[EMAIL PROTECTED] wrote on 01/08/2008 02:30:00 PM: > Francisco Sepulveda wrote: > > Hello, I'm having problems with respect to what i understand about the > > concept of an "enveloped signature" > > > > The W3C define the signature as /"The signature is over the XML content
> > that contains the signature as an element. The content provides the root > > XML document element. Obviously, enveloped signatures must take care not > > to include their own value in the calculation of the |SignatureValue|"/ > > > > I have seen that the following xml document has a broad acceptation as a > > typical use of digital signature .... the classic enveloped signature of > > the whole document > > > > <document> > > <element> > > </element> > > <signature> > > <SignedInfo> > > ... > > <Reference URI=""> > > <Transforms> > > <Transform > > Algorithm=http://www.w3.org/2000/09/xmldsig#enveloped-signature/> > > </Transforms> > > <DigestMethod .../> > > <DigestValue> .... </DigestValue> > > </Reference> > > </SignedInfo> > > ... > > </signature> > > </document> > > > > In the above example, there is clear for me that the signature is child > > of the xml content being signed. > > > > But i read in a book from McGrawHill an it shows this example of a > > signature that is enveloped, enveloping and detached... > > > > * * > > > > *<Contract1>* > > > > * <ImportantContent Id="ImportantElement">* > > > > * This is important content!* > > > > * </ImportantContent>* > > > > * * > > > > * <Signature Id="ThreeTypes">* > > > > * <SignedInfo>* > > > > * <Reference > > URI=**"http://www.remote-server.com/file.doc";>* > > > > * . . .* > > > > * </Reference>* > > > > * <Reference URI=**"#contract2">* > > > > * . . .* > > > > * </Reference>* > > > > * <Reference URI=**"#ImportantElement">* > > > > * . . .* > > > > * </Reference>* > > > > * </SignedInfo>* > > > > * <SignatureValue> . . . </SignatureValue>* > > > > * <Object Id="contract2">* > > > > * <Contract2> This is also very important > > content! </Contract2>* > > > > * </Object>* > > > > * </Signature>* > > > > *</Contract1>* > > > > * * > > > > *FOR ME, the detached and enveloping signature are REALLY clear, but i > > have doubt about the enveloped signature .... the book said* > > > > * * > > > > *"The Signature Element is enveloped by the <Contract1> element. This > > particular association gives the XML Signature the enveloped property"* > > > > * * > > > > * * > > > > > > So, that is my point, maybe i'm wrong but for me the <Reference > > URI=*"#ImportantElement"> is a detached signature or not???* > > Based on the example above, you're right and the book is wrong. If in > the example above, the ImportantElement ID was an attribute of the > Content element then it would be enveloped. It might be nice to send the > author a comment about that. I think there is a misunderstanding. This statement "The Signature Element is enveloped by the <Contract1> element. This particular association gives the XML Signature the enveloped property" is correct. The Contract1 element envelopes the Signature element. The <Reference URI=*"#ImportantElement"> is a detached Signature.. What we do not know, without more information, is whether the <Reference URI="http://www.remote-server.com/file.doc";> points to the document that contains the Contract1 element. If it does, that is an Enveloped Signature. > > > > > My final question is, if a really want to sign the <ImportantContent> > > element using an enveloped signature. Do i really need to put the > > signature as child of the <ImportantContent> element or not?? does the > > location of the signature have a significant impact? > > Yes, otherwise it is not an enveloped signature. > > > or when the > > signature is enveloped it is allways located as the "last child" of the > > document element inside an XML document.. > > It doesn't have to be the last child, it could be the first, the second, > or any descendant element. > > --Sean
