The JSR 105 API (java.xml.crypto) allows you to separately generate the hash value for a Reference, but not for a SignedInfo. If this is useful, see http://download.oracle.com/javase/7/docs/api/javax/xml/crypto/dsig/XMLSignatureFactory.html#newReference%28java.lang.String,%20javax.xml.crypto.dsig.DigestMethod,%20java.util.List,%20java.lang.String,%20java.lang.String,%20byte[]%29
--Sean On 8/29/11 9:30 AM, Ricardo Borillo wrote: > Hi all, > > Is it possible with Apache Santuario to generate the hash value of a > canonicalized SignedInfo, then encrypt this hash with a RSA key in a > separate process and set back the result as the SignatureValue to the > orginal signature? > > We are developing a cryptographic applet. Now we generate the full xml > signature in the client, but it would be nice to complete the > signature process in two phases. In the first one, a server process > should init the structure of the xml signature and in the second one, > the client applet sign the proper hash with a simple RAW RSA > signature. > > Is this scenario possible? > > Thanks all in advance :) > > --- > Salut, > ==================================== > Ricardo Borillo Domenech > http://xml-utils.com / http://twitter.com/borillo
