On 31 Mar 2012, at 17:14, Pushpalanka Jayawardhana wrote: > Hi Scott, > > It's great to know that this will be useful for many. > > Meanwhile I tried to work with Apache Santuario going through the samples. > Following is what I could generate by now.
> > "<!-- Comment before --> > <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1"; > xmlns:foo="http://example.org/#foo"; attr1="test1" attr2="test2" > foo:attr1="foo's test">Some simple text > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod Algorithm=" > http://www.w3.org/TR/2001/REC-xml-c14n-20010315 > "></ds:CanonicalizationMethod> > <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1 > "></ds:SignatureMethod> > <ds:Reference URI=""> > <ds:Transforms> > <ds:Transform Algorithm=" > http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform> > <ds:Transform Algorithm=" > http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments > "></ds:Transform> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > "></ds:DigestMethod> > <ds:DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</ds:DigestValue> > </ds:Reference> > <ds:Reference URI="http://www.w3.org/TR/xml-stylesheet";> > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > "></ds:DigestMethod> > <ds:DigestValue>iFzAxy5gZ3Z9LhSXqPhzFILiY9U=</ds:DigestValue> > </ds:Reference> > <ds:Reference URI="http://www.nue.et-inf.uni-siegen.de/index.html";> > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > "></ds:DigestMethod> > <ds:DigestValue>Hpg+6h1k1jYY5yr3TRzDZzw23CQ=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue>GovQY6sXC6Pup7MH/xtpCjbTNd1gOib8gwj8khwMUwmZ9aEC5g58rQ==</ds:SignatureValue> > <ds:KeyInfo> > <ds:X509Data> > <ds:X509Certificate> > MIIC9jCCArQCBDruqiowCwYHKoZIzjgEAwUAMGExCzAJBgNVBAYTAkRFMR0wGwYDVQQKExRVbml2 > ZXJzaXR5IG9mIFNpZWdlbjEQMA4GA1UECxMHRkIxMk5VRTEhMB8GA1UEAxMYQ2hyaXN0aWFuIEdl > dWVyLVBvbGxtYW5uMB4XDTAxMDUwMTEyMjA1OFoXDTA2MTAyMjEyMjA1OFowYTELMAkGA1UEBhMC > REUxHTAbBgNVBAoTFFVuaXZlcnNpdHkgb2YgU2llZ2VuMRAwDgYDVQQLEwdGQjEyTlVFMSEwHwYD > VQQDExhDaHJpc3RpYW4gR2V1ZXItUG9sbG1hbm4wggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9T > gR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv > 8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX > Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSv > u/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64e > K7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC > gYASWfn+G1k/nWntj9jX7Nk5JKaiLZ9BLR16eJJxqff33THLfdGs98Xmh2oRWZVh9PMV8oTP3hpR > cRipjZUZVEIqsBlOGTVLCg4H5TJ81JWOiprh+mkhClNqUr8l5Hu7FBSvQB6inryeva7j0aKNiIvK > 8vfHTiUZpnyNRhkveBlM0jALBgcqhkjOOAQDBQADLwAwLAIUPDd/UmB9GeHqvGjny30Bvjt0AkUC > FA9ab72kKuB5geYGeckbBrcgPnZk > </ds:X509Certificate> > </ds:X509Data> > <ds:KeyValue> > <ds:DSAKeyValue> > <ds:P> > /X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA > HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu > K2HXKu/yIgMZndFIAcc= > </ds:P> > <ds:Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</ds:Q> > <ds:G> > 9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3 > zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL > Zl6Ae1UlZAFMO/7PSSo= > </ds:G> > <ds:Y> > Eln5/htZP51p7Y/Y1+zZOSSmoi2fQS0deniScan3990xy33RrPfF5odqEVmVYfTzFfKEz94aUXEY > qY2VGVRCKrAZThk1SwoOB+UyfNSVjoqa4fppIQpTalK/JeR7uxQUr0Aeop68nr2u49GijYiLyvL3 > x04lGaZ8jUYZL3gZTNI= > </ds:Y> > </ds:DSAKeyValue> > </ds:KeyValue> > </ds:KeyInfo> > </ds:Signature></apache:RootElement> > <!-- Comment after -->" > > Following modifications need to be done to be used in Wookie as I > understood. > > - DSA is the used signature algorithm where recommended algorithm is RSA > - This is a signature enveloped by the document and what is needed is > a separate signature files > - The signatures for widgets need to consider images, sounds files and > have to check the behavior > > I am hoping to work on the above modifications in the given order. > I have submitted draft proposal at > http://www.google-melange.com/gsoc/proposal/review/google/gsoc2012/pushpalanka/14002 > . > It will be great if I can have your comments on that to improve it too. Yes, I saw the proposal go up on the GSoC site - I read it the other day and I think its looking good. I think the steps required all look achievable, and the end result would be something of value not just to Wookie but via the signing jar to other W3C Widgets implementations (I could see it being used in at least two other projects...) > > On Tue, Mar 27, 2012 at 12:59 PM, Scott Wilson < > [email protected]> wrote: > >> On 26 Mar 2012, at 11:08, Pushpalanka Jayawardhana wrote: >> >>> Hi Scott, >>> >>> Thanks a lot for the valuable opinions. >>> >>> - I asked in the list [email protected] and got a reply >> from >>> Marcos Caceres saying that OpenSSL will help, which is used in the W3C >>> test suite for XML Digital Signatures for >>> widgets<http://dev.w3.org/2006/waf/widgets-digsig/test-suite/tools/>. >>> But OpenSSL is implemented in C and need some workaround to use here. >> Apache >>> Sanuario <http://santuario.apache.org/> seems a better option which >>> includes the standard JSR 105 (Java XML Digital Signature) API and >>> implemented in Java. This library has been used in several other Apache >>> projects like Rampart and WSS4J. >> >> Looks good! >>> >>> >>> - In allowing authors and distributors to sign their widgets, I think >>> you meant having '.sh' and '.bat' files. I'm glad to know your >> opinion on >>> signing via an executable jar which will have it's own simple user >>> interface. That way it won't be dependent on the platform. >> >> Yes, that was what I meant, but I think your idea is better :) >> >> (I was discussing widgets-digsig on the Mozilla lists as well this week, >> and a nice easy tool for signing widgets would be welcome there too.) >> >> Thank you and Best Regards, > -- > Pushpalanka Jayawardhana | Undergraduate | Computer Science and Engineering > University of Moratuwa > > +94779716248 | http://pushpalankajaya.blogspot.com > > Twitter: http://twitter.com/Pushpalanka | Slideshare: > http://www.slideshare.net/Pushpalanka
