XML signature validation

  • Thread starter =?ISO-8859-15?Q?Tobias_Schr=F6er?=
  • Start date

?

=?ISO-8859-15?Q?Tobias_Schr=F6er?=

Hello everyone,

I'm stuck. I try to implement a XML data signature validation using the
javax.xml.crypto.* packages from SUN, included in JWSDP 2.0.
Differently to the examples provided with the download, my public key is
(intentionally) not included in the xml file.
The public and private keys and the signed XML file were created with a
C#.Net 1.1 application. The public key file looks like this:

<RSAKeyValue>
<Modulus>vnh1DktYlAnQw3sa31D7z01CAkG9SJlFnPGSgGw8BFJmtW6QuRu7XW+VoAei4xPVg2IzvS24CWH3xNJ4rIj2aBvyHiQbp7Td+pmwRirUPfYOzo7RGSLQLV1TO7Af3RvIkLpmqlHFdUXyWf0vGaVkag9FRHLUp3V4OY8RazM2ftM=</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>

my signed XML file looks somethimg like this:

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#obj">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>UcNGsonRBQuGcYE4wBwAukJx6Vk=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>BsisRhAVoas9dyO1fXq3D+94Hh5nVLDGMgqVXuPV5ZLa+zb6NGvjYLdIKxzwvkMSd6DCX2LVkmabz1rTdDq14bQ7znWsydAO0FZvM6OnJETnPQo8ihY3GxzGZjy22g6dOfzOIvf/F1TCSgZUNUxFglehHGUttTCjSEJ5FimHjYw=</SignatureValue>
<Object Id="obj">
<anElement>aValue</anElement>
<anotherElement>anotherValue</anElement>
</Object>
</Signature>

According to the "validate" examples of the JWSDP 2.0, I need to get the
public key, but I do not now how.

Any suggestion how to solve this in Java?

TIA
Tobi
 
Ad

Advertisements


Top