If you use the methods specified in the XML Signature specification (http://www.w3.org/TR/xmldsig-core/), there's no need to encode a magic cookie. Instead, you hash the document contents and sign the hash with a private key. (Before you do the hash, it's a really good idea to canonicalize the document per http://www.w3.org/TR/2001/REC-xml-c14n-20010315.)
When you get your document back, you use your public key to decrypt the hash, recompute the document content's hash, and compare the two hashes. If the document has been altered, the hashes will be different. This process is not trivial, in terms of code or computation, and I'm not aware of any open-source libraries that implement the spec. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 6:26 PM To: [EMAIL PROTECTED] Subject: RE: XML-document checksum Howdy, Use a digital siganture in your XML...encode some know string (known to you only into it) so users cannot edit and generate a new signature, or go whole hog and use encryption. Sid -----Original Message----- From: Ing. Hans Pesata [mailto:[EMAIL PROTECTED]] Sent: Friday, 14 June 2002 12:31 AM To: Xerces Mailinglist Subject: XML-document checksum Hi ! I am using XERCES 1.7.0 within my app which writes data into XML-files, I am using a SAX2-parser to parse the XML-documents. I want to add a checksum to the XML-documents to ensure that users are not editing the data. I am thinking about adding a element to the end of the file which carries the checksum <checksum value=xxxx/> I can imagine how to generate the checksum during writing the XML-document, but how can I do it during parsing it with my SAX2-handler ? I am overriding startElement() and endElement() but I would need access to EVERY character in the XML-file to generate the checksum which I would have to compare with the one in the XML-file. How can I do this ? Any help with this would be greatly appreciated, thanx in advance! Regards, Hans Pesata --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
