At the moment the signature verification functions in both libraries do not support a signature-decrypt style approach. If you first decrypt the data and then separately check a signature you should be fine (assuming you first signed and then encrypted the data originally). You want to be careful here - it's not a good idea to have both a ciphertext version and a signature of a piece of plain text in a document, so you might want to encrypt the signature as well.
There is actually a decrypt-transform specified by W3C for this kind of thing (where the verify operation should first decrypt the nominated encrypted portions), but this is not yet implemented in either C++ or Java libraries.
Cheers,
BerinHye-Jung Kim wrote:
Hello,
I am trying to decrypt and verify data( signed & encrypted ) using the XML security suite and the signature.checkSignatureValue(cert) returns false which means the signature varification has failed. I am not sure why it failed since verification for signed only data and decrypt for encrypted only data work fine. Can I simply decrypt the signed & encrypted data first then pass it to my verifier to create XMLSignature to call checkSignatureValue ? Please advise!
Thanks in advance.
Hyejung
