Hi: I'm still having problems. After building the Signature element (everything but the SignatureValue element) I execute:
[Server side] XMLSignature sig = .... -> It uses http://www.w3.org/2000/09/xmldsig#rsa-sha1 as signature method sig.getSignedInfo().generateDigestValues(); byte[] data2Sign = sig.getSignedInfo().getCanonicalizedOctetStream(); then, the Server sends 'data2Sign' to the Client (encoded) and the client executes [Client side] PrivateKey pKey = .... Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(privateKey); signature.update(data2Sign); --> data2Sign is the decoded data received from the Server byte[] dataSigned = signature.sign(); then, the Client sends back to the Server 'dataSigned' (encoded) and the server adds it to the SignatureValue element (decoded). But the signature build this way is not valid :-( If I execute XMLSignature.sign() directly, the signature I get is different. What I'm doing wrong? As you can see, the server sends directly the C14N data, not the digested one. I have also tried digesting it before with the same result. In fact, I am doing the same that XMLSignature.sign()'s method, so I can't see where the problem is. Does anybody have an idea? Thanks a lot Isi 2008/7/29 Lopez Cantero, Sergio <[EMAIL PROTECTED]> > As far as I know, yes, you have to digest them "by hand" > > > > I hope to have helped you. > > > > Sergio > > > > ** > > *De:* Legido Martínez, Isidoro [mailto:[EMAIL PROTECTED] > *Enviado el:* martes, 29 de julio de 2008 8:41 > *Para:* security-dev@xml.apache.org > *Asunto:* Re: Remote private key > > > > Thanks > > So, how can I get the digested value? Do I have to digest them "by hand"? > > Thanks > > Isi > > 2008/7/29 Lopez Cantero, Sergio <[EMAIL PROTECTED]> > > Hi Isidoro, > > getCanonicalizedOctetStream returns the bytes you have to digest, not the > digested data, so that's the difference. > > Concerning the way to put back the signature, you can get the signature > element and search through the DOM for the SignatureValue Element to fill > its contents. > > I'm doing something like that ;) > > > > Sergio > > > > *De:* Legido Martínez, Isidoro [mailto:[EMAIL PROTECTED] > *Enviado el:* lunes, 28 de julio de 2008 21:45 > *Para:* security-dev@xml.apache.org > *Asunto:* Remote private key > > > > Hi everybody: > > Firs, I will try to explain my current situation (sorry in advanced for my > poor English :-( ). My signing system is splitted in two pieces: a > lightweith client that owns the private key and ONLY can sign (no digest) > and the server side that does everything else EXCEPT signing (digest, add > Manifest elements or aditional References). > My initial idea was: the server side builds the SignedInfo elements, get > its digest and send it to the client. The client signs and send the result > to the server, which adds this to the SignedInfo. Is that possible withe the > current implementation? > I expected that > > SignedInfo si.generateDigestValues(); > String digest = Base64.encode(si.getCanonicalizedOctetStream()); > > 'digest' would contain the digest value in Base64, but what I get is > something different. How can I get the digest? After signing, is there any > way for adding it to SignInfo. > > Thanks a lot > > Isi > > > > > -- > ,-""""""-. > /\j__/\ ( \`--. > [EMAIL PROTECTED]@'/ _) >--.`. > _{.:Y:_}_{{_,' ) ) > {_}`-^{_} ``` (_/ > -- ,-""""""-. /\j__/\ ( \`--. [EMAIL PROTECTED]@'/ _) >--.`. _{.:Y:_}_{{_,' ) ) {_}`-^{_} ``` (_/
