You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by John Smith <js...@gmail.com> on 2014/02/16 20:24:42 UTC

Using XML Encryption and Signature

Can someone point me to some examples of using XML Encryption and Signature
together in JAVA?  Is there a benefit to signing a document if the entire
document is encrypted?

Thanks,

John

Re: Using XML Encryption and Signature

Posted by "Cantor, Scott" <ca...@osu.edu>.

On 2/16/14, 2:24 PM, "John Smith" <js...@gmail.com> wrote:

>Can someone point me to some examples of using XML Encryption and
>Signature together in JAVA?  Is there a benefit to signing a document if
>the entire document is encrypted?

The usual encryption algorithms used do not guarantee integrity, and there
are attacks related to this. Newer algorithms like AES-GCM include a MAC
in the encryption step. But integrity alone, without a path to an
attributed key, does not authenticate the source of a document. They are
simply unrelated functions for different purposes.

-- Scott