug 41858] - Namespace problem when initializing XMLSignature in version 1.4.0

2007-08-01 Thread bugzilla
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bu

Signing just one of the elements in a DOMDocument

2007-08-01 Thread k b
Hi,is there a way that i could just sign just one element from the whole xml.i'm doing this right now, but don't know if i could selectively sign just one of the elements instead of the whole DOMDocument.try{ sig = prov.newSignature();sig->setDSIGNSPrefix(MAKE_UNICODE_ST

RE: Signing just one of the elements in a DOMDocument

2007-08-01 Thread Scott Cantor
> is there a way that i could just sign just one element from the whole xml. Yes, but it's somewhat difficult. You can either use an XPath filter transform to select the node, or refer to the node by an ID attribute. The latter is much simpler for the relying party and much faster, but requires a

RE: Signing just one of the elements in a DOMDocument

2007-08-01 Thread k b
Thanks Scott !so let say this is my sample xml Tove Jani Reminder Lets meet this weekend! Jani Tove RE:Reminder Suresay i want to only sign the body of the second note element. How do you i go about doing thisif i use the XPath way how do i uniquely identify the second note's body. d

RE: Signing just one of the elements in a DOMDocument

2007-08-01 Thread Scott Cantor
> say i want to only sign the body of the second note element. How do you i > go about doing this if i use the XPath way how do i uniquely identify the > second note's body. I don't use XPath, so I'm not the one to ask. The problem you face with it is that the relying party has to examine the XPa

Re: Signing just one of the elements in a DOMDocument

2007-08-01 Thread jason marshall
On 8/1/07, Scott Cantor <[EMAIL PROTECTED]> wrote: > > This is the second most common omission in signature verification, checking > what was signed. (The most common is relying on KeyInfo as trusted > information.) > I suspect I have asked this question before, but what exactly is the problem wit

RE: Signing just one of the elements in a DOMDocument

2007-08-01 Thread Scott Cantor
> If I'm verifying the KeyInfo Certificate versus the signature: > > KeyInfo ki = signature.getKeyInfo(); > X509Certificate cert = ki.getX509Certificate(); > > boolean good = signature.checkSignatureValue(cert); > > and verifying that the key is good and is from someone I