You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by Monica Lau <ml...@yahoo.com> on 2004/10/13 05:07:16 UTC

Newbie question on HMAC signature

Hi,
 
I'm  signing an xml document using hmac-sha1.  I was just wondering what do people normally fill in for the <keyinfo> element?  I assume that you don't incorporate this <keyinfo> element into the document because you can't/shouldn't store the secret in it.  Or is there some way to incorporate this information in the xml document without compromising security?  I don't believe so, but I'm fairly new to security... 
 
Thanks for your help,
Monica
 

		
---------------------------------
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.