Re: [ebxmlms-develop] Digital signatures

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
 <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
 <title></title>
</head>
<body>
But the SOAP Body of a message w/ attachment will have Manifest and
References point to the attachment. Those elements will be absent in a
message without attachment. 
 
Does this imply the DigestValue will be different? 
 
Regards, -Patrick 
 
 
 
Mayne, Peter wrote: 
<blockquote type="cite"
 cite="mid...@s-...">
 <meta http-equiv="Content-Type" content="text/html; ">
 <meta name="Generator"
 content="MS Exchange Server version 5.5.2654.45">
 <title>RE: [ebxmlms-develop] Digital signatures</title>
 An XML signature has a Reference containing a
DigestValue for each message part (envelope + payloads), and a single
SignatureValue.
 When I tried signing a document with and without an
attachment, the DigestValue for the SOAP envelope remained unchanged.
 Are you sure we're referring to the same thing? 
 PJDM 
 -- 
 Peter Mayne 
 Technology Consultant 
 Spherion Technology Solutions 
 Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 
 T: 61 2 62689727&nbsp; F: 61 2 62689777 
 -----Original Message----- 
 From: Gait Boxman [<a href="mailto:gai...@ti...">mailto:gai...@ti...</a>] 
 Sent: Wednesday, 28 May 2003 4:03 PM 
 To: <a class="moz-txt-link-abbreviated" href="mailto:ebx...@li...">ebx...@li...</a> 
 Subject: Re: [ebxmlms-develop] Digital signatures 
 
 It is, the digest is based on the transformed
envelope plus all the payloads, that's why you must do addDocument
before computing the signature.
 ----- Original Message ----- 
 From: Mayne, Peter 
 To: '<a class="moz-txt-link-abbreviated" href="mailto:ebx...@li...">ebx...@li...</a>' 
 Sent: Wednesday, May 28, 2003 1:03 AM 
 Subject: RE: [ebxmlms-develop] Digital signatures 
 
 I know, but the DigestValue for the SOAP envelope
isn't affected by the presence of payloads (is it?). If I can't get my
SOAP envelope's DigestValue to match the one that Hermes produces for
the same envelope, then there's not much point worrying about the final
signature value yet.
 PJDM 
 -- 
 Peter Mayne 
 Technology Consultant 
 Spherion Technology Solutions 
 Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 
 T: 61 2 62689727&nbsp; F: 61 2 62689777 
 -----Original Message----- 
 From: Gait Boxman [<a href="mailto:gai...@ti...">mailto:gai...@ti...</a>] 
 Sent: Tuesday, 27 May 2003 5:43 PM 
 To: <a class="moz-txt-link-abbreviated" href="mailto:ebx...@li...">ebx...@li...</a> 
 Subject: Re: [ebxmlms-develop] Digital signatures 
 
 Hi Peter, 
 you'll need to add the payloads as well, they get
computed into the digest. Either send yourself a signed message w/o
payloads, or add the payloads in the test routine with addDocument.
 --Gait. 
 ----- Original Message ----- 
 From: Mayne, Peter 
 To: '<a class="moz-txt-link-abbreviated" href="mailto:ebx...@li...">ebx...@li...</a>' 
 Sent: Tuesday, May 27, 2003 8:34 AM 
 Subject: RE: [ebxmlms-develop] Digital signatures 
 
 I've written (borrowing heavily from one of the
samples) the attached rather crude program that takes an ebXML envelope
and signs it. For input, I'm trapping a signed message from Hermes,
editing out the headers, mime boundaries, attachments, etc, removing
the signature, and using the remaining envelope.
 I've compared it to ApacheXMLDSigner.sign() and
they look similar as far as I can tell. 
 Unfortunately, the DigestValue I get is not the same
as the one that Hermes generates. (I'm not worried about attachments or
signature values yet.) Would someone care to have a quick look and spot
the differences?
 I'm not sure where XSLT comes in to it. 
 Thanks. 
 PJDM 
 -- 
 Peter Mayne 
 Technology Consultant 
 Spherion Technology Solutions 
 Level 1, 243 Northbourne Avenue, Lyneham, ACT, 2602 
 T: 61 2 62689727&nbsp; F: 61 2 62689777 
 &nbsp; 
 The information contained in this email and any
attachments to it: 
 (a) may be confidential and if you are not the
intended recipient, any interference with, 
 use, disclosure or copying of this material is
unauthorised and prohibited; and 
 (b) may contain personal information of the recipient
and/or the sender as defined 
 under the Privacy Act 1988 (Cth). Consent is hereby
given by the recipient(s) to 
 collect, hold and use such information and any
personal information contained in a 
 response to this email, for any reasonable purpose in
the ordinary course of 
 Spherion's 
 business, including forwarding this email internally
or disclosing it to a third party. All 
 personal information collected by Spherion will be
handled in accordance with 
 Spherion's Privacy Policy. If you have received this
email in error, please notify the 
 sender and delete it. 
 (c) you agree not to employ or arrange employment for
any candidate(s) supplied in 
 this email and any attachments without first entering
into a contractual agreement with 
 Spherion. You further agree not to divulge any
information contained in this document 
 to any person(s) or entities without the express
permission of Spherion. 
 
 <pre>The information contained in this email and any attachments to it:

(a) may be confidential and if you are not the intended recipient, any interference with, 
use, disclosure or copying of this material is unauthorised and prohibited; and

(b) may contain personal information of the recipient and/or the sender as defined 
under the Privacy Act 1988 (Cth). Consent is hereby given by the recipient(s) to 
collect, hold and use such information and any personal information contained in a 
response to this email, for any reasonable purpose in the ordinary course of 
Spherion's 
business, including forwarding this email internally or disclosing it to a third party. All 
personal information collected by Spherion will be handled in accordance with 
Spherion's Privacy Policy. If you have received this email in error, please notify the 
sender and delete it.

(c) you agree not to employ or arrange employment for any candidate(s) supplied in 
this email and any attachments without first entering into a contractual agreement with 
Spherion. You further agree not to divulge any information contained in this document 
to any person(s) or entities without the express permission of Spherion.

  </pre>
  </font> </blockquote>
</body>
</html>