C
chambersdon
I have an application that requires digital signatures and I need to
add the ability to export my data so that it can be read in version
6.5 of the PureEdge Viewer. The PureEdge document format is XFDL and
the only version of the spec I can find is from back in 1998 at:
http://www.w3.org/TR/NOTE-XFDL
My problem is with generating the mimedata for the digital signature
in XFDL. My understanding is that this is what I need to do (from
section 6.25 of the spec):
1. Create a plain text version of the portion of the form to be
signed.
2. Hash this plain text description.
3. Sign the hash with the signer’s private key.
4. Include the signed hash and the signer’s public key in the
mimedata option.
5. Base64 encode the mimedata.
My problem is with step 1. I’m not sure what I should be hashing.
Should I hash the entire XML (tags and all)? Or should it just be the
text value between the tags? Do I include the attributes? If I hash
the entire XML, how do I handle end of line characters?
I also have a problem with step 4. I’m not sure how to include both
the signed hash and the public key. Do I just concatenate them?
I’ve tried working backwards with an existing file and I can decode it
but I can’t figure out where the signed portion ends and the public
key begins. And even, if I figure this out and can decrypt the
signature with the public key it will only give me a hash, which I
can’t undo.
I can’t find very much documentation on this and I’ve been stuck on
these steps for almost a week. I would appreciate any input I can
get.
Thanks,
Don
add the ability to export my data so that it can be read in version
6.5 of the PureEdge Viewer. The PureEdge document format is XFDL and
the only version of the spec I can find is from back in 1998 at:
http://www.w3.org/TR/NOTE-XFDL
My problem is with generating the mimedata for the digital signature
in XFDL. My understanding is that this is what I need to do (from
section 6.25 of the spec):
1. Create a plain text version of the portion of the form to be
signed.
2. Hash this plain text description.
3. Sign the hash with the signer’s private key.
4. Include the signed hash and the signer’s public key in the
mimedata option.
5. Base64 encode the mimedata.
My problem is with step 1. I’m not sure what I should be hashing.
Should I hash the entire XML (tags and all)? Or should it just be the
text value between the tags? Do I include the attributes? If I hash
the entire XML, how do I handle end of line characters?
I also have a problem with step 4. I’m not sure how to include both
the signed hash and the public key. Do I just concatenate them?
I’ve tried working backwards with an existing file and I can decode it
but I can’t figure out where the signed portion ends and the public
key begins. And even, if I figure this out and can decrypt the
signature with the public key it will only give me a hash, which I
can’t undo.
I can’t find very much documentation on this and I’ve been stuck on
these steps for almost a week. I would appreciate any input I can
get.
Thanks,
Don