Menu
▾
▴
Re: [ebxmlms-develop] signed acknowledgments
|
From: Patrick Y. <kc...@ce...> - 2003-04-07 08:41:43
|
Yes, you can pass "dsa-sha1" or "rsa-sha1" as the algorithm parameter to = the ebxmlMessage.sign() function. And we missed this option when signing = acks. Adding a property to trigger this behavious sounds good. Gait, for the verification, there is no need to set the algorithm. = According to JavaDoc of the XML security library http://nagoya.apache.org/gump/javadoc/xml-security/build/doc/html/api/org= /apache/xml/security/signature/XMLSignature.html We can omit the SignatureMethod parameter when constructing the = XMLSignature object. Since we omit that parameter, so setting any value = in envelope will have no effect. BTW, how do you set the envelope when doing verification? Regards, -Patrick ----- Original Message -----=20 From: Gait Boxman=20 To: ebx...@li...=20 Sent: Friday, April 04, 2003 6:45 PM Subject: Re: [ebxmlms-develop] signed acknowledgments Actually, with a bit of hacking I got it to work (I think). BC is used = from apache...xml/security, where the jce classes are dynamically loaded = from an Australian ftp site to bypass US export regulations. The trick = was to pass in the 'rsa-sha1' algorithm parameter to the = ebxmlMessage.sign function. For acks, I added a property to trigger this = behaviour ( for signed messages, you can do it from the client = directly). Funny thing is that verification occurs with the envelope set = to dsa-sha1 :-), and still works fine. I guess that's because that = information sits inside the ds:Signature, which is never signed itself, = and is not used for the verification itself. I don't think I got it = quite right, yet, bit it seems to work on the loopback... ----- Original Message -----=20 From: Ronald van Kuijk=20 To: 'ebx...@li...'=20 Sent: Friday, April 04, 2003 10:50 AM Subject: RE: [ebxmlms-develop] signed acknowledgments from what i've seen the bouncycastle libraries are used in the = signature process. The rsa algorithms are probably not included due to = licensing restrictions. But thats just a wild guess -----Oorspronkelijk bericht----- Van: Gait Boxman [mailto:gai...@ti...] Verzonden: vrijdag 4 april 2003 9:27 Aan: ebx...@li... Onderwerp: Re: [ebxmlms-develop] signed acknowledgments One more question: is the limitation to DSA signatures local to my = machine (i.e. a setup problem on my part), a limitation from Hermes, or = a limitation from XMLDsig? I seem to remember we were able to use RSA in the earlier days, = and they certainly work for SSL...=20 ----- Original Message -----=20 From: Gait Boxman=20 To: ebx...@li...=20 Sent: Monday, March 31, 2003 1:56 PM Subject: [ebxmlms-develop] signed acknowledgments Hi team,=20 per ebMS2, when signed acknowledgments are requested, the = acknowledgment must contain the digests of the original (signed or = unsigned) message. AFAICT, this is currently not implemented. Is there = an easy way to add it? I've tracked down signing as far as the Apache = XML security libs, but I was hoping of an easier and faster way to add = the digests than going through three levels of API's... thnx, Gait. |
