Change this:
transforms.addTransform(Transforms.TRANSFORM_C14N_OMIT_COMMENTS); for the exclusive c14n and it should work. Regards, Raul http://r-bg.com On Mon, 7 Feb 2005 15:24:01 +0100 (CET), def abc <[EMAIL PROTECTED]> wrote: > Hi all, > Sorry to bother you, but I still can't get it to > work... > My enveloping signature & my detached signature work, > but not the enveloped one. I've been checking the > CreateSignature example - seems pretty close to my > own... Or is it the verification that's wrong in my > case ? > Thanks for any hint... > Regards, > Axelle. > > Creating the enveloped signature: > XMLSignature signature; > > signature = new XMLSignature(input, > inputURI.toString(), > XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1); > > Transforms transforms = new Transforms(input); > > transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE); > > transforms.addTransform(Transforms.TRANSFORM_C14N_OMIT_COMMENTS); > > signature.addDocument("", transforms); > signature.sign(prvkey); > > Element root = input.getDocumentElement(); > root.appendChild(signature.getElement()); > > XMLUtils.outputDOM(input, output); > > ======== > Verification code: > FileInputStream fis = new > FileInputStream(outputURI.getPath()); > Document doc = db.parse(fis); > fis.close(); > > NodeList dsNodeList = > doc.getElementsByTagName("ds:Signature"); > if (dsNodeList.getLength() == 0) > throw new IOException("No signature in file"); > > Element dsElement = (Element) dsNodeList.item(0); > > XMLSignature signature = new XMLSignature(dsElement, > outputURI.toString()); > return signature.checkSignatureValue(pubkey); > > ============= > XML file : > <policy xsi:schemaLocation="http://xxx /home/xxx"> > <dsi_policy> > ... > </dsi_policy> > <ds:Signature> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> > <ds:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > <ds:Reference URI=""> > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> > <ds:Transform > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > <ds:DigestValue>7uZSWomZ8W6sa3GI+e/XCygny2I=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue> > BaUch43FSfEA4YFrFFp .... > </ds:SignatureValue> > </ds:Signature> > </policy> > > Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails > ! > Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/ >
