thank you Sean for you time, i was almost getting crazy because all the theory
was collapsing in my mind ahahah because of the example of the book...
I'm using the xmlsec java classes to sign documents ... i have to develop
classes that support different kind of signatures...
my point is ... let's suppose that i get the following XML document as input
<doc>
<element id="123">
</signature>
</element>
</doc>
so if i have to create an enveloped signature for the element "element"
the result should be the following rigth?
<doc>
<element id="123">
<signature>
.....
<reference URI="#123">
</signature>
</element>
</doc>
Using the java API (javax.xml.crypto.dsig) i will have to construct the output
xml document showed above with the signature ??? let say using a
DocumentBuilderFactory instance and the createElement method or there is a
transparent way for the programmer to put the signature element inside the
element "element"?? just using the Reference, SignedInfo and the rest of the
traditional classes...?
Is my question a common application of digital signature ??? or am i completely
lost ???.... i am and undergraduate student working for his bachelor and this
is an investigation thesis so i'm laying the rules for secure standar
communications ..... =(
Thanks Again
Francisco> Date: Tue, 8 Jan 2008 14:30:00 -0500> From: [EMAIL PROTECTED]>
Subject: Re: doubt with enveloped signature concept> To:
security-dev@xml.apache.org> > Francisco Sepulveda wrote:> > Hello, I'm having
problems with respect to what i understand about the > > concept of an
"enveloped signature"> > > > The W3C define the signature as /"The signature is
over the XML content > > that contains the signature as an element. The content
provides the root > > XML document element. Obviously, enveloped signatures
must take care not > > to include their own value in the calculation of the
|SignatureValue|"/> > > > I have seen that the following xml document has a
broad acceptation as a > > typical use of digital signature .... the classic
enveloped signature of > > the whole document> > > > <document>> > <element>> >
</element>> > <signature>> > <SignedInfo>> > ...> > <Reference URI="">> >
<Transforms>> > <Transform > >
Algorithm=http://www.w3.org/2000/09/xmldsig#enveloped-signature/>> >
</Transforms>> > <DigestMethod .../>> > <DigestValue> .... </DigestValue>> >
</Reference>> > </SignedInfo>> > ...> > </signature>> > </document>> > > > In
the above example, there is clear for me that the signature is child > > of the
xml content being signed.> > > > But i read in a book from McGrawHill an it
shows this example of a > > signature that is enveloped, enveloping and
detached...> > > > * *> > > > *<Contract1>*> > > > * <ImportantContent
Id="ImportantElement">*> > > > * This is important content!*> > > > *
</ImportantContent>*> > > > * *> > > > * <Signature Id="ThreeTypes">*> > > > *
<SignedInfo>*> > > > * <Reference > >
URI=**"http://www.remote-server.com/file.doc";>*> > > > * . . .*> > > > *
</Reference>*> > > > * <Reference URI=**"#contract2">*> > > > * . . .*> > > > *
</Reference>*> > > > * <Reference URI=**"#ImportantElement">*> > > > * . . .*>
> > > * </Reference>*> > > > * </SignedInfo>*> > > > * <SignatureValue> . . .
</SignatureValue>*> > > > * <Object Id="contract2">*> > > > * <Contract2> This
is also very important > > content! </Contract2>*> > > > * </Object>*> > > > *
</Signature>*> > > > *</Contract1>*> > > > * *> > > > *FOR ME, the detached and
enveloping signature are REALLY clear, but i > > have doubt about the enveloped
signature .... the book said*> > > > * *> > > > *"The Signature Element is
enveloped by the <Contract1> element. This > > particular association gives the
XML Signature the enveloped property"*> > > > * *> > > > * *> > > > > > So,
that is my point, maybe i'm wrong but for me the <Reference > >
URI=*"#ImportantElement"> is a detached signature or not???*> > Based on the
example above, you're right and the book is wrong. If in > the example above,
the ImportantElement ID was an attribute of the > Content element then it would
be enveloped. It might be nice to send the > author a comment about that.> > >
> > My final question is, if a really want to sign the <ImportantContent> > >
element using an enveloped signature. Do i really need to put the > > signature
as child of the <ImportantContent> element or not?? does the > > location of
the signature have a significant impact? > > Yes, otherwise it is not an
enveloped signature.> > > or when the > > signature is enveloped it is allways
located as the "last child" of the > > document element inside an XML
document..> > It doesn't have to be the last child, it could be the first, the
second, > or any descendant element.> > --Sean
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
