background image

Introduction to XML Signatures

<< Service Providers | Example of an XML Signature >>
<< Service Providers | Example of an XML Signature >>
218
J
AVA
XML D
IGITAL
S
IGNATURE
API
Introduction to XML Signatures
As mentioned, an XML Signature can be used to sign any arbitrary data, whether
it is XML or binary. The data is identified via URIs in one or more Reference
elements. XML Signatures are described in one or more of three forms:
detached, enveloping, or enveloped. A detached signature is over data that is
external, or outside of the signature element itself. Enveloping signatures are sig-
natures over data that is inside the signature element, and an enveloped signature
is a signature that is contained inside the data that it is signing.
Example of an XML Signature
The easiest way to describe the contents of an XML Signature is to show an
actual sample and describe each component in more detail. The following is an
example of an enveloped XML Signature generated over the contents of an XML
document. The contents of the document before it is signed are:
<Envelope xmlns="urn:envelope">
</Envelope>
The resulting enveloped XML Signature, indented and formatted for readability,
is as follows:
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="urn:envelope">
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-
20010315#WithComments"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#dsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/
xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1"/>
<DigestValue>uooqbWYa5VCqcJCbuymBKqm17vY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>