Harakiri wrote:
--- On Wed, 1/28/09, Sean Mullan <sean.mul...@sun.com> wrote:
From: Sean Mullan <sean.mul...@sun.com>
Subject: Re: Invalid Signature problem through Empty elements are converted to
start-end tag pairs
This is a very strange signature. If you just want to sign
the contents of the document (the tbone element) without the
signature, you should just use the enveloped transform:
http://www.w3.org/TR/xmldsig-core/#sec-EnvelopedSignature
I think the code was based on this example:
http://svn.apache.org/repos/asf/xml/security/trunk/src_samples/javax/xml/crypto/dsig/samples/GenEnveloped.java
But that example uses the Enveloped Signature Transform.
You need to also dump out the same pre-digested input when
generating the signature and then compare them.
I have been unable to figure out how to dump the pre-digested input when
signing with the SUN xmldsig jars. Can you hint on how to enable debugging in
my last sample code for signing?
When you say SUN xmldsig jars, I'm still not sure what version of the software
you are using. Can you give me more details as to what you are using?
--Sean
