Jesse, thanks for that. "Write it out" :- Yes, I meant serialize. For our purposes, the problems of canonicalization should be sorted, as we have already done some normalisation of our DOMDocuments, so I will probably stay with the current approach. However it's a shame (IMO) that DOM API cannot return some sort of signature :D
On 6 May 2011, at 14:17, Jesse Pelton wrote: > XML Digital Signature requires a rigorous solution to the > canonicalization problem in order to make hashing work. (See > http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/ and > http://www.w3.org/TR/2001/REC-xml-c14n-20010315.) One implementation is > Apache Santuario (http://santuario.apache.org/cindex.html). It might be > useful. > > If you decide to do your own thing, it's worth reviewing the DSig spec > to make sure you handle all the cases. > > You'll need to do some sort of serialization in order to do a hash. > "Write it out" sounds like you mean to write to disk, which is not > necessary.
smime.p7s
Description: S/MIME cryptographic signature
