Hi Scott, It's great to know that this will be useful for many.
Meanwhile I tried to work with Apache Santuario going through the samples. Following is what I could generate by now. "<!-- Comment before --> <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1"; xmlns:foo="http://example.org/#foo"; attr1="test1" attr2="test2" foo:attr1="foo's test">Some simple text <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm=" http://www.w3.org/TR/2001/REC-xml-c14n-20010315 "></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1 "></ds:SignatureMethod> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm=" http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform> <ds:Transform Algorithm=" http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments "></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 "></ds:DigestMethod> <ds:DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</ds:DigestValue> </ds:Reference> <ds:Reference URI="http://www.w3.org/TR/xml-stylesheet";> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 "></ds:DigestMethod> <ds:DigestValue>iFzAxy5gZ3Z9LhSXqPhzFILiY9U=</ds:DigestValue> </ds:Reference> <ds:Reference URI="http://www.nue.et-inf.uni-siegen.de/index.html";> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 "></ds:DigestMethod> <ds:DigestValue>Hpg+6h1k1jYY5yr3TRzDZzw23CQ=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>GovQY6sXC6Pup7MH/xtpCjbTNd1gOib8gwj8khwMUwmZ9aEC5g58rQ==</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIC9jCCArQCBDruqiowCwYHKoZIzjgEAwUAMGExCzAJBgNVBAYTAkRFMR0wGwYDVQQKExRVbml2 ZXJzaXR5IG9mIFNpZWdlbjEQMA4GA1UECxMHRkIxMk5VRTEhMB8GA1UEAxMYQ2hyaXN0aWFuIEdl dWVyLVBvbGxtYW5uMB4XDTAxMDUwMTEyMjA1OFoXDTA2MTAyMjEyMjA1OFowYTELMAkGA1UEBhMC REUxHTAbBgNVBAoTFFVuaXZlcnNpdHkgb2YgU2llZ2VuMRAwDgYDVQQLEwdGQjEyTlVFMSEwHwYD VQQDExhDaHJpc3RpYW4gR2V1ZXItUG9sbG1hbm4wggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9T gR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv 8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSv u/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64e K7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC gYASWfn+G1k/nWntj9jX7Nk5JKaiLZ9BLR16eJJxqff33THLfdGs98Xmh2oRWZVh9PMV8oTP3hpR cRipjZUZVEIqsBlOGTVLCg4H5TJ81JWOiprh+mkhClNqUr8l5Hu7FBSvQB6inryeva7j0aKNiIvK 8vfHTiUZpnyNRhkveBlM0jALBgcqhkjOOAQDBQADLwAwLAIUPDd/UmB9GeHqvGjny30Bvjt0AkUC FA9ab72kKuB5geYGeckbBrcgPnZk </ds:X509Certificate> </ds:X509Data> <ds:KeyValue> <ds:DSAKeyValue> <ds:P> /X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu K2HXKu/yIgMZndFIAcc= </ds:P> <ds:Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</ds:Q> <ds:G> 9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3 zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL Zl6Ae1UlZAFMO/7PSSo= </ds:G> <ds:Y> Eln5/htZP51p7Y/Y1+zZOSSmoi2fQS0deniScan3990xy33RrPfF5odqEVmVYfTzFfKEz94aUXEY qY2VGVRCKrAZThk1SwoOB+UyfNSVjoqa4fppIQpTalK/JeR7uxQUr0Aeop68nr2u49GijYiLyvL3 x04lGaZ8jUYZL3gZTNI= </ds:Y> </ds:DSAKeyValue> </ds:KeyValue> </ds:KeyInfo> </ds:Signature></apache:RootElement> <!-- Comment after -->" Following modifications need to be done to be used in Wookie as I understood. - DSA is the used signature algorithm where recommended algorithm is RSA - This is a signature enveloped by the document and what is needed is a separate signature files - The signatures for widgets need to consider images, sounds files and have to check the behavior I am hoping to work on the above modifications in the given order. I have submitted draft proposal at http://www.google-melange.com/gsoc/proposal/review/google/gsoc2012/pushpalanka/14002 . It will be great if I can have your comments on that to improve it too. On Tue, Mar 27, 2012 at 12:59 PM, Scott Wilson < [email protected]> wrote: > On 26 Mar 2012, at 11:08, Pushpalanka Jayawardhana wrote: > > > Hi Scott, > > > > Thanks a lot for the valuable opinions. > > > > - I asked in the list [email protected] and got a reply > from > > Marcos Caceres saying that OpenSSL will help, which is used in the W3C > > test suite for XML Digital Signatures for > > widgets<http://dev.w3.org/2006/waf/widgets-digsig/test-suite/tools/>. > > But OpenSSL is implemented in C and need some workaround to use here. > Apache > > Sanuario <http://santuario.apache.org/> seems a better option which > > includes the standard JSR 105 (Java XML Digital Signature) API and > > implemented in Java. This library has been used in several other Apache > > projects like Rampart and WSS4J. > > Looks good! > > > > > > - In allowing authors and distributors to sign their widgets, I think > > you meant having '.sh' and '.bat' files. I'm glad to know your > opinion on > > signing via an executable jar which will have it's own simple user > > interface. That way it won't be dependent on the platform. > > Yes, that was what I meant, but I think your idea is better :) > > (I was discussing widgets-digsig on the Mozilla lists as well this week, > and a nice easy tool for signing widgets would be welcome there too.) > > Thank you and Best Regards, -- Pushpalanka Jayawardhana | Undergraduate | Computer Science and Engineering University of Moratuwa +94779716248 | http://pushpalankajaya.blogspot.com Twitter: http://twitter.com/Pushpalanka | Slideshare: http://www.slideshare.net/Pushpalanka
