Joseph,
Why do you want to SIGN a document with a PUBLIC key? I have never heard of
anything like that. There is no authenticy involved when signing with a public
key, but I guess you know that.
I am not sure if it is possible to convert a public key into a private key and
since I'm at work right now, I do not have the time to figure that out. I'll
take a look at that this evening.
Cheers,
Ulrich
-----Ursprüngliche Nachricht-----
Von: security-dev@xml.apache.org
Gesendet: 12.06.07 07:54:19
An: <security-dev@xml.apache.org>
Betreff: RE: Encrypt with public key
Hi Ulrich!
Thanks for your time to answer my query. My problem is not so much with
using the APIs. In fact I have successfully sent encrypted and signed
messages between two communicators. However, my problem lies here. The code
hereunder shows how I am signing the XML document, and it uses a PrivateKey
to do the signature. That is ok, and I want it that way. My problem is that
I ALSO want to sign the document with the PUBLIC key of the other person.
However, when I try to change localPrivateKey to a Public Key, I get an
exception that it needs a PrivateKey. Is it possible to work it out that
way?
public org.dom4j.Document sign (Document xmlDoc, PrivateKey localPrivateKey)
throws CustomException
{
org.dom4j.Document dc = null;
try {
String providerName =
System.getProperty(
"jsr105Provider",
"org.jcp.xml.dsig.internal.dom.XMLDSigRI"
);
XMLSignatureFactory fac =
XMLSignatureFactory.getInstance(
"DOM",
(Provider)
Class.forName(providerName).newInstance()
);
//fac.newSignatureMethod(SignatureMethod.DSA_SHA1,
null);
Reference ref = fac.newReference(
"#root",
fac.newDigestMethod(DigestMethod.SHA1, null)
);
Node rootNote =
xmlDoc.getDocumentElement();
XMLStructure content = new
DOMStructure(rootNote);
XMLObject obj = fac.newXMLObject(
Collections.singletonList(content),
"root",
null,
null
);
SignedInfo si = fac.newSignedInfo(
fac.newCanonicalizationMethod(
CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
(C14NMethodParameterSpec) null
),
fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
Collections.singletonList(ref)
);
XMLSignature xmlSig = fac.newXMLSignature(
si,
null,
Collections.singletonList(obj),
null,
null
); // Check Key Info
Document doc =
DocumentBuilderFactory.newInstance()
.newDocumentBuilder()
.newDocument();
DOMSignContext dsc = new
DOMSignContext(localPrivateKey, doc);
//Sign XML
xmlSig.sign(dsc);
dc = new org.dom4j.io.DOMReader().read(doc);
} // end try
catch (NoSuchAlgorithmException ex) {
throw new CustomException (ex.getMessage(), ex);
} // end catch
catch (ClassNotFoundException ex) {
throw new CustomException (ex.getMessage(), ex);
} // end catch
catch (InstantiationException ex) {
throw new CustomException (ex.getMessage(), ex);
} // end catch
catch (IllegalAccessException ex) {
throw new CustomException (ex.getMessage(), ex);
} // end catch
catch (InvalidAlgorithmParameterException ex) {
throw new CustomException (ex.getMessage(), ex);
} // end catch
catch (MarshalException ex) {
throw new CustomException (ex.getMessage(), ex);
} // end catch
catch (XMLSignatureException ex) {
throw new CustomException (ex.getMessage(), ex);
} // end catch
catch (ParserConfigurationException pce) {
pce.printStackTrace();
} // end catch
return dc;
} // end sign()
Kind regards
-----Original Message-----
From: Ulrich Ackermann
Sent: 06 June 2007 23:57
To: security-dev@xml.apache.org
Subject: RE: Encrypt with public key
Hi Joseph,
There are a lot of sample classes shipped with the Apache XML Security
framework.
How to perform encryption and decryption is shown the classes Decrypter and
Encrypter in the package org.apache.xml.security.samples.encryption.
How to perform signature and verification is shown the classes
CreateEnvelopingSignature CreateSignature and VerifySignature in the package
org.apache.xml.security.samples.signature.
We have used both BouncyCastle and IAIK as JCE providers and both worked
fine for us.
HTH,
Ulrich
-----Ursprüngliche Nachricht-----
Von: security-dev@xml.apache.org
Gesendet: 06.06.07 08:41:36
An: <security-dev@xml.apache.org>
Betreff: RE: Encrypt with public key
Dear Ulrich
Thanks for your response and the advice. I am using Bouncy Castle as my
security provider. Is there some code that I can use as an example for what
I need? The public key is stored in a public key object in a database, so
there is no difficutly retrieving it.
Thanks and Regards
Joseph
-----Original Message-----
From: Ulrich Ackermann
Sent: 05 June 2007 22:50
To: security-dev@xml.apache.org
Subject: Re: Encrypt with public key
Hi Joseph,
Sure is this possible. That's what Apache XML Security is all about, isn't
it? :)
But I would first sign the message and encrypt it afterwards. That gives a
hacker less information because all signature related information is in the
encrypted part of the receipt.
Cheers,
Ulrich
-----Ursprüngliche Nachricht-----
Von: security-dev@xml.apache.org
Gesendet: 05.06.07 07:59:24
An: <security-dev@xml.apache.org>
Betreff: Encrypt with public key
Hi
I am writing an XML exchange program in which I would like a
mechanism if acknowledgements using encrypted XML receipts.
The receipt is an XML file simply stating that a message has
been received. It is sent by the receiver to the sender. I would like to
encrypt the message with the public key of the sender, and then signing the
message with the private key of the receiver.
Is it possible to encrypt the message using the public key
with the Apache Encryption library?
Thanks for your help in advance.
Kind regards
Joseph
_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192
_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192
_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192
