Continued from page 1
An XML DSIG may contain multiple reference elements in same document
DSIG signatures may contain either signed XML object contained in XML object, or detached from signed object or document. When signed XML object envelops signature, enveloped signature value itself is not included in signature calculation and validation computation. For this you use enveloped-signature transform, removing whole signature element in which it is contained from digest calculation.
Public key digital signatures that provide nonrepudiation, such as RSA, are computationally intensive operations; therefore, DSIG also allows shared-key authentication that provides authentication but nonrepudiation. Collision resistant hashing of signed content is also used to save computational requirements.
Generating DSIG signatures: 1. Identity resources to be signed. 2. Calculating digest value and composing reference elements for each resource. 3. Composing signed info element from all references. 4. Computing value of signature method over identity resources to be signed element by applying algorithms like DSA, RSA-SHA1, etc 5. Composing signature elements with signedInfo, signature value, identity key used to sign, and other optional objects like signature properties.
An XML DSIG may contain multiple reference elements in same document.
Pawan Bangar, Technical Director, Birbals, #1047,Sector 42-b, Chandigarh. www.ebirbals.com www.birbals.com