Hi Sean, Thanks for your clarification :) Do you think this scenario could be accomplished outside the standard interfaces with some inheritance on DOMXMLSignature class?
--- Salut, ==================================== Ricardo Borillo Domenech http://xml-utils.com / http://twitter.com/borillo On Mon, Aug 29, 2011 at 15:42, Sean Mullan <[email protected]> wrote: > The JSR 105 API (java.xml.crypto) allows you to separately generate the hash > value for a Reference, but not for a SignedInfo. If this is useful, see > http://download.oracle.com/javase/7/docs/api/javax/xml/crypto/dsig/XMLSignatureFactory.html#newReference%28java.lang.String,%20javax.xml.crypto.dsig.DigestMethod,%20java.util.List,%20java.lang.String,%20java.lang.String,%20byte[]%29 > > --Sean > > On 8/29/11 9:30 AM, Ricardo Borillo wrote: >> Hi all, >> >> Is it possible with Apache Santuario to generate the hash value of a >> canonicalized SignedInfo, then encrypt this hash with a RSA key in a >> separate process and set back the result as the SignatureValue to the >> orginal signature? >> >> We are developing a cryptographic applet. Now we generate the full xml >> signature in the client, but it would be nice to complete the >> signature process in two phases. In the first one, a server process >> should init the structure of the xml signature and in the second one, >> the client applet sign the proper hash with a simple RAW RSA >> signature. >> >> Is this scenario possible? >> >> Thanks all in advance :) >> >> --- >> Salut, >> ==================================== >> Ricardo Borillo Domenech >> http://xml-utils.com / http://twitter.com/borillo >
