You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Abhijit Sharma <ab...@itellix.com> on 2004/06/03 13:46:12 UTC
DigestMethod in Signature
Hi,
I was wondering if there was any way to change the default DigestMethod
( SHA-1 ) which Signature uses in WSSignEnvelope. The following
statement in WSSignEnvelope calls the XMLSignature without specifying
the DigestMethod ( one of the overloaded addDocument methods takes the
digest algorithm )
sig.addDocument("#" + setWsuId(body), transforms);
Is this something that cannot be specified while signing ? If so is
there a reason for this ?
--
Regards,
Abhijit Sharma
Re: DigestMethod in Signature
Posted by Davanum Srinivas <da...@gmail.com>.
+1 to make it configurable. BUT you will have to submit a patch :)
http://issues.apache.org/jira/
thanks,
dims
On 03 Jun 2004 17:16:12 +0530, Abhijit Sharma
<ab...@itellix.com> wrote:
>
> Hi,
>
> I was wondering if there was any way to change the default DigestMethod
> ( SHA-1 ) which Signature uses in WSSignEnvelope. The following
> statement in WSSignEnvelope calls the XMLSignature without specifying
> the DigestMethod ( one of the overloaded addDocument methods takes the
> digest algorithm )
>
> sig.addDocument("#" + setWsuId(body), transforms);
>
> Is this something that cannot be specified while signing ? If so is
> there a reason for this ?
>
> --
> Regards,
> Abhijit Sharma
>
>
Re: DigestMethod in Signature
Posted by Davanum Srinivas <da...@gmail.com>.
Yep, if you have control over both ends of the pipe, you could pretty
much do anything :) see xml-dsig spec
(http://www.w3.org/TR/xmldsig-core/#sec-Algorithms) for the mandated
list of algo's
-- dims
On Thu, 3 Jun 2004 15:08:16 +0200, Werner Dittmann
<we...@t-online.de> wrote:
>
> Abhijit ,
>
> well, the complete Signature method consists of the combination
> of the Digest Method and the PK encryption of the Digest, e.g.
> RSA and DSA. The specifications (XML Signature) requires
> the Digest to be SHA-1, encrypted with either DAS or RSA.
> Pls refer to the spec and to XMLCipher class of XML security
> library.
> If someone uses another digest method for parts of the document
> then the receiver may not be able to verify the signature.
>
> Regards,
> Werner
>
>
>
> ----- Original Message -----
> From: "Abhijit Sharma" <ab...@itellix.com>
> To: "ws-fx-Dev" <fx...@ws.apache.org>
> Sent: Thursday, June 03, 2004 1:46 PM
> Subject: DigestMethod in Signature
>
> > Hi,
> >
> > I was wondering if there was any way to change the default DigestMethod
> > ( SHA-1 ) which Signature uses in WSSignEnvelope. The following
> > statement in WSSignEnvelope calls the XMLSignature without specifying
> > the DigestMethod ( one of the overloaded addDocument methods takes the
> > digest algorithm )
> >
> > sig.addDocument("#" + setWsuId(body), transforms);
> >
> > Is this something that cannot be specified while signing ? If so is
> > there a reason for this ?
> >
> >
> > --
> > Regards,
> > Abhijit Sharma
> >
> >
>
>
Re: DigestMethod in Signature
Posted by Werner Dittmann <We...@t-online.de>.
Abhijit ,
well, the complete Signature method consists of the combination
of the Digest Method and the PK encryption of the Digest, e.g.
RSA and DSA. The specifications (XML Signature) requires
the Digest to be SHA-1, encrypted with either DAS or RSA.
Pls refer to the spec and to XMLCipher class of XML security
library.
If someone uses another digest method for parts of the document
then the receiver may not be able to verify the signature.
Regards,
Werner
----- Original Message -----
From: "Abhijit Sharma" <ab...@itellix.com>
To: "ws-fx-Dev" <fx...@ws.apache.org>
Sent: Thursday, June 03, 2004 1:46 PM
Subject: DigestMethod in Signature
> Hi,
>
> I was wondering if there was any way to change the default DigestMethod
> ( SHA-1 ) which Signature uses in WSSignEnvelope. The following
> statement in WSSignEnvelope calls the XMLSignature without specifying
> the DigestMethod ( one of the overloaded addDocument methods takes the
> digest algorithm )
>
> sig.addDocument("#" + setWsuId(body), transforms);
>
> Is this something that cannot be specified while signing ? If so is
> there a reason for this ?
>
>
> --
> Regards,
> Abhijit Sharma
>
>