First what may be a stupid question but it's one that is nagging me!. If I sign an XML document, using say the example "Simple HMAC Signing" code, I notice that the "hash" of the signing password is included in the message, what is stopping anyone from using that hash to re-sign a modifed document?
Secondly, I have working the signing and verifying using a modifed "Simple HMAC Signing", however what I would like to do is to have is signed using a "private" key and verified using a public key that is passed with the document, I'm not sure where to start on this so some pointers would be much appreciated. Andy
