Hi Scott, I could come over the first modification needed for the previous signature. Now the generated signature is according to the recommendations of the signature properties as in W3C specification.
<!-- Comment before --> <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1"; xmlns:foo="http://example.org/#foo"; attr1="test1" attr2="test2" foo:attr1="foo's test">Some simple text <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm=" http://www.w3.org/TR/2001/REC-xml-c14n-20010315 "></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm=" http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";></ds:SignatureMethod> <ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm=" http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform> <ds:Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11 "></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 "></ds:DigestMethod> <ds:DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</ds:DigestValue> </ds:Reference> <ds:Reference URI="http://www.w3.org/TR/xml-stylesheet";> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 "></ds:DigestMethod> <ds:DigestValue>iFzAxy5gZ3Z9LhSXqPhzFILiY9U=</ds:DigestValue> </ds:Reference> <ds:Reference URI="http://www.nue.et-inf.uni-siegen.de/index.html";> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 "></ds:DigestMethod> <ds:DigestValue>Hpg+6h1k1jYY5yr3TRzDZzw23CQ=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> M5o14IAQNDc/a5ms9K2PjyPcfEuH2Q3v+ZONLz4ljs43v5rmBsb4RuWN11iz7Z9CvkZ4sQQpsqsA 496TJ5wUg5GW/NeEflbuVdkJ3f9+ralq5KSo6T/j8UkOTLonR/b44gl33GoTzP3ncPDd2++OrZc7 31MWFURp86A0akjmOWlgCEqezj6FJPm5YpFnKwvQCgde95W43GJ0gePBmJoSTbERucfRMZi8/kA7 l8Yq0dNPiOMVjScKUPzYjXKIFg5qLDdFuzhkv9MZTh9RufsB8MInPnS92ZKryrWUOGwV1naZfHMq MXY7G9Uu5ZsKNx85hdOasW87zsRa0Lf3zJMDa5trbqKLVKM9yn8mFZHNl2Q2AFjO1ixdZ5NrLWnU Cx12LncMFunld60TP22vtH4Xju0G/K4nftuXR176YC+9fHrSi+rGTOu67eSrjW6cioEHaVLui4TS 3TGfCVhxFInyviVS0qEUijA5sVr91RIsCzO9aGiXVrdaaHKNMdOtDIxM0x7JGlxSuT8qq0eRDsM8 9dQyr5T4frdmCpZmwbhW0kgkQRtLEce1xcZ1D2XHQOOFInjfEUDhHYvf8piokfFMVg/U7IONoTUx Lzn49KlbHo+OD4Q9ItIUcRe0NxRZj8uqn6WBdCtML2NDTCvxwY66nKRUHuQX8d9WuwN/fpd+xoY= </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> MIIFaDCCA1CgAwIBAgIET4EkWDANBgkqhkiG9w0BAQUFADB2MQswCQYDVQQGEwJMSzEQMA4GA1UE CBMHV2VzdGVybjEQMA4GA1UEBxMHQ29sb21ibzEPMA0GA1UEChMGQXBhY2hlMQ8wDQYDVQQLEwZX b29raWUxITAfBgNVBAMTGFB1c2hwYWxhbmthIEpheWF3YXJkaGFuYTAeFw0xMjA0MDgwNTM4MzJa Fw0xMzA0MDMwNTM4MzJaMHYxCzAJBgNVBAYTAkxLMRAwDgYDVQQIEwdXZXN0ZXJuMRAwDgYDVQQH EwdDb2xvbWJvMQ8wDQYDVQQKEwZBcGFjaGUxDzANBgNVBAsTBldvb2tpZTEhMB8GA1UEAxMYUHVz aHBhbGFua2EgSmF5YXdhcmRoYW5hMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAhdtK P8M6CXJurcLr212+AFrxTOGiN17kT4MB3TjhxNcmJbgHkJY8vYzqU5qaoT/8pzI/PdKtpYdHpeJE u8WqwxJHeC0XnbAH3XV72UVVHqu6OPp1Pynp+BFQYymLhKb77ktJWqDjRRYpfRrd8zH2N7vMrWue oXW9ug8iC5svrlkQiVJeTRMYiEq9s74Em0leBafKIIIp1XDnezmhmhvYRxHuWyEg0o1/bPD5KFx7 ZXgliw1sLZHUO7+uXLLabEck5BtGtMFrB3A3NYEAXSPEX+Q4DbTh8R0sIcjDavTzXATAx86uH4YO wgx2BJHItHgpn6yvTrIyABIY56gYwdE9lgP/N+h41D5MIeWgFysmmT2pOMhwuZOfBuhj7N4zIcCW wXu1IjksXqxBdBq4pFNKIKYOSJy0JehxeApQ2K+Gcv5Hp7EhR6K9r+hrwtI9jhY+/Li0rybh/Mf7 7e/gron3Pp3CVhHSd7tiAcvscnhegO26QDcfvUZtr10r9xEpKsYp0ORZ5fCTHrrpG8EOdsWs34a6 VuSiAP/Nv2aTJLPlAxXDTU8hOSlOOO1TJsumE6VsIrGCc8c2U+4gortLt30CdAe1k/aG7P87+KT1 tnDy82sYUunB2admIO2ysXkg/UFJzWLZV/RbVYXj2EE/eNBDmu54Hi2Y7DsgzKfJjGpJdKkCAwEA ATANBgkqhkiG9w0BAQUFAAOCAgEAe7mZ5uSuDSr6G5Gr8k1pChfSnndddXu1nPXuT8vLPswdSCnS uVl9oSRIZFGxIbnMzjh86QsawmPtqiGb7LxjkvkxlE1CKB94lpFFOeQZkO4DhjykVRrz+eLuTT9B Dnt0zY8099i/IDPeroGLCg+2oadAc50to8ZmXehQ1H1M5g7e26kmzm+7vV3tEuDnbzcq3iAFSwkQ R817YESA2zEO9z8E41r6Q+gQFOw5XpP4FL55M1sDURWDo6Lm/eeLkThNulO0DD06PfqCAzcAFeMi XejAw81ACKoa35ZojaqnWDmaMesNIP0rTqAb3Cd+vP2Jvb+u3kMAb9PtgDGTUCYIAH+hrMcSl4OT lVLy/mCEmnsx1BidiyctT0YVrGMarpZDsW6lBzK+eZ3cxVhE6TWLvx0bBSxcDuRSQJBey9pUQMQq L1YiWSBvBqMg9cq7qlUIoN13LgG8NKCWkZqtjdKRwsINGj+aZXodBA7+DrD28UE69PL9KYx04Rkd NsOHYqZloY9fmP2NGEv4bIHkUC+X7rBpoVP1UAaFjC4fMDeHIsr3ngshdznpZK9v2BHXJ8Irqhn2 EbTOkdtbK3hH2oKcZ/SE4y8AUABWHcWXNIU5icejz8VPB+WxDUhGQl3Ju01HvAea+hxxGhVH9HNN AHhsro4QtptUph70504o4C+7+pQ= </ds:X509Certificate> </ds:X509Data> <ds:KeyValue> <ds:RSAKeyValue> <ds:Modulus> hdtKP8M6CXJurcLr212+AFrxTOGiN17kT4MB3TjhxNcmJbgHkJY8vYzqU5qaoT/8pzI/PdKtpYdH peJEu8WqwxJHeC0XnbAH3XV72UVVHqu6OPp1Pynp+BFQYymLhKb77ktJWqDjRRYpfRrd8zH2N7vM rWueoXW9ug8iC5svrlkQiVJeTRMYiEq9s74Em0leBafKIIIp1XDnezmhmhvYRxHuWyEg0o1/bPD5 KFx7ZXgliw1sLZHUO7+uXLLabEck5BtGtMFrB3A3NYEAXSPEX+Q4DbTh8R0sIcjDavTzXATAx86u H4YOwgx2BJHItHgpn6yvTrIyABIY56gYwdE9lgP/N+h41D5MIeWgFysmmT2pOMhwuZOfBuhj7N4z IcCWwXu1IjksXqxBdBq4pFNKIKYOSJy0JehxeApQ2K+Gcv5Hp7EhR6K9r+hrwtI9jhY+/Li0rybh /Mf77e/gron3Pp3CVhHSd7tiAcvscnhegO26QDcfvUZtr10r9xEpKsYp0ORZ5fCTHrrpG8EOdsWs 34a6VuSiAP/Nv2aTJLPlAxXDTU8hOSlOOO1TJsumE6VsIrGCc8c2U+4gortLt30CdAe1k/aG7P87 +KT1tnDy82sYUunB2admIO2ysXkg/UFJzWLZV/RbVYXj2EE/eNBDmu54Hi2Y7DsgzKfJjGpJdKk= </ds:Modulus> <ds:Exponent>AQAB</ds:Exponent> </ds:RSAKeyValue> </ds:KeyValue> </ds:KeyInfo> </ds:Signature></apache:RootElement> <!-- Comment after --> On Mon, Apr 2, 2012 at 7:31 PM, Scott Wilson <[email protected] > wrote: > > On 31 Mar 2012, at 17:14, Pushpalanka Jayawardhana wrote: > > > Hi Scott, > > > > It's great to know that this will be useful for many. > > > > Meanwhile I tried to work with Apache Santuario going through the > samples. > > Following is what I could generate by now. > > > > > "<!-- Comment before --> > > <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1"; > > xmlns:foo="http://example.org/#foo"; attr1="test1" attr2="test2" > > foo:attr1="foo's test">Some simple text > > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > > <ds:SignedInfo> > > <ds:CanonicalizationMethod Algorithm=" > > http://www.w3.org/TR/2001/REC-xml-c14n-20010315 > > "></ds:CanonicalizationMethod> > > <ds:SignatureMethod Algorithm=" > http://www.w3.org/2000/09/xmldsig#dsa-sha1 > > "></ds:SignatureMethod> > > <ds:Reference URI=""> > > <ds:Transforms> > > <ds:Transform Algorithm=" > > http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform> > > <ds:Transform Algorithm=" > > http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments > > "></ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > > "></ds:DigestMethod> > > <ds:DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="http://www.w3.org/TR/xml-stylesheet";> > > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > > "></ds:DigestMethod> > > <ds:DigestValue>iFzAxy5gZ3Z9LhSXqPhzFILiY9U=</ds:DigestValue> > > </ds:Reference> > > <ds:Reference URI="http://www.nue.et-inf.uni-siegen.de/index.html";> > > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > > "></ds:DigestMethod> > > <ds:DigestValue>Hpg+6h1k1jYY5yr3TRzDZzw23CQ=</ds:DigestValue> > > </ds:Reference> > > </ds:SignedInfo> > > > <ds:SignatureValue>GovQY6sXC6Pup7MH/xtpCjbTNd1gOib8gwj8khwMUwmZ9aEC5g58rQ==</ds:SignatureValue> > > <ds:KeyInfo> > > <ds:X509Data> > > <ds:X509Certificate> > > > MIIC9jCCArQCBDruqiowCwYHKoZIzjgEAwUAMGExCzAJBgNVBAYTAkRFMR0wGwYDVQQKExRVbml2 > > > ZXJzaXR5IG9mIFNpZWdlbjEQMA4GA1UECxMHRkIxMk5VRTEhMB8GA1UEAxMYQ2hyaXN0aWFuIEdl > > > dWVyLVBvbGxtYW5uMB4XDTAxMDUwMTEyMjA1OFoXDTA2MTAyMjEyMjA1OFowYTELMAkGA1UEBhMC > > > REUxHTAbBgNVBAoTFFVuaXZlcnNpdHkgb2YgU2llZ2VuMRAwDgYDVQQLEwdGQjEyTlVFMSEwHwYD > > > VQQDExhDaHJpc3RpYW4gR2V1ZXItUG9sbG1hbm4wggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9T > > > gR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv > > > 8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX > > > Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSv > > > u/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64e > > > K7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC > > > gYASWfn+G1k/nWntj9jX7Nk5JKaiLZ9BLR16eJJxqff33THLfdGs98Xmh2oRWZVh9PMV8oTP3hpR > > > cRipjZUZVEIqsBlOGTVLCg4H5TJ81JWOiprh+mkhClNqUr8l5Hu7FBSvQB6inryeva7j0aKNiIvK > > > 8vfHTiUZpnyNRhkveBlM0jALBgcqhkjOOAQDBQADLwAwLAIUPDd/UmB9GeHqvGjny30Bvjt0AkUC > > FA9ab72kKuB5geYGeckbBrcgPnZk > > </ds:X509Certificate> > > </ds:X509Data> > > <ds:KeyValue> > > <ds:DSAKeyValue> > > <ds:P> > > > /X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA > > > HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu > > K2HXKu/yIgMZndFIAcc= > > </ds:P> > > <ds:Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</ds:Q> > > <ds:G> > > > 9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3 > > > zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL > > Zl6Ae1UlZAFMO/7PSSo= > > </ds:G> > > <ds:Y> > > > Eln5/htZP51p7Y/Y1+zZOSSmoi2fQS0deniScan3990xy33RrPfF5odqEVmVYfTzFfKEz94aUXEY > > > qY2VGVRCKrAZThk1SwoOB+UyfNSVjoqa4fppIQpTalK/JeR7uxQUr0Aeop68nr2u49GijYiLyvL3 > > x04lGaZ8jUYZL3gZTNI= > > </ds:Y> > > </ds:DSAKeyValue> > > </ds:KeyValue> > > </ds:KeyInfo> > > </ds:Signature></apache:RootElement> > > <!-- Comment after -->" > > > > Following modifications need to be done to be used in Wookie as I > > understood. > > > > - DSA is the used signature algorithm where recommended algorithm is > RSA > > - This is a signature enveloped by the document and what is needed is > > a separate signature files > > - The signatures for widgets need to consider images, sounds files and > > have to check the behavior > > > > I am hoping to work on the above modifications in the given order. > > I have submitted draft proposal at > > > http://www.google-melange.com/gsoc/proposal/review/google/gsoc2012/pushpalanka/14002 > > . > > It will be great if I can have your comments on that to improve it too. > > Yes, I saw the proposal go up on the GSoC site - I read it the other day > and I think its looking good. I think the steps required all look > achievable, and the end result would be something of value not just to > Wookie but via the signing jar to other W3C Widgets implementations (I > could see it being used in at least two other projects...) > > > > > On Tue, Mar 27, 2012 at 12:59 PM, Scott Wilson < > > [email protected]> wrote: > > > >> On 26 Mar 2012, at 11:08, Pushpalanka Jayawardhana wrote: > >> > >>> Hi Scott, > >>> > >>> Thanks a lot for the valuable opinions. > >>> > >>> - I asked in the list [email protected] and got a reply > >> from > >>> Marcos Caceres saying that OpenSSL will help, which is used in the W3C > >>> test suite for XML Digital Signatures for > >>> widgets<http://dev.w3.org/2006/waf/widgets-digsig/test-suite/tools/>. > >>> But OpenSSL is implemented in C and need some workaround to use here. > >> Apache > >>> Sanuario <http://santuario.apache.org/> seems a better option which > >>> includes the standard JSR 105 (Java XML Digital Signature) API and > >>> implemented in Java. This library has been used in several other > Apache > >>> projects like Rampart and WSS4J. > >> > >> Looks good! > >>> > >>> > >>> - In allowing authors and distributors to sign their widgets, I think > >>> you meant having '.sh' and '.bat' files. I'm glad to know your > >> opinion on > >>> signing via an executable jar which will have it's own simple user > >>> interface. That way it won't be dependent on the platform. > >> > >> Yes, that was what I meant, but I think your idea is better :) > >> > >> (I was discussing widgets-digsig on the Mozilla lists as well this week, > >> and a nice easy tool for signing widgets would be welcome there too.) > >> > >> Thank you and Best Regards, > > -- > > Pushpalanka Jayawardhana | Undergraduate | Computer Science and > Engineering > > University of Moratuwa > > > > +94779716248 | http://pushpalankajaya.blogspot.com > > > > Twitter: http://twitter.com/Pushpalanka | Slideshare: > > http://www.slideshare.net/Pushpalanka > > Best Regards, -- Pushpalanka Jayawardhana | Undergraduate | Computer Science and Engineering University of Moratuwa +94779716248 | http://pushpalankajaya.blogspot.com Twitter: http://twitter.com/Pushpalanka | Slideshare: http://www.slideshare.net/Pushpalanka
