You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by John Smith <js...@gmail.com> on 2014/02/16 20:24:42 UTC
Using XML Encryption and Signature
Can someone point me to some examples of using XML Encryption and Signature
together in JAVA? Is there a benefit to signing a document if the entire
document is encrypted?
Thanks,
John
Re: Using XML Encryption and Signature
Posted by "Cantor, Scott" <ca...@osu.edu>.
On 2/16/14, 2:24 PM, "John Smith" <js...@gmail.com> wrote:
>Can someone point me to some examples of using XML Encryption and
>Signature together in JAVA? Is there a benefit to signing a document if
>the entire document is encrypted?
The usual encryption algorithms used do not guarantee integrity, and there
are attacks related to this. Newer algorithms like AES-GCM include a MAC
in the encryption step. But integrity alone, without a path to an
attributed key, does not authenticate the source of a document. They are
simply unrelated functions for different purposes.
-- Scott