Francisco Sepulveda wrote:
Hello, I'm having problems with respect to what i understand about the
concept of an "enveloped signature"
The W3C define the signature as /"The signature is over the XML content
that contains the signature as an element. The content provides the root
XML document element. Obviously, enveloped signatures must take care not
to include their own value in the calculation of the |SignatureValue|"/
I have seen that the following xml document has a broad acceptation as a
typical use of digital signature .... the classic enveloped signature of
the whole document
<document>
<element>
</element>
<signature>
<SignedInfo>
...
<Reference URI="">
<Transforms>
<Transform
Algorithm=http://www.w3.org/2000/09/xmldsig#enveloped-signature/>
</Transforms>
<DigestMethod .../>
<DigestValue> .... </DigestValue>
</Reference>
</SignedInfo>
...
</signature>
</document>
In the above example, there is clear for me that the signature is child
of the xml content being signed.
But i read in a book from McGrawHill an it shows this example of a
signature that is enveloped, enveloping and detached...
* *
*<Contract1>*
* <ImportantContent Id="ImportantElement">*
* This is important content!*
* </ImportantContent>*
* *
* <Signature Id="ThreeTypes">*
* <SignedInfo>*
* <Reference
URI=**"http://www.remote-server.com/file.doc";>*
* . . .*
* </Reference>*
* <Reference URI=**"#contract2">*
* . . .*
* </Reference>*
* <Reference URI=**"#ImportantElement">*
* . . .*
* </Reference>*
* </SignedInfo>*
* <SignatureValue> . . . </SignatureValue>*
* <Object Id="contract2">*
* <Contract2> This is also very important
content! </Contract2>*
* </Object>*
* </Signature>*
*</Contract1>*
* *
*FOR ME, the detached and enveloping signature are REALLY clear, but i
have doubt about the enveloped signature .... the book said*
* *
*"The Signature Element is enveloped by the <Contract1> element. This
particular association gives the XML Signature the enveloped property"*
* *
* *
So, that is my point, maybe i'm wrong but for me the <Reference
URI=*"#ImportantElement"> is a detached signature or not???*
Based on the example above, you're right and the book is wrong. If in
the example above, the ImportantElement ID was an attribute of the
Content element then it would be enveloped. It might be nice to send the
author a comment about that.
My final question is, if a really want to sign the <ImportantContent>
element using an enveloped signature. Do i really need to put the
signature as child of the <ImportantContent> element or not?? does the
location of the signature have a significant impact?
Yes, otherwise it is not an enveloped signature.
or when the
signature is enveloped it is allways located as the "last child" of the
document element inside an XML document..
It doesn't have to be the last child, it could be the first, the second,
or any descendant element.
--Sean
