[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Signing an XML document using XMLDSIG

From: Theo Kusters <theo.kusters@xxxxxxxxxxxxxxxxxxx>
To: ftpapi@xxxxxxxxxxxxxxxxxxxxxx
Subject: Signing an XML document using XMLDSIG
Date: Wed, 8 Oct 2014 10:24:53 +0200

   Hi all,

   We have a working SOAP based webservice consumer based on the HTTPAPI.

   Now we have to extend this SOAP message with a digital signature using
   the algorithm xmldsig#enveloped-signature. It should look like this:

             <Signature xmlns="[1]http://www.w3.org/2000/09/xmldsig#";>
               <SignedInfo>

   <CanonicalizationMethod Algorithm="[2]http://www.w3.org/TR/2001/REC-xml
   -c14n-20010315"/>

   <SignatureMethod Algorithm="[3]http://www.w3.org/2000/09/xmldsig#rsa-sh
   a1"/>
                 <Reference URI="">
                   <Transforms>

   <Transform Algorithm="[4]http://www.w3.org/2000/09/xmldsig#enveloped-si
   gnature"/>
                   </Transforms>

   <DigestMethod Algorithm="[5]http://www.w3.org/2000/09/xmldsig#sha1"/>
                   <DigestValue>...</DigestValue>
                 </Reference>
               </SignedInfo>
               <SignatureValue>...</SignatureValue>
               <KeyInfo>
                 <X509Data>
                   <X509Certificate>...</X509Certificate>
                 </X509Data>
               </KeyInfo>
             </Signature>

   This is really new stuff to me. After doing some research
   ([6]http://www.di-mgt.com.au/xmldsig.html was very helpful) I think I
   have to answer the following questions.

     * How to create a canonical (C14n) XML?
     * How to compute the Message digest?
     * How to compute the Signature value?
     * How do I retrieve/compute the information for the X509Certificate
       tag?

   What I really need now is a translation to RPG based tools or examples
   how to set this up.

   Any help would be appreciated.

   Kind regards,

   Theo

   De informatie in dit e-mailbericht is vertrouwelijk. Het zonder
   toestemming openbaar maken, kopieren, verspreiden of gebruiken is
   verboden en kan onwettig zijn. Indien u dit bericht onterecht ontvangt,
   gelieve de afzender hiervan onmiddellijk op de hoogte te stellen en het
   gehele bericht uit uw systeem te verwijderen.

   This e-mail is confidential. Any unauthorized disclosure, copying,
   distribution or use is prohibited and may be unlawful. If you have
   received this communication in error, please immediately notify the
   sender and delete the entire communication from your system.

References

   1. http://www.w3.org/2000/09/xmldsig
   2. http://www.w3.org/TR/2001/REC-xml-c14n-20010315
   3. http://www.w3.org/2000/09/xmldsig#rsa-sha1
   4. http://www.w3.org/2000/09/xmldsig#enveloped-signature
   5. http://www.w3.org/2000/09/xmldsig#sha1
   6. http://www.di-mgt.com.au/xmldsig.html

-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

Follow-Ups:
- Re: Signing an XML document using XMLDSIG
  - From: Loek Maartens

Prev by Date: RE: Bank Routing Number Validation Web Service
Next by Date: RE: Bank Routing Number Validation Web Service
Previous by thread: Re: Bank Routing Number Validation Web Service
Next by thread: Re: Signing an XML document using XMLDSIG
Index(es):
- Date
- Thread