1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
Sample XML Signatures[1][2]
[1] http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
[2] http://www.w3.org/TR/2001/REC-xml-c14n-20010315
1. A large and complex signature:
This includes internal and external base 64, references of the forms
"", "#xpointer(/)", "#foo" and "#xpointer(id('foo'))" (with and
without comments), manifests, signature properties, simple xpath
with here(), xslt, retrieval method and odd interreferential
dependencies.
signature.xml - A signature
signature.tmpl - The template from which the signature was created
signature-c14n-*.txt - All intermediate c14n output
2. Some basic signatures:
The key for the HMAC-SHA1 signatures is "secret".getBytes("ASCII")
which is, in hex, (73 65 63 72 65 74). No key info is provided for
these signatures.
signature-enveloped-dsa.xml
signature-enveloping-b64-dsa.xml
signature-enveloping-dsa.xml
signature-enveloping-hmac-sha1-40.xml
signature-enveloping-hmac-sha1.xml
signature-enveloping-rsa.xml
signature-external-b64-dsa.xml
signature-external-dsa.xml - The signatures
signature-*-c14n-*.txt - The intermediate c14n output
3. Varying key information:
To resolve the key associated with the KeyName in `signature-keyname.xml'
you must perform a cunning transformation from the name `Xxx' to the
certificate that resides in the directory `certs/' that has a subject name
containing the common name `Xxx', which happens to be in the file
`certs/xxx.crt'.
To resolve the key associated with the X509Data in `signature-x509-is.xml',
`signature-x509-ski.xml' and `signature-x509-sn.xml' you need to resolve
the identified certificate from those in the `certs' directory.
In `signature-x509-crt-crl.xml' an X.509 CRL is present which has revoked
the X.509 certificate used for signing. So verification should be
qualified.
signature-keyname.xml
signature-retrievalmethod-rawx509crt.xml
signature-x509-crt-crl.xml
signature-x509-crt.xml
signature-x509-is.xml
signature-x509-ski.xml
signature-x509-sn.xml - The signatures
certs/*.crt - The certificates
Merlin Hughes <merlin@baltimore.ie>
Baltimore Technologies, Ltd.
http://www.baltimore.com/
Thursday, April 4, 2002
|