That is possible with Apache api, not JSR 105. You need to get <SignedInfo> as string and create a digest of it based on digest algorithm on SignatureMethod. To fill in blanks(reference digest values) in SignedInfo first, ask signedInfo to generateDigestValues. The digest/hasg is the piece of data you want.
Eric On Tue, Aug 30, 2011 at 5:45 AM, Ricardo Borillo <[email protected]> wrote: > Hi Sean, > > Thanks for your clarification :) > Do you think this scenario could be accomplished outside the standard > interfaces with some inheritance on DOMXMLSignature class? > > --- > Salut, > ==================================== > Ricardo Borillo Domenech > http://xml-utils.com / http://twitter.com/borillo > > > > On Mon, Aug 29, 2011 at 15:42, Sean Mullan <[email protected]> wrote: > > The JSR 105 API (java.xml.crypto) allows you to separately generate the > hash > > value for a Reference, but not for a SignedInfo. If this is useful, see > > > http://download.oracle.com/javase/7/docs/api/javax/xml/crypto/dsig/XMLSignatureFactory.html#newReference%28java.lang.String,%20javax.xml.crypto.dsig.DigestMethod,%20java.util.List,%20java.lang.String,%20java.lang.String,%20byte[]%29 > > > > --Sean > > > > On 8/29/11 9:30 AM, Ricardo Borillo wrote: > >> Hi all, > >> > >> Is it possible with Apache Santuario to generate the hash value of a > >> canonicalized SignedInfo, then encrypt this hash with a RSA key in a > >> separate process and set back the result as the SignatureValue to the > >> orginal signature? > >> > >> We are developing a cryptographic applet. Now we generate the full xml > >> signature in the client, but it would be nice to complete the > >> signature process in two phases. In the first one, a server process > >> should init the structure of the xml signature and in the second one, > >> the client applet sign the proper hash with a simple RAW RSA > >> signature. > >> > >> Is this scenario possible? > >> > >> Thanks all in advance :) > >> > >> --- > >> Salut, > >> ==================================== > >> Ricardo Borillo Domenech > >> http://xml-utils.com / http://twitter.com/borillo > > >
