Menu
▾
▴
[Neuclear-develop] neuclear-xmlsig/xdocs bdg.xml,NONE,1.1 interop.xml,NONE,1.1 credits.xml,1.1.1.1,1.2 index.xml,1.4,1.5 installation.xml,1.2,1.3 navigation.xml,1.1.1.1,1.2 overview.xml,1.1.1.1,NONE
|
From: Pelle B. <pe...@us...> - 2004-03-23 21:01:31
|
Update of /cvsroot/neuclear/neuclear-xmlsig/xdocs In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv29273/xdocs Modified Files: credits.xml index.xml installation.xml navigation.xml Added Files: bdg.xml interop.xml Removed Files: overview.xml Log Message: Added ExternalSignature and further Javadocs. Added Busy Developers Guide and Interop guide. Ready for release. --- overview.xml DELETED --- Index: index.xml =================================================================== RCS file: /cvsroot/neuclear/neuclear-xmlsig/xdocs/index.xml,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** index.xml 12 Dec 2003 23:53:20 -0000 1.4 --- index.xml 23 Mar 2004 20:51:01 -0000 1.5 *************** *** 2,12 **** <document> ! <properties> ! <title>NeuClear.org - XML Signatures</title> ! <author email="pe...@ne...">Pelle Braendgaard</author> ! </properties> ! <body> ! <section name="[12th of December 2003] Release 0.11"> <p> Panama City, 12th of December, 2003. We are happy to announce --- 2,31 ---- <document> ! <properties> ! <title>NeuClear.org - XML Signatures</title> ! <author email="pe...@ne...">Pelle Braendgaard</author> ! </properties> ! <body> ! <section name="[23rd of March 2004] Release 0.12"> ! <p> ! Panama City, 23rd of March 2004. We are happy to announce ! the 0.12 release of NeuClear XMLSIG. Major new features are: ! </p> ! <ul> ! <li>Improved verification of Reference Types</li> ! <li>Simpler API</li> ! <li>Support for X509 Certificates</li> ! <li>Improved Interoperability</li> ! </ul> ! <p> ! <a href="http://jira.neuclear.org/secure/ReleaseNote.jspa?projectId=10020&styleName=Html&version=10051">See full list.</a> ! </p> ! <p> ! <a href="http://sourceforge.net/project/showfiles.php?group_id=90470">Download it today and join in the NeuClear revolution</a>. ! </p> ! </section> ! ! <section name="[12th of December 2003] Release 0.11"> <p> Panama City, 12th of December, 2003. We are happy to announce *************** *** 27,31 **** Several minor improvements through the code, but the big news is that most code unrelated to XML has been moved into the sister ! library <a href="http://neuclear.org/commons/">NeuClear Commons</a> library. Making this a required library now. </p> --- 46,51 ---- Several minor improvements through the code, but the big news is that most code unrelated to XML has been moved into the sister ! library ! <a href="http://old.neuclear.org/commons/">NeuClear Commons</a> library. Making this a required library now. </p> *************** *** 48,53 **** <li>Canonical XML</li> <li>Canonical XML With Comments</li> ! <li><tt>RSAKeyValue</tt></li> ! <li><tt>DSAKeyValue</tt></li> </ul> Missing but coming soon are: --- 68,77 ---- <li>Canonical XML</li> <li>Canonical XML With Comments</li> ! <li> ! <tt>RSAKeyValue</tt> ! </li> ! <li> ! <tt>DSAKeyValue</tt> ! </li> </ul> Missing but coming soon are: *************** *** 56,62 **** <li>XPath Transforms (Already written but not integrated)</li> <li>HMAC-SHA1 MAC</li> ! <li><tt>X509Data</tt></li> </ul> ! Thanks to <a href="mailto:ra...@co...">Ramses Morales</a> for lots of help with this release. Ramses has been added as developer/comitter on the project. </p> --- 80,89 ---- <li>XPath Transforms (Already written but not integrated)</li> <li>HMAC-SHA1 MAC</li> ! <li> ! <tt>X509Data</tt> ! </li> </ul> ! Thanks to ! <a href="mailto:ra...@co...">Ramses Morales</a> for lots of help with this release. Ramses has been added as developer/comitter on the project. </p> *************** *** 72,83 **** </p> </section> ! <section name="Introduction"> ! <p> ! XML Signature API is a simple implementation of the XML-Signature standard from <a href="http://www.w3c.org">W3C</a>. The main difference of this over Apache's implementation is that it uses Dom4J and hopefully should be faster. This has never been verified so take it with a grain of salt. </p> ! </section> ! </body> </document> --- 99,111 ---- </p> </section> ! <section name="Introduction"> ! <p> ! XML Signature API is a simple implementation of the XML-Signature standard from ! <a href="http://www.w3c.org">W3C</a>. The main difference of this over Apache's implementation is that it uses Dom4J and hopefully should be faster. This has never been verified so take it with a grain of salt. </p> ! </section> ! </body> </document> Index: installation.xml =================================================================== RCS file: /cvsroot/neuclear/neuclear-xmlsig/xdocs/installation.xml,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** installation.xml 12 Nov 2003 13:59:37 -0000 1.2 --- installation.xml 23 Mar 2004 20:51:01 -0000 1.3 *************** *** 2,18 **** <document> ! <properties> ! <title>Installing and Building</title> ! <author email="pe...@ne...">Pelle Braendgaard</author> ! </properties> ! <body> ! <section name="Requirements"> <p> The three main requirements for the library is: <ul> ! <li><a href="http://www.bouncycastle.org">Bouncy Castle Crypto</a></li> ! <li><a href="http://www.dom4j.org">Dom4J</a></li> ! <li><a href="http://neuclear.org/commons/">NeuClear Commons</a></li> </ul> With Dom4J make sure you include the full jar in your classpath. --- 2,24 ---- <document> ! <properties> ! <title>Installing and Building</title> ! <author email="pe...@ne...">Pelle Braendgaard</author> ! </properties> ! <body> ! <section name="Requirements"> <p> The three main requirements for the library is: <ul> ! <li> ! <a href="http://www.bouncycastle.org">Bouncy Castle Crypto</a> ! </li> ! <li> ! <a href="http://www.dom4j.org">Dom4J</a> ! </li> ! <li> ! <a href="http://old.neuclear.org/commons/">NeuClear Commons</a> ! </li> </ul> With Dom4J make sure you include the full jar in your classpath. *************** *** 27,31 **** </p> <p> ! You also will need to edit your <tt>$JAVA_HOME/jre/lib/security/java.security</tt> file as well. Adding the following line: </p> <source>security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider </source> --- 33,38 ---- </p> <p> ! You also will need to edit your ! <tt>$JAVA_HOME/jre/lib/security/java.security</tt> file as well. Adding the following line: </p> <source>security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider </source> *************** *** 34,38 **** <section name="Building"> <p> ! To build anything within the NeuClear framework you first need to install <a href="http://jakarta.apache.org/turbine/maven/">Maven</a>. Follow their installation instructions and you should be ok. I haven't tried this under windows yet, but I'm guessing it should work fine. --- 41,46 ---- <section name="Building"> <p> ! To build anything within the NeuClear framework you first need to install ! <a href="http://jakarta.apache.org/turbine/maven/">Maven</a>. Follow their installation instructions and you should be ok. I haven't tried this under windows yet, but I'm guessing it should work fine. *************** *** 57,61 **** <source>~/projects/neuclear-xmlsig> maven jar:install</source> <p> ! If you use <a href="http://intellij.com">IntelliJ IDEA</a> maven will create a project file for you automatically: </p> <source>~/projects/neuclear-xmlsig> maven idea</source> --- 65,70 ---- <source>~/projects/neuclear-xmlsig> maven jar:install</source> <p> ! If you use ! <a href="http://intellij.com">IntelliJ IDEA</a> maven will create a project file for you automatically: </p> <source>~/projects/neuclear-xmlsig> maven idea</source> Index: navigation.xml =================================================================== RCS file: /cvsroot/neuclear/neuclear-xmlsig/xdocs/navigation.xml,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -C2 -d -r1.1.1.1 -r1.2 *** navigation.xml 11 Nov 2003 16:33:52 -0000 1.1.1.1 --- navigation.xml 23 Mar 2004 20:51:01 -0000 1.2 *************** *** 1,22 **** <project name="neuclear" repository="neuclear" href="http://neuclear.org"> ! <title>NeuClear - XML Signature Library</title> ! <body> ! <links> <item name="NeuClear" href="http://neuclear.org"/> ! <item name="Wiki" href="http://wiki.neuclear.org/"/> ! <item name="Talk.org" href="http://talk.org"/> ! <item name="SourceForge" href="http://sourceforge.net/projects/neuclear/"/> ! </links> ! <menu name="NeuClear - XMLSig"> ! <item name="Front Page" href="/index.html"/> ! <item name="Overview" href="/overview.html"/> <item name="Installation" href="/installation.html"/> <item name="Credits and Dependencies" href="/credits.html"/> ! <item name="Downloads" href="http://sourceforge.net/project/showfiles.php?group_id=90470"/> ! <item name="SourceForge" href="http://sourceforge.net/projects/neuclear/"/> ! </menu> ! </body> </project> --- 1,24 ---- <project name="neuclear" repository="neuclear" href="http://neuclear.org"> ! <title>NeuClear - XML Signature Library</title> ! <body> ! <links> <item name="NeuClear" href="http://neuclear.org"/> ! <item name="Issue Tracking" href="http://jira.neuclear.org"/> ! <item name="Talk.org" href="http://talk.org"/> ! <item name="SourceForge" href="http://sourceforge.net/projects/neuclear/"/> ! </links> ! <menu name="NeuClear - XMLSig"> ! <item name="Front Page" href="/index.html"/> ! ! <item name="Interoperability" href="/interop.html"/> ! <item name="Busy Developers Guide" href="/bdg.html"/> <item name="Installation" href="/installation.html"/> <item name="Credits and Dependencies" href="/credits.html"/> ! <item name="Downloads" href="http://sourceforge.net/project/showfiles.php?group_id=90470"/> ! <item name="SourceForge" href="http://sourceforge.net/projects/neuclear/"/> ! </menu> ! </body> </project> --- NEW FILE: bdg.xml --- <?xml version="1.0"?> <document> <properties> <title>Overview</title> <author email="pe...@ne...">Pelle Braendgaard</author> </properties> <body> <section name="Introduction"> <p> The API was designed for absolute simplicity. Almost everything can be done through several simple Static methods in <a href="apidocs/org/neuclear/xml/xmlsec/XMLSecTools.html">org.neuclear.xml.xmlsec.XMLSecTools</a>. </p> </section> <section name="Signing of XML Documents"> <p> To sign a piece of XML you need two things: <ul> <li>A <a href="http://www.dom4j.org">Dom4J</a> XML <a href="http://www.dom4j.org/apidocs/org/dom4j/Element.html">Element</a> </li> <li>An RSA Private Key</li> </ul> Look at the following code snippet for an example: </p> <source><![CDATA[// First we'll create a KeyPair KeyPair kp=CryptoTools.createTinyRSAKeyPair(); Document doc=DocumentHelper.parseText("<test><test2/></test>"); Element elem=doc.getRootElement(); EnvelopedSignature envsig=new EnvelopedSignature(kp,elem); System.out.println(doc.asXML());]]> </source> <p>This will leave you with the Element looking like this</p> <source> <![CDATA[<?xml version="1.0" encoding="UTF-8"?> <test><test2/><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference><ds:Transforms><ds:Transform ds:Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform ds:Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></ds:Transforms> <ds:DigestMethod ds:Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue> B/P2qMqBvrZCYSa5RDuKHY9s8j4= </ds:DigestValue></ds:Reference> </ds:SignedInfo> <ds:SignatureValue>gIYL0CM6xeniLgqRqPqsFEFx7Rrv7vKvW/sBlgoCyn7BlX+OTizulwGOFmw3Q9H5vFcSfFjTO8Y1TJcnIMnKzg==</ds:SignatureValue> <ds:KeyInfo><ds:KeyValue><ds:RSAKeyValue><ds:Modulus> zi2oiVe/tXSsGe8U1zT6znn2kFG3FXwjZ+NW8l2GcTd9zt1Y3dpScbUzzvbeQqfUw0uzPetRrK6h fhCeo4D0Uw== </ds:Modulus> <ds:Exponent> AQAB </ds:Exponent> </ds:RSAKeyValue> </ds:KeyValue> </ds:KeyInfo> </ds:Signature></test>]]> </source> <p> This is what is known as an EnvelopedSignature, which simply speaking means that the XML element contains an embedded signature. This is the most usefull way of adding signatures to existing xml based applications. Once you have created an EnvelopedSignature. The signature is now a child of the Element that you passed to it. Remember if you make any further changes to your Document the signature will fail. </p> </section> <section name="Verification of XMLSignatures"> <p> To Verify you need an Element contaning an embedded XML signature and a Public Key in its KeyInfo. </p> <source><![CDATA[try { EnvelopedSignature verified=new EnvelopedSignature(elem); } catch (InvalidSignatureException e) { System.err.println("Invalid Signature"); } ]]></source> </section> <section name="Data Object Signatures"> <p> Another common form of the XML Signature is the Data Object Signature. This is a type of signature known as Enveloping XML Signature. What this means is that the top level element of the Document is now the Signature element and the data is enveloped within the signature. </p> <p> A common scenario of Enveloping Signatures are Data Object Signatures. The element that you wish to sign is known as the Data Object and is included in a Object element within the signature. </p> <source><![CDATA[ KeyPair kp=CryptoTools.createTinyRSAKeyPair(); Document doc=DocumentHelper.parseText("<test><test2/></test>"); Element elem=doc.getRootElement(); DataObjectSignature datasig=new DataObjectSignature(kp,elem); Element sigelem=datasig.getElement(); System.out.println(sigelem.asXML()); ]]></source> <p> Verification is done similarly to EnvelopedSignatures. You just pass the element to the constructor: </p> <source><![CDATA[try { DataObjectSignature verified=new DataObjectSignature(elem); } catch (InvalidSignatureException e) { System.err.println("Invalid Signature"); } ]]></source> </section> <section name="External URL Signatures"> <p> A third common form of the XML Signature is the External Signature. This signs some external data that is referenced through a URL. You can use this to perform a signature of any url that is compliant with the Java URL class. Such as http, https, ftp etc and file. </p> <source><![CDATA[ KeyPair kp=CryptoTools.createTinyRSAKeyPair(); ExternalSignature extsig=new ExternalSignature(kp,""http://www.w3.org/TR/2000/WD-xml-c14n-20001011"); Element sigelem=extsig.getElement(); System.out.println(sigelem.asXML()); ]]></source> <p> Verification is done similarly to EnvelopedSignatures. You just pass the element to the constructor: </p> <source><![CDATA[try { ExternalSignature verified=new ExternalSignature(elem); } catch (InvalidSignatureException e) { System.err.println("Invalid Signature"); } ]]></source> </section> <section name="Reference Security Restrictions"> <p> The XML Signature standard is very flexible and can be used for all sorts of applications, however the down fall of this flexibility is that it leaves a large responsibility on the application designers that most people miss. This has got to do with the way the standard specifies References (what is signed essentially). A common but very serious security problem with XML Signatures are not checking what exactly is signed. </p> <p> As opposed to most other implementations we have decided to impose some restrictions on what is possible. You can use. Most common types of digital signatures (see above) have got specific Java constructors to both verify and create them safely. If you have certain needs not met by these you can create your own subclasses of XMLSignature to handle this. We include a class called AnyXMLSignature. This should never be used in production environments. This will verify arbitrary signatures. It is included for compliance testing only. Please DO NOT USE. </p> </section> <section name="Canonicalization"> <p> To Canonicalize a document according to <a href="http://www.w3.org/TR/2000/WD-xml-c14n-20001011">Canonical XML</a>. You need a document and a Writer. </p> <source><![CDATA[ Canonicalizer canon=new Canonicalizer(writer);//writer is a preinitialized instance of a java.io.Writer canon.canonicalize(doc); // Canonicalizes the document or element and outputs it to the writer ]]></source> </section> <!-- <section name="Encoding Public Key's in XML Documents"> <p> </p> </section>--> </body> </document> Index: credits.xml =================================================================== RCS file: /cvsroot/neuclear/neuclear-xmlsig/xdocs/credits.xml,v retrieving revision 1.1.1.1 retrieving revision 1.2 diff -C2 -d -r1.1.1.1 -r1.2 *** credits.xml 11 Nov 2003 16:33:52 -0000 1.1.1.1 --- credits.xml 23 Mar 2004 20:51:01 -0000 1.2 *************** *** 2,22 **** <document> ! <properties> ! <title>Credits and Dependencies</title> ! <author email="pe...@ne...">Pelle Braendgaard</author> ! </properties> ! <body> ! <section name="Dependencies"> <p> We are currently using the following libraries quite heavily: <ul> ! <li><a href="http://www.bouncycastle.org">Bouncy Castle for Crypto</a></li> ! <li><a href="http://www.dom4j.org">Dom4J - XML API</a></li> ! <li><a href="http://jakarta.apache.org/turbine/maven/">Maven - for Building</a></li> ! <li><a href="http://www.opensymphony.org">OpenSymphony - OSCore</a></li> ! <li><a href="http://jakarta.apache.org/commons/regexp/">Apache Jakarta Commons RegExp</a></li> ! <li><a href="http://jakarta.apache.org/commons/cli/">Apache Jakarta Commons CLI</a></li> ! </ul> </p> --- 2,25 ---- <document> ! <properties> ! <title>Credits and Dependencies</title> ! <author email="pe...@ne...">Pelle Braendgaard</author> ! </properties> ! <body> ! <section name="Dependencies"> <p> We are currently using the following libraries quite heavily: <ul> ! <li> ! <a href="http://www.bouncycastle.org">Bouncy Castle for Crypto</a> ! </li> ! <li> ! <a href="http://www.dom4j.org">Dom4J - XML API</a> ! </li> ! <li> ! <a href="http://jakarta.apache.org/turbine/maven/">Maven - for Building</a> ! </li> ! </ul> </p> *************** *** 24,28 **** <section name="Credits"> <p> ! This is inspired by <a href="http://xml.apache.org">XML-Security</a> package for XML-Signatures. But when we went from using DOM to Dom4J, we decided to write our own implementation ontop of Dom4J. While we have rewritten most things we owe a debt of gratitude for the inspiration from XML-Security. In a few cases we simply ported the apache code to dom4j. I'm not 100% sure of the --- 27,32 ---- <section name="Credits"> <p> ! This is inspired by ! <a href="http://xml.apache.org">XML-Security</a> package for XML-Signatures. But when we went from using DOM to Dom4J, we decided to write our own implementation ontop of Dom4J. While we have rewritten most things we owe a debt of gratitude for the inspiration from XML-Security. In a few cases we simply ported the apache code to dom4j. I'm not 100% sure of the --- NEW FILE: interop.xml --- <?xml version="1.0"?> <document> <properties> <title>Interopability</title> <author email="pe...@ne...">Pelle Braendgaard</author> </properties> <body> <section name="Overview"> <p> This library was written to support the <a href="http://neuclear.org">NeuClear</a> project. As such most of the features of our support of the standard are designed to support the needs of this project. We provide interoperability of all the features that we need and then some. However we do not offer full interoperability as there are features that we will never use in NeuClear. If anyone wants to implement them, please let us know and we will happily include them. </p> </section> <section name="Missing Features"> <p> Missing features as required by the W3C Standard on <a href="http://www.w3.org/2000/09/xmldsig">XML Signatures</a> are: <ul> <li>Exclusive Canonicalization</li> <li>Most PKI related functionality</li> <li>Any external Public Key</li> <li>HMAC support</li> </ul> </p> </section> <section name="Interops"> <p> <table cellpadding="2" cellspacing="2" border="1"> <tbody> <tr> <td valign="top" align="left"> <b>Features and algorithms <br/> </b> </td> <td valign="top" align="left"> <b>Key Word <br/> </b> </td> <td valign="top" align="left"> <b>NeuClear XMLSig version 0.6 </b> </td> </tr> <tr> <td valign="top" align="left"> <a class="link-def" href="http://www.w3.org/TR/2000/WD-xmldsig-core-20001012/#def-SignatureDetac%20hed"> Detached</a> Signature <br/> </td> <td valign="top" align="left">MUST <br/> </td> <td valign="top" align="left">Y <br/> </td> </tr> <tr> <td valign="top" align="left"> <a class="link-def" href="http://www.w3.org/TR/2000/WD-xmldsig-core-20001012/#def-SignatureEnveloping"> Enveloping</a> Signature: same document reference with fragment (URI="#Object1") <br/> </td> <td valign="top" align="left">MUST <br/> </td> <td valign="top" align="left">Y <br/> </td> </tr> <tr> <td valign="top" align="left"> <a class="link-def" href="http://www.w3.org/TR/2000/WD-xmldsig-core-20001012/#def-SignatureEnvel%20oped"> Enveloped</a> Signature: same document reference (URI="") with <a href="http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html#sec-EnvelopedSignature"> Enveloped Signature Transform</a> . <br/> </td> <td valign="top" align="left">MUST <br/> </td> <td valign="top" align="left">Y <br/> </td> </tr> <tr> <td valign="top" align="left"> <a href="http://www.w3.org/TR/2000/WD-xmldsig-core-20001012/#sec-SignatureValue%20"> SignatureValue</a> generation/validation <br/> </td> <td valign="top" align="left">MUST <br/> </td> <td valign="top" align="left">Y <br/> </td> </tr> <tr> <td valign="top" align="left"> <a href="http://www.w3.org/TR/xmldsig-core/#sec-Manifest"> Manifest</a> DigestValue generation/valdiation <br/> </td> <td valign="top" align="left">MAY</td> <td valign="top" align="left">N <br/> </td> </tr> <tr> <td valign="top" align="left"> Feature: <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature"> laxly schema valid Signature element</a> generation <br/> </td> <td valign="top" align="left">MUST <br/> </td> <td valign="top" align="left">Y <br/> </td> </tr> <tr> <td valign="top" align="left"> <a href="http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel"> XPointers</a> '#xpointer(/)' <br/> </td> <td valign="top" align="left">SHOULD <br/> </td> <td valign="top" align="left">Y <br/> </td> </tr> <tr> <td valign="top" align="left"> <a href="http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel"> XPointers</a> '#xpointer(id(" <em>ID</em>"))' <br/> </td> <td valign="top" align="left">SHOULD <br/> </td> <td valign="top" align="left">N <br/> </td> </tr> <tr> <td valign="top" align="left"> <a href="http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel"> XPointers</a>: full suppport </td> <td valign="top" align="left">MAY <br/> </td> <td valign="top" align="left">N <br/> </td> </tr> <tr> <td valign="top" align="left"> <a href="http://www.w3.org/TR/xmldsig-core/#sec-XPath"> XPath</a> <br/> </td> <td valign="top" align="left">SHOULD <br/> </td> <td valign="top" align="left">Y <br/> </td> </tr> <tr> <td valign="top" align="left"> the dsig <a href="http://www.w3.org/TR/xmldsig-core/#sec-XPath"> XPath 'here()'</a> function (can be used to implement enveloped signature) <br/> </td> <td valign="top" align="left">SHOULD <br/> </td> <td valign="top" align="left">Y <br/> </td> </tr> <tr> <td valign="top" align="left"> XSLT (note, the child <code> XSLT</code> element of Transform has been deprecated.) <br/> </td> <td valign="top" align="left">MAY <br/> </td> <td valign="top" align="left">N <br/> </td> </tr> <tr> <td valign="top" align="left"> RetrievalMethod (e.g., X509Data) <br/> </td> <td valign="top" align="left">SHOULD <br/> </td> <td valign="top" align="left">N <br/> </td> </tr> <tr> <td valign="top" align="left"> <a href="http://www.w3.org/2000/09/xmldsig#sha1"> SHA1</a> <br/> </td> <td valign="top" align="left">MUST <br/> </td> <td valign="top" align="left">Y <br/> </td> </tr> <tr> <td valign="top" align="left"> <a href="http://www.w3.org/2000/09/xmldsig#base64"> Base64</a> <br/> </td> <td valign="top" align="left">MUST <br/> </td> <td valign="top" align="left">N <br/> </td> </tr> <tr> <td valign="top" align="left"> <a href="http://www.w3.org/2000/09/xmldsig#hmac-sha1"> HMAC-SHA1</a> <br/> </td> <td valign="top" align="left">MUST <br/> </td> <td valign="top" align="left">N <br/> </td> </tr> <tr> <td valign="top" align="left"> <a href="http://www.w3.org/2000/09/xmldsig#dsa"> DSAwithSHA1 <br/> (DSS) </a> <br/> </td> <td valign="top" align="left">MUST <br/> </td> <td valign="top" align="left">Y <a href="#dsa-sha1"></a> <br/> </td> </tr> <tr> <td valign="top" align="left"> <a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1"> RSAwithSHA1</a> <br/> </td> <td valign="top" align="left">SHOULD <br/> </td> <td valign="top" align="left">Y <br/> </td> </tr> <tr> <td valign="top">X509 support <br/> </td> <td valign="top">SHOULD <br/> </td> <td valign="top">Limited to verifying with embedded X509 certificates. <br/> </td> </tr> <tr> <td valign="top" align="left"> <a href="http://www.w3.org/2000/09/xmldsig#minimal"> minimal</a> (deprecated) <br/> </td> <td valign="top" align="left">n/a <br/> </td> <td valign="top" align="left">N <br/> </td> </tr> <tr> <td valign="top" align="left"> <a href="http://www.w3.org/TR/2000/WD-xml-c14n-20001011"> Canonical XML</a> (20010315) <br/> </td> <td valign="top" align="left">MUST <br/> </td> <td valign="top" align="left">Y <br/> </td> </tr> <tr> <td valign="top" align="left"> <a href="http://www.w3.org/TR/2000/WD-xml-c14n-20001011"> Canonical XML</a> with comments <br/> </td> <td valign="top" align="left">SHOULD <br/> </td> <td valign="top" align="left">Y <br/> </td> </tr> <tr> <td valign="top" align="left"> <a href="http://www.w3.org/TR/2002/CR-xml-exc-c14n-20020212"> Exlusive Canonical XML</a> <br/> </td> <td valign="top" align="left">SHOULD <br/> </td> <td valign="top" align="left">N <br/> </td> </tr> <tr> <td valign="top" align="left"> <a href="http://www.w3.org/TR/2002/CR-xml-exc-c14n-20020212"> Exlusive Canonical XML</a> with comments <br/> </td> <td valign="top" align="left">SHOULD <br/> </td> <td valign="top" align="left">N <br/> </td> </tr> <tr> <td valign="top" align="left"> <a href="http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html#sec-EnvelopedSignature"> Enveloped Signature</a> <br/> </td> <td valign="top" align="left">MUST <br/> </td> <td valign="top" align="left">Y <br/> </td> </tr> </tbody> </table> </p> </section> </body> </document> |
