On 8 Apr 2012, at 10:30, Pushpalanka Jayawardhana wrote: > Hi Scott, > > I could come over the first modification needed for the previous signature. > Now the generated signature is according to the recommendations of the > signature properties as in W3C specification.
This is great progress Pushpalanka - having this kind of proof-of-concept on the core signature generation is important as all the other aspects of implementation depend upon it. Good job! > > <!-- Comment before --> > <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1"; > xmlns:foo="http://example.org/#foo"; attr1="test1" attr2="test2" > foo:attr1="foo's test">Some simple text > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod Algorithm=" > http://www.w3.org/TR/2001/REC-xml-c14n-20010315 > "></ds:CanonicalizationMethod> > <ds:SignatureMethod Algorithm=" > http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";></ds:SignatureMethod> > <ds:Reference URI=""> > <ds:Transforms> > <ds:Transform Algorithm=" > http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform> > <ds:Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11 > "></ds:Transform> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > "></ds:DigestMethod> > <ds:DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</ds:DigestValue> > </ds:Reference> > <ds:Reference URI="http://www.w3.org/TR/xml-stylesheet";> > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > "></ds:DigestMethod> > <ds:DigestValue>iFzAxy5gZ3Z9LhSXqPhzFILiY9U=</ds:DigestValue> > </ds:Reference> > <ds:Reference URI="http://www.nue.et-inf.uni-siegen.de/index.html";> > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 > "></ds:DigestMethod> > <ds:DigestValue>Hpg+6h1k1jYY5yr3TRzDZzw23CQ=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue> > M5o14IAQNDc/a5ms9K2PjyPcfEuH2Q3v+ZONLz4ljs43v5rmBsb4RuWN11iz7Z9CvkZ4sQQpsqsA > 496TJ5wUg5GW/NeEflbuVdkJ3f9+ralq5KSo6T/j8UkOTLonR/b44gl33GoTzP3ncPDd2++OrZc7 > 31MWFURp86A0akjmOWlgCEqezj6FJPm5YpFnKwvQCgde95W43GJ0gePBmJoSTbERucfRMZi8/kA7 > l8Yq0dNPiOMVjScKUPzYjXKIFg5qLDdFuzhkv9MZTh9RufsB8MInPnS92ZKryrWUOGwV1naZfHMq > MXY7G9Uu5ZsKNx85hdOasW87zsRa0Lf3zJMDa5trbqKLVKM9yn8mFZHNl2Q2AFjO1ixdZ5NrLWnU > Cx12LncMFunld60TP22vtH4Xju0G/K4nftuXR176YC+9fHrSi+rGTOu67eSrjW6cioEHaVLui4TS > 3TGfCVhxFInyviVS0qEUijA5sVr91RIsCzO9aGiXVrdaaHKNMdOtDIxM0x7JGlxSuT8qq0eRDsM8 > 9dQyr5T4frdmCpZmwbhW0kgkQRtLEce1xcZ1D2XHQOOFInjfEUDhHYvf8piokfFMVg/U7IONoTUx > Lzn49KlbHo+OD4Q9ItIUcRe0NxRZj8uqn6WBdCtML2NDTCvxwY66nKRUHuQX8d9WuwN/fpd+xoY= > </ds:SignatureValue> > <ds:KeyInfo> > <ds:X509Data> > <ds:X509Certificate> > MIIFaDCCA1CgAwIBAgIET4EkWDANBgkqhkiG9w0BAQUFADB2MQswCQYDVQQGEwJMSzEQMA4GA1UE > CBMHV2VzdGVybjEQMA4GA1UEBxMHQ29sb21ibzEPMA0GA1UEChMGQXBhY2hlMQ8wDQYDVQQLEwZX > b29raWUxITAfBgNVBAMTGFB1c2hwYWxhbmthIEpheWF3YXJkaGFuYTAeFw0xMjA0MDgwNTM4MzJa > Fw0xMzA0MDMwNTM4MzJaMHYxCzAJBgNVBAYTAkxLMRAwDgYDVQQIEwdXZXN0ZXJuMRAwDgYDVQQH > EwdDb2xvbWJvMQ8wDQYDVQQKEwZBcGFjaGUxDzANBgNVBAsTBldvb2tpZTEhMB8GA1UEAxMYUHVz > aHBhbGFua2EgSmF5YXdhcmRoYW5hMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAhdtK > P8M6CXJurcLr212+AFrxTOGiN17kT4MB3TjhxNcmJbgHkJY8vYzqU5qaoT/8pzI/PdKtpYdHpeJE > u8WqwxJHeC0XnbAH3XV72UVVHqu6OPp1Pynp+BFQYymLhKb77ktJWqDjRRYpfRrd8zH2N7vMrWue > oXW9ug8iC5svrlkQiVJeTRMYiEq9s74Em0leBafKIIIp1XDnezmhmhvYRxHuWyEg0o1/bPD5KFx7 > ZXgliw1sLZHUO7+uXLLabEck5BtGtMFrB3A3NYEAXSPEX+Q4DbTh8R0sIcjDavTzXATAx86uH4YO > wgx2BJHItHgpn6yvTrIyABIY56gYwdE9lgP/N+h41D5MIeWgFysmmT2pOMhwuZOfBuhj7N4zIcCW > wXu1IjksXqxBdBq4pFNKIKYOSJy0JehxeApQ2K+Gcv5Hp7EhR6K9r+hrwtI9jhY+/Li0rybh/Mf7 > 7e/gron3Pp3CVhHSd7tiAcvscnhegO26QDcfvUZtr10r9xEpKsYp0ORZ5fCTHrrpG8EOdsWs34a6 > VuSiAP/Nv2aTJLPlAxXDTU8hOSlOOO1TJsumE6VsIrGCc8c2U+4gortLt30CdAe1k/aG7P87+KT1 > tnDy82sYUunB2admIO2ysXkg/UFJzWLZV/RbVYXj2EE/eNBDmu54Hi2Y7DsgzKfJjGpJdKkCAwEA > ATANBgkqhkiG9w0BAQUFAAOCAgEAe7mZ5uSuDSr6G5Gr8k1pChfSnndddXu1nPXuT8vLPswdSCnS > uVl9oSRIZFGxIbnMzjh86QsawmPtqiGb7LxjkvkxlE1CKB94lpFFOeQZkO4DhjykVRrz+eLuTT9B > Dnt0zY8099i/IDPeroGLCg+2oadAc50to8ZmXehQ1H1M5g7e26kmzm+7vV3tEuDnbzcq3iAFSwkQ > R817YESA2zEO9z8E41r6Q+gQFOw5XpP4FL55M1sDURWDo6Lm/eeLkThNulO0DD06PfqCAzcAFeMi > XejAw81ACKoa35ZojaqnWDmaMesNIP0rTqAb3Cd+vP2Jvb+u3kMAb9PtgDGTUCYIAH+hrMcSl4OT > lVLy/mCEmnsx1BidiyctT0YVrGMarpZDsW6lBzK+eZ3cxVhE6TWLvx0bBSxcDuRSQJBey9pUQMQq > L1YiWSBvBqMg9cq7qlUIoN13LgG8NKCWkZqtjdKRwsINGj+aZXodBA7+DrD28UE69PL9KYx04Rkd > NsOHYqZloY9fmP2NGEv4bIHkUC+X7rBpoVP1UAaFjC4fMDeHIsr3ngshdznpZK9v2BHXJ8Irqhn2 > EbTOkdtbK3hH2oKcZ/SE4y8AUABWHcWXNIU5icejz8VPB+WxDUhGQl3Ju01HvAea+hxxGhVH9HNN > AHhsro4QtptUph70504o4C+7+pQ= > </ds:X509Certificate> > </ds:X509Data> > <ds:KeyValue> > <ds:RSAKeyValue> > <ds:Modulus> > hdtKP8M6CXJurcLr212+AFrxTOGiN17kT4MB3TjhxNcmJbgHkJY8vYzqU5qaoT/8pzI/PdKtpYdH > peJEu8WqwxJHeC0XnbAH3XV72UVVHqu6OPp1Pynp+BFQYymLhKb77ktJWqDjRRYpfRrd8zH2N7vM > rWueoXW9ug8iC5svrlkQiVJeTRMYiEq9s74Em0leBafKIIIp1XDnezmhmhvYRxHuWyEg0o1/bPD5 > KFx7ZXgliw1sLZHUO7+uXLLabEck5BtGtMFrB3A3NYEAXSPEX+Q4DbTh8R0sIcjDavTzXATAx86u > H4YOwgx2BJHItHgpn6yvTrIyABIY56gYwdE9lgP/N+h41D5MIeWgFysmmT2pOMhwuZOfBuhj7N4z > IcCWwXu1IjksXqxBdBq4pFNKIKYOSJy0JehxeApQ2K+Gcv5Hp7EhR6K9r+hrwtI9jhY+/Li0rybh > /Mf77e/gron3Pp3CVhHSd7tiAcvscnhegO26QDcfvUZtr10r9xEpKsYp0ORZ5fCTHrrpG8EOdsWs > 34a6VuSiAP/Nv2aTJLPlAxXDTU8hOSlOOO1TJsumE6VsIrGCc8c2U+4gortLt30CdAe1k/aG7P87 > +KT1tnDy82sYUunB2admIO2ysXkg/UFJzWLZV/RbVYXj2EE/eNBDmu54Hi2Y7DsgzKfJjGpJdKk= > </ds:Modulus> > <ds:Exponent>AQAB</ds:Exponent> > </ds:RSAKeyValue> > </ds:KeyValue> > </ds:KeyInfo> > </ds:Signature></apache:RootElement> > <!-- Comment after --> > > > > > > On Mon, Apr 2, 2012 at 7:31 PM, Scott Wilson <[email protected] >> wrote: > >> >> On 31 Mar 2012, at 17:14, Pushpalanka Jayawardhana wrote: >> >>> Hi Scott, >>> >>> It's great to know that this will be useful for many. >>> >>> Meanwhile I tried to work with Apache Santuario going through the >> samples. >>> Following is what I could generate by now. >> >>> >>> "<!-- Comment before --> >>> <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1"; >>> xmlns:foo="http://example.org/#foo"; attr1="test1" attr2="test2" >>> foo:attr1="foo's test">Some simple text >>> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> >>> <ds:SignedInfo> >>> <ds:CanonicalizationMethod Algorithm=" >>> http://www.w3.org/TR/2001/REC-xml-c14n-20010315 >>> "></ds:CanonicalizationMethod> >>> <ds:SignatureMethod Algorithm=" >> http://www.w3.org/2000/09/xmldsig#dsa-sha1 >>> "></ds:SignatureMethod> >>> <ds:Reference URI=""> >>> <ds:Transforms> >>> <ds:Transform Algorithm=" >>> http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform> >>> <ds:Transform Algorithm=" >>> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments >>> "></ds:Transform> >>> </ds:Transforms> >>> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 >>> "></ds:DigestMethod> >>> <ds:DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</ds:DigestValue> >>> </ds:Reference> >>> <ds:Reference URI="http://www.w3.org/TR/xml-stylesheet";> >>> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 >>> "></ds:DigestMethod> >>> <ds:DigestValue>iFzAxy5gZ3Z9LhSXqPhzFILiY9U=</ds:DigestValue> >>> </ds:Reference> >>> <ds:Reference URI="http://www.nue.et-inf.uni-siegen.de/index.html";> >>> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 >>> "></ds:DigestMethod> >>> <ds:DigestValue>Hpg+6h1k1jYY5yr3TRzDZzw23CQ=</ds:DigestValue> >>> </ds:Reference> >>> </ds:SignedInfo> >>> >> <ds:SignatureValue>GovQY6sXC6Pup7MH/xtpCjbTNd1gOib8gwj8khwMUwmZ9aEC5g58rQ==</ds:SignatureValue> >>> <ds:KeyInfo> >>> <ds:X509Data> >>> <ds:X509Certificate> >>> >> MIIC9jCCArQCBDruqiowCwYHKoZIzjgEAwUAMGExCzAJBgNVBAYTAkRFMR0wGwYDVQQKExRVbml2 >>> >> ZXJzaXR5IG9mIFNpZWdlbjEQMA4GA1UECxMHRkIxMk5VRTEhMB8GA1UEAxMYQ2hyaXN0aWFuIEdl >>> >> dWVyLVBvbGxtYW5uMB4XDTAxMDUwMTEyMjA1OFoXDTA2MTAyMjEyMjA1OFowYTELMAkGA1UEBhMC >>> >> REUxHTAbBgNVBAoTFFVuaXZlcnNpdHkgb2YgU2llZ2VuMRAwDgYDVQQLEwdGQjEyTlVFMSEwHwYD >>> >> VQQDExhDaHJpc3RpYW4gR2V1ZXItUG9sbG1hbm4wggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9T >>> >> gR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv >>> >> 8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX >>> >> Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSv >>> >> u/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64e >>> >> K7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC >>> >> gYASWfn+G1k/nWntj9jX7Nk5JKaiLZ9BLR16eJJxqff33THLfdGs98Xmh2oRWZVh9PMV8oTP3hpR >>> >> cRipjZUZVEIqsBlOGTVLCg4H5TJ81JWOiprh+mkhClNqUr8l5Hu7FBSvQB6inryeva7j0aKNiIvK >>> >> 8vfHTiUZpnyNRhkveBlM0jALBgcqhkjOOAQDBQADLwAwLAIUPDd/UmB9GeHqvGjny30Bvjt0AkUC >>> FA9ab72kKuB5geYGeckbBrcgPnZk >>> </ds:X509Certificate> >>> </ds:X509Data> >>> <ds:KeyValue> >>> <ds:DSAKeyValue> >>> <ds:P> >>> >> /X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA >>> >> HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu >>> K2HXKu/yIgMZndFIAcc= >>> </ds:P> >>> <ds:Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</ds:Q> >>> <ds:G> >>> >> 9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3 >>> >> zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL >>> Zl6Ae1UlZAFMO/7PSSo= >>> </ds:G> >>> <ds:Y> >>> >> Eln5/htZP51p7Y/Y1+zZOSSmoi2fQS0deniScan3990xy33RrPfF5odqEVmVYfTzFfKEz94aUXEY >>> >> qY2VGVRCKrAZThk1SwoOB+UyfNSVjoqa4fppIQpTalK/JeR7uxQUr0Aeop68nr2u49GijYiLyvL3 >>> x04lGaZ8jUYZL3gZTNI= >>> </ds:Y> >>> </ds:DSAKeyValue> >>> </ds:KeyValue> >>> </ds:KeyInfo> >>> </ds:Signature></apache:RootElement> >>> <!-- Comment after -->" >>> >>> Following modifications need to be done to be used in Wookie as I >>> understood. >>> >>> - DSA is the used signature algorithm where recommended algorithm is >> RSA >>> - This is a signature enveloped by the document and what is needed is >>> a separate signature files >>> - The signatures for widgets need to consider images, sounds files and >>> have to check the behavior >>> >>> I am hoping to work on the above modifications in the given order. >>> I have submitted draft proposal at >>> >> http://www.google-melange.com/gsoc/proposal/review/google/gsoc2012/pushpalanka/14002 >>> . >>> It will be great if I can have your comments on that to improve it too. >> >> Yes, I saw the proposal go up on the GSoC site - I read it the other day >> and I think its looking good. I think the steps required all look >> achievable, and the end result would be something of value not just to >> Wookie but via the signing jar to other W3C Widgets implementations (I >> could see it being used in at least two other projects...) >> >>> >>> On Tue, Mar 27, 2012 at 12:59 PM, Scott Wilson < >>> [email protected]> wrote: >>> >>>> On 26 Mar 2012, at 11:08, Pushpalanka Jayawardhana wrote: >>>> >>>>> Hi Scott, >>>>> >>>>> Thanks a lot for the valuable opinions. >>>>> >>>>> - I asked in the list [email protected] and got a reply >>>> from >>>>> Marcos Caceres saying that OpenSSL will help, which is used in the W3C >>>>> test suite for XML Digital Signatures for >>>>> widgets<http://dev.w3.org/2006/waf/widgets-digsig/test-suite/tools/>. >>>>> But OpenSSL is implemented in C and need some workaround to use here. >>>> Apache >>>>> Sanuario <http://santuario.apache.org/> seems a better option which >>>>> includes the standard JSR 105 (Java XML Digital Signature) API and >>>>> implemented in Java. This library has been used in several other >> Apache >>>>> projects like Rampart and WSS4J. >>>> >>>> Looks good! >>>>> >>>>> >>>>> - In allowing authors and distributors to sign their widgets, I think >>>>> you meant having '.sh' and '.bat' files. I'm glad to know your >>>> opinion on >>>>> signing via an executable jar which will have it's own simple user >>>>> interface. That way it won't be dependent on the platform. >>>> >>>> Yes, that was what I meant, but I think your idea is better :) >>>> >>>> (I was discussing widgets-digsig on the Mozilla lists as well this week, >>>> and a nice easy tool for signing widgets would be welcome there too.) >>>> >>>> Thank you and Best Regards, >>> -- >>> Pushpalanka Jayawardhana | Undergraduate | Computer Science and >> Engineering >>> University of Moratuwa >>> >>> +94779716248 | http://pushpalankajaya.blogspot.com >>> >>> Twitter: http://twitter.com/Pushpalanka | Slideshare: >>> http://www.slideshare.net/Pushpalanka >> >> > > Best Regards, > -- > Pushpalanka Jayawardhana | Undergraduate | Computer Science and Engineering > University of Moratuwa > > +94779716248 | http://pushpalankajaya.blogspot.com > > Twitter: http://twitter.com/Pushpalanka | Slideshare: > http://www.slideshare.net/Pushpalanka
