Digital signature on xml string

Similar Messages

• Adding Digital Signature to XML strings

  Hello All ,
  i'm looking for functionality to add digital signature, encoding & decording to XML Payment fiels with encryption as well.i have searched on SDN but i havn't found any solution.
  waiting for some useful thoughts on it.
  i have see Programs SSF* as well , but it requires PSE settings which i dont want to  use .Is there any others ways to do it ?
  Thanks & Regards
  V.

  Yes, you need a certificate to sign.
  You need a special one for yourself, one that also contains your private key.
  Your message is signed with your private key (actually encrypted with it), after that anyone can see you signed it using your public key.
  Encryption works the other way round: You encrypt it with openly available public key of the recipient, but only he will be able to decrypt it with his private key.
  BTW you can create your own certificate, using Keychain Access>Certificate Assistant. The disadvantage is that they are not automatically accepted as valid, since they are not listed in the X509Anchors keychain. You have (and whoever you deal with) manually import your (public) certificate into the Keychain X509Anchors as well. Double clicking the certificate gives you the option to do so.

• Digital Signature in XML Report

  Hi Friends,
  In Oracle EBS R12, I have a custom XML report developed and running fine.
  There is a requirement to add the feature of Digital Signature in the output of this report. Please help me with the detailed steps to achieve this.
  PS: I have tried a few links from Google and Article notes from oracle support. But, no success.
  If anyone has implemented this successfully, some hints would be of great help.
  The XML report is form-16 of employees.
  Regards,
  Gursangat

  Duplicate thread (please post only once).
  How to add a digital signature in xml publisher report
  How to add a digital signature in xml publisher report

• How to validate XML Digital Signature with XML DB (o PL/SQL) in Oracle 11g

  Hi,
  Do you know if there is possibility to validate XML Digital Signature using XML DB (or PL/SQL) in Oracle 11g?
  Let say I have CLOB/XMLType containing Digitally Signed XML, and I want to validate, that thsi is proper signature. I also have public key of signer (I could store it in CLOB or file or Oracle wallet).
  Is it possible to do?
  If there is need to install additional component - then which one?
  Regards,
  Paweł

  Hi,
  this is what i got from someone...
  but the links he gave are not opening up...
  u have to place a picture there and have to load the digital signatures as Jpegs on to the server to OA top
  and have to refer them in the XML for dynamically get the signature on the reports
  when u select the properties of the picture placed in the XML template,
  there will be one tab with "URL"... in that u have to give the path for that jpegs
  Pls refer the following documents for enabling digital signature on pdf documents.
  http://iasdocs.us.oracle.com/iasdl/bi_ee/doc/bi.1013/e12187/T421739T481159.htm#5013638    (refer section 'Adding or Designating a Field for Digital Signature'
  http://iasdocs.us.oracle.com/iasdl/bi_ee/doc/bi.1013/e12188/T421739T475591.htm#5013688
  (Implementing a Digital Signature
  Is the BI Publisher installed on your instance of version 10.1.3.4 or higher?
  Pls procure a digital signature as soon as possible. The process can take time. OR we could use any certificate that you already might have OR generate a certificate using Oracle Certificate Authority for demo.

• How to add a digital signature in xml publisher report

  The problem is: There is a existing pick slip report.This is a xml publisher report and the data source is RDF. We have to add digital signature there. Now this signature is stored in a table with type Long Raw and format BMP. XML Publisher do not support Long Raw and BMP format. It supports BLOB and jpg format.
  Could you please guide how to add this signature in the existing RDF with datatype as BLOB and format as jpg.
  Please provide the steps with example.

  Hi,
  Have a look at this thread.
  Implementing electronic signatures on an existing AP check run
  Re: Implementing electronic signatures on an existing AP check run
  Regards,
  Hussein

• Use XML Digital Signature(Apache XML security) with Applet

  I have problem when I use xml-security-1_2_1 library from Apache with applet and access denied errors occur.
  6 May 2005 10:06:45 org.apache.xml.security.Init init
  SEVERE: Bad:
  java.security.AccessControlException: access denied (java.util.PropertyPermission org.apache.xml.security.resource.config read)
  bla bla....
  How should I do ? Please! T_T and thank you ..

  An applet cannot read the local file system, connect to any other computer than the one
  it came from or read properties it's not supposed to read. And I think it cannot write to any
  property.
  If you sign the applet or set up a policy for it the applet can do the same as an application
  allthough the jre will still check the stack trace if the entire stack has the same privileges
  as you signed applet.
  http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
  second post and last post for the java class file

• Hi, I am oracle apps HRMS Technical consultant.I wanted to know ,can we implement Digital Signatures in Oracle apps 11i XML Reports.if yes what is the approach to do so ? Your quick response is appreciated. Regards , Aasma Sayyad.

  Hi,
  I am Oracle Apps HRMS Technical Consultant.
  I wanted to know,if we can implement Digital Signatures in XML Reports for Oracle Apps HRMS 11i Aplication.
  If yes,what is the approach to do so.
  Your quick response is appreciated.
  Regards,
  Aasma Sayyad.

  Hi Aasma,
  The standard BI Publisher is part of EBS applications.
  Most of the EBS reports(R12) are based on BI Publisher.
  If you check the responsibility 'XML Publisher Administrator' you will see all the templates used in the application.
  Your technical team should already know this.
  On the other hand OBIEE would need separate licences.
  But for you BI Publisher would do.
  Cheers,
  Vignesh

• How to create Web Service Client from wsdl with digital signature?

  Please, help me to create Web Service Client from wsdl with digital signature. I know create Web Service client from wsdl file and I know how to add digital signature to XML with jwsdp, but I don't know how to do it together.
  Thanks.

  I'm handling security wit JAX-WS handler. So I insert "manually" ws-security tag and I encrypt (and sign) message parts.
  On client side, all works fine, but on server side I obtain:
  ---Server Inbound SOAP message---|#]
  Decrypting message and rebuilding Valuees... |#]
  Starting decrypt|#]
  . dectypted.!
  --found following string: <ns1:addiziona><num1>80</num1><num2>22222</num2></ns1:addiziona>|#]
  ...MESSAGE Restored.|#]
  <?xml version="1.0" ?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ns1="http://calculator.me.org/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><soapenv:Body><ns1:addiziona><num1>80</num1><num2>22222</num2></ns1:addiziona></soapenv:Body></soapenv:Envelope>|#]
  Error in decoding SOAP Message
  Error in decoding SOAP Message
          at com.sun.xml.ws.encoding.soap.server.SOAPXMLDecoder.toInternalMessage(SOAPXMLDecoder.java:89)
          at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.toMessageInfo(SOAPMessageDispatcher.java:187)
          at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher$SoapInvoker.invoke(SOAPMessageDispatcher.java:571)
          at com.sun.xml.ws.protocol.soap.server.SOAPMessageDispatcher.receive(SOAPMessageDispatcher.java:145)
          at com.sun.xml.ws.server.Tie.handle(Tie.java:88)
          at com.sun.enterprise.webservice.Ejb3MessageDispatcher.handlePost(Ejb3MessageDispatcher.java:160)
          at com.sun.enterprise.webservice.Ejb3MessageDispatcher.invoke(Ejb3MessageDispatcher.java:89)
          at com.sun.enterprise.webservice.EjbWebServiceServlet.dispatchToEjbEndpoint(EjbWebServiceServlet.java:178)
          at com.sun.enterprise.webservice.EjbWebServiceServlet.service(EjbWebServiceServlet.java:109)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
          at com.sun.enterprise.web.AdHocContextValve.invoke(AdHocContextValve.java:100)
          at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
          at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:71)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:182)
          at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
          at com.sun.enterprise.web.VirtualServerPipeline.invoke(VirtualServerPipeline.java:120)
          at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137)
          at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:566)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:536)
          at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:939)
          at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:231)
          at com.sun.enterprise.web.connector.grizzly.ProcessorTask.invokeAdapter(ProcessorTask.java:667)
          at com.sun.enterprise.web.connector.grizzly.ProcessorTask.processNonBlocked(ProcessorTask.java:574)
          at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:844)
          at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:287)
          at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:212)
          at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
          at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:75)
  Caused by: javax.xml.ws.soap.SOAPFaultException: Cannot find the dispatch method
          at com.sun.xml.ws.encoding.soap.SOAPDecoder.raiseFault(SOAPDecoder.java:674)
          at com.sun.xml.ws.encoding.soap.server.SOAPXMLDecoder.decodeDispatchMethod(SOAPXMLDecoder.java:152)
          at com.sun.xml.ws.encoding.soap.SOAPDecoder.decodeBodyContent(SOAPDecoder.java:337)
          at com.sun.xml.ws.encoding.soap.SOAPDecoder.decodeBody(SOAPDecoder.java:327)
          at com.sun.xml.ws.encoding.soap.SOAPDecoder.decodeEnvelope(SOAPDecoder.java:250)
          at com.sun.xml.ws.encoding.soap.server.SOAPXMLDecoder.toInternalMessage(SOAPXMLDecoder.java:81)
          ... 29 more
  |#]
  --->handleFault O_o<---|#]If you have any idea for solving my problem, then I can post my simple example :(
  Bye!

• How to send a digital signature across sockets ?

  i have wriiten java code for client server communication - the client sends a digital signature and the server verifies it using the public key .I have sent the signature as a string from the client to server.although the verification comes as true most of the times , some times it comes as "false" .i dont know why it comes that way .
  so my question is ::: is there any problem in sending the digital signature as a string. if so , then how can i send it across sockets ?
  i have used the necessary specs [ X509EncodedKeySpec , PKCS8EncodedKeySpec ] to write and read the private , public keys.so i dont think its a problem with the keys .
  thank you :)
  Edited by: itcoll on Dec 1, 2008 2:43 AM
  Edited by: itcoll on Dec 1, 2008 2:54 AM

  so my question is ::: is there any problem in sending the digital signature as a string.Depends how you constructed the string, how you sent it, and how you received it. Not knowing any of those things it is impossible to comment further.

• Loading Invoice XML IDoc with digital signature via XI into R/3

  Hi,
  I received an Invoice XML IDoc with digital signature via Mail (for test purposes) and want to load it via XI into an R/3 systeme.
  My idea is to load the Invoice XML IDoc file via the File Sender Adapter into XI and send it to the R/3 system via the IDoc Inbound adapter.
  Due to the digital signature the file looks like this:
  0‚ S      *†H†÷
      ‚ D0‚ @   1 0       +      0‚ '      *†H†÷
      ‚   ‚   ‚ –0‚ ’0‚ û      etc.
  When I load the file like this with the File Sender Adapter, an error message occurs in the XI Monitoring as the XML Parser cannot read the file due to the digital signatur (as expected).
  Has anybody an idea how I can configure the File Sender Adapter Communication Channel to be able to load only the XML IDoc and ignore the digital Signature strings?
  Thanks in advance for your support.
  Alex

  BTW
  do use the second way you need:
  Security Settings for the Sender Mail Adapter
  http://help.sap.com/saphelp_nw04/helpdata/en/27/c0524257a1b56be10000000a155106/content.htm
  and
  Key Storage Service
  http://help.sap.com/saphelp_webas630/helpdata/DE/e9/a1dd44d2c83c43afb5ec8a4292f3e0/content.htm
  apart from adapter module config
  Regards,
  michal

• Validating a digital signature in an xml

  Hi,
  Im working on validating a digital signature from an xml file . Im using the below code to get the value of signature node from the xml file.
  NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
  I'm getting it as nodelist object . When i try to get the length of the signature element it says 0 and hence it throws me an exception .
  I have to pass this nodeliest object to validate the xml file. Im attaching the xml file as well as the progarm to validate the xml file . Can somebody help me on this.
  Validate.java
  import javax.xml.crypto.*;
  import javax.xml.crypto.dsig.*;
  import javax.xml.crypto.dom.*;
  import javax.xml.crypto.dsig.dom.DOMValidateContext;
  import javax.xml.crypto.dsig.keyinfo.*;
  import java.io.File;
  import java.io.FileInputStream;
  import java.security.*;
  import java.util.Collections;
  import java.util.Iterator;
  import java.util.List;
  import javax.xml.parsers.DocumentBuilder;
  import javax.xml.parsers.DocumentBuilderFactory;
  import org.w3c.dom.Document;
  import org.w3c.dom.NodeList;
  * This is a simple example of validating an XML
  * Signature using the JSR 105 API. It assumes the key needed to
  * validate the signature is contained in a KeyValue KeyInfo.
  public class Validate {
  public static void main(String[] args) throws Exception {
  try
  File file = new File("c:\\test.xml");
  // Instantiate the document to be validated
       DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
       DocumentBuilder db = dbf.newDocumentBuilder();
       dbf.setNamespaceAware(true);
       //Document doc = dbf.newDocumentBuilder().parse(new FileInputStream("C://signature.xml"));
  Document doc = db.parse(file);
       // Find Signature element
  NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
  System.out.println("the nodelist value is"+nl);
            if (nl.getLength() == 0) {
       throw new Exception("Cannot find Signature element");
       // Create a DOM XMLSignatureFactory that will be used to unmarshal the
       // document containing the XMLSignature
       XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
       // Create a DOMValidateContext and specify a KeyValue KeySelector
  // and document context
       //DOMValidateContext valContext = new DOMValidateContext
       // (new KeyValueKeySelector(), nl.item(0));
       DOMValidateContext valContext = new DOMValidateContext
  (new KeyValueKeySelector(), nl.item(0));
            // unmarshal the XMLSignature
       XMLSignature signature = fac.unmarshalXMLSignature(valContext);
       // Validate the XMLSignature (generated above)
       boolean coreValidity = signature.validate(valContext);
       // Check core validation status
       if (coreValidity == false) {
       System.err.println("Signature failed core validation");
       boolean sv = signature.getSignatureValue().validate(valContext);
       System.out.println("signature validation status: " + sv);
       // check the validation status of each Reference
       Iterator i = signature.getSignedInfo().getReferences().iterator();
       for (int j=0; i.hasNext(); j++) {
            boolean refValid =
            ((Reference) i.next()).validate(valContext);
            System.out.println("ref["+j+"] validity status: " + refValid);
       } else {
       System.out.println("Signature passed core validation");
  catch (Exception e)
       e.printStackTrace();
  * KeySelector which retrieves the public key out of the
  * KeyValue element and returns it.
  * NOTE: If the key algorithm doesn't match signature algorithm,
  * then the public key will be ignored.
  private static class KeyValueKeySelector extends KeySelector {
       public KeySelectorResult select(KeyInfo keyInfo,
  KeySelector.Purpose purpose,
  AlgorithmMethod method,
  XMLCryptoContext context)
  throws KeySelectorException {
  if (keyInfo == null) {
            throw new KeySelectorException("Null KeyInfo object!");
  SignatureMethod sm = (SignatureMethod) method;
  List list = keyInfo.getContent();
  for (int i = 0; i < list.size(); i++) {
            XMLStructure xmlStructure = (XMLStructure) list.get(i);
       if (xmlStructure instanceof KeyValue) {
  PublicKey pk = null;
  try {
  pk = ((KeyValue)xmlStructure).getPublicKey();
  } catch (KeyException ke) {
  throw new KeySelectorException(ke);
  // make sure algorithm is compatible with method
  if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) {
  return new SimpleKeySelectorResult(pk);
  throw new KeySelectorException("No KeyValue element found!");
  //@@@FIXME: this should also work for key types other than DSA/RSA
       static boolean algEquals(String algURI, String algName) {
  if (algName.equalsIgnoreCase("DSA") &&
            algURI.equalsIgnoreCase(SignatureMethod.DSA_SHA1)) {
            return true;
  } else if (algName.equalsIgnoreCase("RSA") &&
  algURI.equalsIgnoreCase(SignatureMethod.RSA_SHA1)) {
            return true;
  } else {
            return false;
  private static class SimpleKeySelectorResult implements KeySelectorResult {
       private PublicKey pk;
       SimpleKeySelectorResult(PublicKey pk) {
       this.pk = pk;
       public Key getKey() { return pk; }
  test.xml
  <?xml version="1.0" encoding="UTF-8"?><Signature XMLNS="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#CWRT"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>VWmTb6knCBXhNjDLp6w5aX79AW4=</DigestValue></Reference><Reference URI="js/weatherData.js"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>aRyqMcnVA7UsxHaq3VPjIzKnR30=</DigestValue></Reference><Reference URI="js/accuweather.js"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>NKBau43TGuOTSwOiFLtC7xgeUxk=</DigestValue></Reference><Reference URI="js/location.js"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>SNowBnKItayjP8hVg2a+qlrNnl4=</DigestValue></Reference><Reference URI="index.html"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>ImhqtDT/KgYLUMwhzBjxo7kX16c=</DigestValue></Reference><Reference URI="images/bg_fade_current.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>6YBFwLJdH7wLSLwgheOzTgLxe0g=</DigestValue></Reference><Reference URI="images/setdefault.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>VD9Ay9DjNvHoCt4QpWI6H5gHo84=</DigestValue></Reference><Reference URI="images/bg_portrait.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>eMNhpeowX/LaxFhZ0choyWoGdnU=</DigestValue></Reference><Reference URI="images/form_bg.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xRsfhpWI8R21vXcPd73EJ0SPg4c=</DigestValue></Reference><Reference URI="images/nav_hourly_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>7tBjRZQ6PC5uVRg8J5bAFTmBS4s=</DigestValue></Reference><Reference URI="images/bg_landscape.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>nTZ9DoZPW1UgjEvE3WfSBt3DdYA=</DigestValue></Reference><Reference URI="images/nav_maps_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>ywLUlQ+DCMuybGr2YLYDQx85jJw=</DigestValue></Reference><Reference URI="images/nav_graph_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>853j9KcFEpuI5c8e5+0TEpmU33U=</DigestValue></Reference><Reference URI="images/label_forecast.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>2feKnZklWElbyqItqq5Q1bZRtn4=</DigestValue></Reference><Reference URI="images/bg_fade_content_wide.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>GDFP4Tcu96NBOCo9qRw7K25l8as=</DigestValue></Reference><Reference URI="images/btn_getlocation.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>sJajd6TTV4VyB2ibMRl8hM4cV+8=</DigestValue></Reference><Reference URI="images/bg_fade_home.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>joxnBor/RV5uvqc+SiNU613+W6U=</DigestValue></Reference><Reference URI="images/label_hourly.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>uinbV5pKm/XFwNsBjI21m0tYkhs=</DigestValue></Reference><Reference URI="images/wxicons/33.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>X8HvsFhHLUr3624myAcox9QyagQ=</DigestValue></Reference><Reference URI="images/wxicons/37.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>ldJztK5xrBf3UOyRkSN9zFAootc=</DigestValue></Reference><Reference URI="images/wxicons/13.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>bAah/tMqPUVrXis2iiOZLYo4jRw=</DigestValue></Reference><Reference URI="images/wxicons/16.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>UZ2CKfWZN/FCLnILVz8bIXWlRAA=</DigestValue></Reference><Reference URI="images/wxicons/19.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>jRL/Ea5Dcj7DpvKOHnqGvUmpw4Q=</DigestValue></Reference><Reference URI="images/wxicons/18.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>76si6qIfm8bAPKBRIQCQScg0Mow=</DigestValue></Reference><Reference URI="images/wxicons/44.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>HkCAXti0I181Pjqkw2QNTjXN6/8=</DigestValue></Reference><Reference URI="images/wxicons/08.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>OAvQ6xMeMXCFznUUMZyL1frgJQk=</DigestValue></Reference><Reference URI="images/wxicons/20.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>BavTiifJ1XKhQx/AO4Y2PywHi+w=</DigestValue></Reference><Reference URI="images/wxicons/12.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>NNVCA+3eTGXWUXGjO1G4qoPPDaU=</DigestValue></Reference><Reference URI="images/wxicons/36.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>5Wy7pMJKjwc+fdL0+ez3OrhZ/WY=</DigestValue></Reference><Reference URI="images/wxicons/32.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>GrhBWg3ODd19NHkdaEyuzUDYGaQ=</DigestValue></Reference><Reference URI="images/wxicons/25.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>kVSt7ZBsrGBlnRp2mnNd4jzbjdc=</DigestValue></Reference><Reference URI="images/wxicons/29.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>CHkrsHgL9qFAKCgxQfGOaBgCg+A=</DigestValue></Reference><Reference URI="images/wxicons/17.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>SxQBu2aYDFDTD1N6XXcL/Z9r2G0=</DigestValue></Reference><Reference URI="images/wxicons/05.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>UR0ntm9xdDzhcq9m+EqdcDRhk5I=</DigestValue></Reference><Reference URI="images/wxicons/06.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>XUKHRCVRhhgG7M44QlhzFKulVf0=</DigestValue></Reference><Reference URI="images/wxicons/40.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>0vBrc/yiUz4pE8epTER19nblmCA=</DigestValue></Reference><Reference URI="images/wxicons/41.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>y5a8jOOsS/qPhcEMQV3Aufb/aNE=</DigestValue></Reference><Reference URI="images/wxicons/Thumbs.db"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>pch5wjLWZAPSgNO09d1x7SMayY=</DigestValue></Reference><Reference URI="images/wxicons/14.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>QoLGKWD8MVS0XxCvkvweDmYg1U=</DigestValue></Reference><Reference URI="images/wxicons/42.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>D9K0JzNNrtpryfckrNQNS87y1BQ=</DigestValue></Reference><Reference URI="images/wxicons/43.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>qlRMGFaqLYTej/k3k1wAGL+GWxM=</DigestValue></Reference><Reference URI="images/wxicons/04.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>a2ftn992/Hl3y1wp9IzsLSSqDdk=</DigestValue></Reference><Reference URI="images/wxicons/30.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>6Ad7HYjHxySf33JzQdS/oDTgcno=</DigestValue></Reference><Reference URI="images/wxicons/23.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>LsAfryFOtLhgviUgiOXM3z4lBAA=</DigestValue></Reference><Reference URI="images/wxicons/07.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>bV4gju3kZ780HDNOVP2lHE1TDW4=</DigestValue></Reference><Reference URI="images/wxicons/22.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>AeFmuHupwwVszEvbV94o0rngpCQ=</DigestValue></Reference><Reference URI="images/wxicons/01.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>6DsWdqkV1/ub3FaeUeXvxsQxckA=</DigestValue></Reference><Reference URI="images/wxicons/21.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>Z4W51hSrbkM5N91/F9xwDJwABb0=</DigestValue></Reference><Reference URI="images/wxicons/38.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>Jfl9KECyaQ68D0Fq2iyAHubQYJE=</DigestValue></Reference><Reference URI="images/wxicons/35.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>c1SmObYV0bMJwveQBuyOk/aHjoY=</DigestValue></Reference><Reference URI="images/wxicons/39.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>apdCy1y7Bhx4c8j8xZKpw9sLiHQ=</DigestValue></Reference><Reference URI="images/wxicons/34.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>RlUoSL1kyNF/LNHglKJojfidqDo=</DigestValue></Reference><Reference URI="images/wxicons/24.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>rp274RE36TIQ/cJqykbC1pfma64=</DigestValue></Reference><Reference URI="images/wxicons/31.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>4T9iGJPK46NYQtmGWyvMhFXqefg=</DigestValue></Reference><Reference URI="images/wxicons/15.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>V/kRSkl8RuSLp5XHkK+Ev2qkA/Q=</DigestValue></Reference><Reference URI="images/wxicons/02.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>LnzYacHZQ8dWbBsfY/xIBFf+FhY=</DigestValue></Reference><Reference URI="images/wxicons/26.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>L/fdXr1GduUly+gZoqoHtjSEeug=</DigestValue></Reference><Reference URI="images/wxicons/11.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>5tlEUU8jkLu69GjxyKrj/dlCBnE=</DigestValue></Reference><Reference URI="images/wxicons/03.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>eVam0Q5Ns+f0ivmOFlayoQjFJuQ=</DigestValue></Reference><Reference URI="images/btn_severe_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xkpq8N5rnVv2QUOOPEC3t2UZ3io=</DigestValue></Reference><Reference URI="images/bg_fade_prefs.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>mGtHZB8HWR4Kr46E9ibtgPqkSjg=</DigestValue></Reference><Reference URI="images/btn_previous.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>tYsSyliuIQHfoqX8Ljjd514gjiY=</DigestValue></Reference><Reference URI="images/btn_search.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>Xs3TiHv5GVKqvqKcH4QQTLGeL5M=</DigestValue></Reference><Reference URI="images/nav_calendar_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>km6Jeefk1pbxhKPuKdX0tAikn20=</DigestValue></Reference><Reference URI="images/bg_fade_location.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>dsoQD4U3FStFnFCn9IU8XZOnbZ8=</DigestValue></Reference><Reference URI="images/logo_leaf.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>AI6UYnx1653B/rX71hqlXRYayK0=</DigestValue></Reference><Reference URI="images/radar.jpg"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>IEaZz7VDYcwgBHJhTFttbNpSr8=</DigestValue></Reference><Reference URI="images/btn_done.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>VZYygwwnJmzSykTWnC3UMjx7UVU=</DigestValue></Reference><Reference URI="images/Thumbs.db"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>aXryLm/7bU2iLfP6mwM96Q7iFfk=</DigestValue></Reference><Reference URI="images/btn_plus.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>apIaI0Q/XpYkQIZgrE8y4KDpe34=</DigestValue></Reference><Reference URI="images/label_calendar.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>Ek3gLnM9lZCvsJrn49FinTEFoc=</DigestValue></Reference><Reference URI="images/btn_severe_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>rMRQheIr8WGukddQsbW79yPUa68=</DigestValue></Reference><Reference URI="images/bg_fade_about_wide.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>exAFOiVOEx5VKUopSxkbRc3RTLc=</DigestValue></Reference><Reference URI="images/btn_removelocation.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>BAAQeIMdUoZumMexhxIJFLOXy8M=</DigestValue></Reference><Reference URI="images/label_weathermap.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>QLd8kSOk/dq9/PtPl3hycoufBGw=</DigestValue></Reference><Reference URI="images/space.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>lPyPvOmX8EoCzEM8iIruq8hfHIE=</DigestValue></Reference><Reference URI="images/btn_magnify.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>3lSDkwWlIMufqacsbJ8dShiDvPc=</DigestValue></Reference><Reference URI="images/btn_next.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>5l3/6rRyibJQXlQdSfopJ4Q9e3o=</DigestValue></Reference><Reference URI="images/bg_fade_current_wide.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>klPlC3aqn33AAxtAzDCksik4CXo=</DigestValue></Reference><Reference URI="images/nav_hourly_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>oW7HwXpGfcEz6q1UEixc48IuEf0=</DigestValue></Reference><Reference URI="images/btn_shrink.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>/6ORP54At9CAqkQno9aCvbXCF2E=</DigestValue></Reference><Reference URI="images/bg_cal_date.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>g10327Jhy+CE2XXE62b6Ea6cUZg=</DigestValue></Reference><Reference URI="images/key.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>anFOcEcBGzbkeEsfKJ7+y3S2Y0E=</DigestValue></Reference><Reference URI="images/degree_f.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>QtJd4lj3Gaqm59G0J6TT87N9jLk=</DigestValue></Reference><Reference URI="images/bg_fade_about.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>rYYhIG+rT3f8jPqSuzC65g2BRuE=</DigestValue></Reference><Reference URI="images/degree_c.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>0AwnOwXF+1iAySDhG6u+WKGzmEE=</DigestValue></Reference><Reference URI="images/nav_maps_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>B7IsyllFvqC+hrxow9QlM+IdDkQ=</DigestValue></Reference><Reference URI="images/label_graph.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>8dKb7eEM6PKj2NqpJmTIA6d4OZw=</DigestValue></Reference><Reference URI="images/bg_fade_nav.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>0gR7yxY7kUde+5gnApaniAR70c4=</DigestValue></Reference><Reference URI="images/nav_forecast_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>T6cSnzVZ6+NYmcJkSxagrBG34VA=</DigestValue></Reference><Reference URI="images/bg_fade_content.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>eAAeix95CFcyTRFP0L37wCTiCT4=</DigestValue></Reference><Reference URI="images/nav_calendar_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>+7NYqrzg6E42x4bcSmI7oR+06Ok=</DigestValue></Reference><Reference URI="images/nav_graph_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>IuDRMdZ5SGeHtOUrIO6N8Kz2ug0=</DigestValue></Reference><Reference URI="images/logo_accu.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>/uv3wU6UomVHWqNw6FnQYutp19g=</DigestValue></Reference><Reference URI="images/nav_forecast_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>x+QqY/MePBUZryW4TH5q+IF1G+g=</DigestValue></Reference><Reference URI="config.xml"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xo9qqZXg+0DwkCx8Kks9jgMLaLA=</DigestValue></Reference><Reference URI="css/accuweather.css"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>wIZ0bV7p0RmG7GEQzl9GoN+MMEs=</DigestValue></Reference><Reference URI="icon.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>vReEx8PURNyRoFZDvLHfXSAW5U=</DigestValue></Reference></SignedInfo><SignatureValue>H6RxXxj0OfpZuhbNHUkm048kZ1uzlGUwQV4TadOvFJ0VKHIyjTcJgzx7ApSUmCTjg/5JaRufBjAzihXmd7UTkq+aVm8smRgHpr3puz0w2wKGhPizO0dz4qfw3U7lqV6eLgSDakRj1jnFgqcMVHI+0k5vvYeVxgUVi6bz2b+IbM=</SignatureValue><Object Id="CWRT"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties" ><SignatureProperty Id="profile"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile" /></SignatureProperty><SignatureProperty Id="role"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor" /></SignatureProperty><SignatureProperty Id="identifier"><dsp:Identifier>{247220a7-f378-4151-83d3-6be32024c0ae}</dsp:Identifier></SignatureProperty></SignatureProperties></Object><KeyInfo><X509Data><X509Certificate>MIICzDCCAjWgAwIBAgIBADANBgkqhkiG9w0BAQUFADArMRAwDgYDVQQKEwdSRCBD
  ZXJ0MRcwFQYDVQQDEw5SRCBDZXJ0aWZpY2F0ZTAeFw0wNDExMTUxMjQyMDZaFw0z
  NzA5MjMxMjQyMDZaMCsxEDAOBgNVBAoTB1JEIENlcnQxFzAVBgNVBAMTDlJEIENl
  cnRpZmljYXRlMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDLRF+r1FGGkCwT
  rb420kbnAps7gi1yYUcXYUdWeFTuBeQe5eW46Y+LWaA8HMlDdoHRB0FgASisYcFa
  gwno9+oFf4AJka4H1gWEs5XTGwAA1s0d8XGh7W7Dt9F5FZij8F7/9Pi6+FhhxZFI
  f1DD+yry9D7+Sp+BgdNALe4XOpf25QIBA6OCAQAwgf0wDAYDVR0TBAUwAwEB/zAL
  BgNVHQ8EBAMCAoQwHQYDVR0OBBYEFFi/kuGzxhVpjGxe9ZwlxC3fH9jFMFMGA1Ud
  IwRMMEqAFFi/kuGzxhVpjGxe9ZwlxC3fH9jFoS+kLTArMRAwDgYDVQQKEwdSRCBD
  ZXJ0MRcwFQYDVQQDEw5SRCBDZXJ0aWZpY2F0ZYIBADBsBgNVHSAEZTBjMGEGBFUd
  IAAwWTATBggrBgEFBQcCARYHaHR0cDovLzBCBggrBgEFBQcCAjA2GjRGb3IgUiZE
  IHVzYWdlIG9ubHkuIFRoaXMgY2VydGlmaWNhdGUgaXMgbm90IHRydXN0ZWQuMA0G
  CSqGSIb3DQEBBQUAA4GBAHGB4RQMAgBdeT2hxfOr6f2nA/dZm+M5yX5daUtZnET9
  Ed0A9sazLawfN2G1KFQT9kxEParAyoAkpbMAsRrnRz/9cM3OHgFm/NiKRnf50DpT
  7oCx0I/65mVD2kt+xXE62/Ii5KPnTufIkPi2uLvURCia1tTS8JmJ8dtxDGyQt8BR</X509Certificate></X509Data></KeyInfo></Signature>

  >
  // Instantiate the document to be validated
  DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
  DocumentBuilder db = dbf.newDocumentBuilder();
  dbf.setNamespaceAware(true);
  Document doc = db.parse(file);Your problem is that you've instantiated the DocumentBuilder before you've made the factory namespace aware. As a result, does not know against which namespace it is parsing the XML file.
  Change the lines of code to have the factory be namespace-aware before you instantiate the DocumentBuilder and then parse the class. You'll get past your "node not found" error to receive a number of other errors which you need to correct.
  DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
  dbf.setNamespaceAware(true);
  Document doc = dbf.newDocumentBuilder().parse(file);As a practice when generating an XML document, you should try to validate it inside an IDE like Netbeans/Eclipse before trying to do anything with the document to ensure you've not only got a well-formed XML document, but also one that is "schema-conformant. Your XML signature is not (the Object element cannot come before the KeyInfo element, and the SignatureProperty element is missing the required Target attribute); as a result your Signature element will fail to pass validation even if your code is correct. A cursory review of the XML Signature specs and its XSD is always helpful: [http://www.w3.org/TR/xmldsig-core/].
  Finally, please use the {code} tag for source-code to make it readable. Thanks.
  Arshad Noor
  StrongAuth, Inc.

• Implementing XAdES in Java XML Digital Signature API

  Hi,
  I've got some problems with implementing XAdES standard with Java XML Digital Signature API. Below is a code (SignatureTest1), that produces a digital signature with some XAdES tags placed in <ds:Object> tag. The signature is later validated with a Validator class. Everything works fine, until I set a XAdES namespace (SignatureTest1.xadesNS="http://uri.etsi.org/01903/v1.3.2#"). In this case validation of XAdES elements fails.
  The reason of validation failture is a difference between arguments passed to a digest method when document is being signed and validated. When the document is being signed a log looks like this:
  FINER: Pre-digested input:
  2007-08-21 15:38:44 org.jcp.xml.dsig.internal.DigesterOutputStream write
  FINER: <SignedProperties xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SignP"></SignedProperties>
  2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference digest
  FINE: Reference object uri = #SignP
  2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference digest
  FINE: Reference digesting completed,but while validating:
  FINER: Pre-digested input:
  2007-08-21 15:38:44 org.jcp.xml.dsig.internal.DigesterOutputStream write
  FINER: <SignedProperties xmlns="http://uri.etsi.org/01903/v1.3.2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SignP"></SignedProperties>
  2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference validate
  FINE: Expected digest: MAQ/vctdkyVHVzoQWnOnQdeBw8g=
  2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference validate
  FINE: Actual digest: D7WajkF0U5t1GnVJqj9g1IntLQg=
  2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMXMLSignature validate
  FINE: Reference[#SignP] is valid: falseHow can I fix this?
  Signer class:
  import java.io.FileInputStream;
  import java.io.FileOutputStream;
  import java.io.OutputStream;
  import java.security.KeyPair;
  import java.security.KeyPairGenerator;
  import java.util.ArrayList;
  import java.util.Collections;
  import java.util.Iterator;
  import java.util.List;
  import javax.xml.crypto.dom.DOMStructure;
  import javax.xml.crypto.dsig.CanonicalizationMethod;
  import javax.xml.crypto.dsig.DigestMethod;
  import javax.xml.crypto.dsig.Reference;
  import javax.xml.crypto.dsig.SignatureMethod;
  import javax.xml.crypto.dsig.SignedInfo;
  import javax.xml.crypto.dsig.Transform;
  import javax.xml.crypto.dsig.XMLObject;
  import javax.xml.crypto.dsig.XMLSignature;
  import javax.xml.crypto.dsig.XMLSignatureFactory;
  import javax.xml.crypto.dsig.dom.DOMSignContext;
  import javax.xml.crypto.dsig.dom.DOMValidateContext;
  import javax.xml.crypto.dsig.keyinfo.KeyInfo;
  import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
  import javax.xml.crypto.dsig.keyinfo.KeyValue;
  import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
  import javax.xml.crypto.dsig.spec.TransformParameterSpec;
  import javax.xml.parsers.DocumentBuilderFactory;
  import javax.xml.transform.Transformer;
  import javax.xml.transform.TransformerFactory;
  import javax.xml.transform.dom.DOMSource;
  import javax.xml.transform.stream.StreamResult;
  import org.w3c.dom.Document;
  import org.w3c.dom.Element;
  import org.w3c.dom.NodeList;
  import com.sun.org.apache.xml.internal.security.utils.IdResolver;
  public class SignatureTest1 {
       public static String xadesNS=null;//"http://uri.etsi.org/01903/v1.3.2#";
       public static String signatureID="Sig1";
       public static String signedPropID="SignP";
       public static void main(String[] arg) {
          try{
            XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
            List<Reference> refs = new ArrayList<Reference>();
            Reference ref1 = fac.newReference
                ("", fac.newDigestMethod(DigestMethod.SHA1, null),
                    Collections.singletonList
                  (fac.newTransform
                 (Transform.ENVELOPED, (TransformParameterSpec) null)),
                 null, null);
            refs.add(ref1);
            Reference ref2 = fac.newReference("#"+signedPropID,fac.newDigestMethod(DigestMethod.SHA1,null),null,"http://uri.etsi.org/01903/v1.3.2#SignedProperties",null);
            refs.add(ref2);
            SignedInfo si = fac.newSignedInfo
                (fac.newCanonicalizationMethod
                 (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
                  (C14NMethodParameterSpec) null),
                 fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
                 refs);
           KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
            kpg.initialize(512);
            KeyPair kp = kpg.generateKeyPair();
            KeyInfoFactory kif = fac.getKeyInfoFactory();
            KeyValue kv = kif.newKeyValue(kp.getPublic());
           KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
            dbf.setNamespaceAware(true);
            Document doc =
                dbf.newDocumentBuilder().parse("purchaseOrder.xml");
            DOMSignContext dsc = new DOMSignContext
                (kp.getPrivate(), doc.getDocumentElement());
            dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds");
            Element QPElement = createElement(doc, "QualifyingProperties",null,xadesNS);
          QPElement.setAttributeNS(null, "Target", signatureID);
          Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
          SPElement.setAttributeNS(null, "Id", signedPropID);
          IdResolver.registerElementById(SPElement, signedPropID);
          QPElement.appendChild(SPElement);
          Element UPElement = createElement(doc, "UnsignedProperties", null,xadesNS);
          QPElement.appendChild(UPElement);
          DOMStructure qualifPropStruct = new DOMStructure(QPElement);
          List<DOMStructure> xmlObj = new ArrayList<DOMStructure>();
          xmlObj.add(qualifPropStruct);
          XMLObject object = fac.newXMLObject(xmlObj,"QualifyingInfos",null,null);
          List objects = Collections.singletonList(object);
          XMLSignature signature = fac.newXMLSignature(si, ki,objects,signatureID,null);
            signature.sign(dsc);
            OutputStream os = new FileOutputStream("signedPurchaseOrder.xml");
            TransformerFactory tf = TransformerFactory.newInstance();
            Transformer trans = tf.newTransformer();
            trans.transform(new DOMSource(doc), new StreamResult(os));
          }catch(Exception e){
               e.printStackTrace();
          try{
          Validator.main(null);
          }catch(Exception e){
               System.out.println("Validator exception");
               e.printStackTrace();
       public static Element createElement(Document doc, String tag,String prefix, String nsURI) {
            String qName = prefix == null ? tag : prefix + ":" + tag;
           return doc.createElementNS(nsURI, qName);
  }Validator class:
  import javax.xml.crypto.*;
  import javax.xml.crypto.dsig.*;
  import javax.xml.crypto.dom.*;
  import javax.xml.crypto.dsig.dom.DOMValidateContext;
  import javax.xml.crypto.dsig.keyinfo.*;
  import java.io.FileInputStream;
  import java.security.*;
  import java.util.Collections;
  import java.util.Iterator;
  import java.util.List;
  import javax.xml.parsers.DocumentBuilderFactory;
  import org.w3c.dom.Document;
  import org.w3c.dom.NodeList;
  * This is a simple example of validating an XML
  * Signature using the JSR 105 API. It assumes the key needed to
  * validate the signature is contained in a KeyValue KeyInfo.
  public class Validator {
      // Synopsis: java Validate [document]
      //       where "document" is the name of a file containing the XML document
      //       to be validated.
      public static void main(String[] args) throws Exception {
       // Instantiate the document to be validated
       DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
       dbf.setNamespaceAware(true);
       Document doc =
              dbf.newDocumentBuilder().parse(new FileInputStream("signedPurchaseOrder.xml"));
       // Find Signature element
       NodeList nl =
           doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
       if (nl.getLength() == 0) {
           throw new Exception("Cannot find Signature element");
       // Create a DOM XMLSignatureFactory that will be used to unmarshal the
       // document containing the XMLSignature
       XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
       // Create a DOMValidateContext and specify a KeyValue KeySelector
          // and document context
       DOMValidateContext valContext = new DOMValidateContext
           (new KeyValueKeySelector(), nl.item(0));
       // unmarshal the XMLSignature
       XMLSignature signature = fac.unmarshalXMLSignature(valContext);
       // Validate the XMLSignature (generated above)
       boolean coreValidity = signature.validate(valContext);
       // Check core validation status
       if (coreValidity == false) {
               System.err.println("Signature failed core validation");
           boolean sv = signature.getSignatureValue().validate(valContext);
           System.out.println("signature validation status: " + sv);
           // check the validation status of each Reference
           Iterator i = signature.getSignedInfo().getReferences().iterator();
           for (int j=0; i.hasNext(); j++) {
            boolean refValid =
                ((Reference) i.next()).validate(valContext);
            System.out.println("ref["+j+"] validity status: " + refValid);
       } else {
               System.out.println("Signature passed core validation");
       * KeySelector which retrieves the public key out of the
       * KeyValue element and returns it.
       * NOTE: If the key algorithm doesn't match signature algorithm,
       * then the public key will be ignored.
      private static class KeyValueKeySelector extends KeySelector {
       public KeySelectorResult select(KeyInfo keyInfo,
                                          KeySelector.Purpose purpose,
                                          AlgorithmMethod method,
                                          XMLCryptoContext context)
              throws KeySelectorException {
              if (keyInfo == null) {
            throw new KeySelectorException("Null KeyInfo object!");
              SignatureMethod sm = (SignatureMethod) method;
              List list = keyInfo.getContent();
              for (int i = 0; i < list.size(); i++) {
            XMLStructure xmlStructure = (XMLStructure) list.get(i);
                   if (xmlStructure instanceof KeyValue) {
                      PublicKey pk = null;
                      try {
                          pk = ((KeyValue)xmlStructure).getPublicKey();
                      } catch (KeyException ke) {
                          throw new KeySelectorException(ke);
                      // make sure algorithm is compatible with method
                      if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) {
                          return new SimpleKeySelectorResult(pk);
              throw new KeySelectorException("No KeyValue element found!");
          //@@@FIXME: this should also work for key types other than DSA/RSA
       static boolean algEquals(String algURI, String algName) {
              if (algName.equalsIgnoreCase("DSA") &&
            algURI.equalsIgnoreCase(SignatureMethod.DSA_SHA1)) {
            return true;
              } else if (algName.equalsIgnoreCase("RSA") &&
                         algURI.equalsIgnoreCase(SignatureMethod.RSA_SHA1)) {
            return true;
              } else {
            return false;
      private static class SimpleKeySelectorResult implements KeySelectorResult {
       private PublicKey pk;
       SimpleKeySelectorResult(PublicKey pk) {
           this.pk = pk;
       public Key getKey() { return pk; }
  }PurchaseOrder.xml
  <?xml version="1.0" encoding="UTF-8"?>
  <PurchaseOrder>
  <Item number="130046593231">
    <Description>Video Game</Description>
    <Price>10.29</Price>
  </Item>
  <Buyer id="8492340">
    <Name>My Name</Name>
    <Address>
     <Street>One Network Drive</Street>
     <Town>Burlington</Town>
     <State>MA</State>
     <Country>United States</Country>
     <PostalCode>01803</PostalCode>
    </Address>
  </Buyer>
  </PurchaseOrder>signedPurchaseOrder.xml with XAdES namespace:
  <?xml version="1.0" encoding="UTF-8" standalone="no"?><PurchaseOrder>
  <Item number="130046593231">
    <Description>Video Game</Description>
    <Price>10.29</Price>
  </Item>
  <Buyer id="8492340">
    <Name>My Name</Name>
    <Address>
     <Street>One Network Drive</Street>
     <Town>Burlington</Town>
     <State>MA</State>
     <Country>United States</Country>
     <PostalCode>01803</PostalCode>
    </Address>
  </Buyer>
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Sig1"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>tVicGh6V+8cHbVYFIU91o5+L3OQ=</ds:DigestValue></ds:Reference><ds:Reference Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties" URI="#SignP"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>MAQ/vctdkyVHVzoQWnOnQdeBw8g=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>lSgzfZCRIlgrgr6YpNOdB3XWdF9P9TEiXfkNoqUpAru/I7IiyiFWJg==</ds:SignatureValue><ds:KeyInfo><ds:KeyValue><ds:DSAKeyValue><ds:P>/KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQTxeEu0ImbzRMqzVDZkVG9
  xD7nN1kuFw==</ds:P><ds:Q>li7dzDacuo67Jg7mtqEm2TRuOMU=</ds:Q><ds:G>Z4Rxsnqc9E7pGknFFH2xqaryRPBaQ01khpMdLRQnG541Awtx/XPaF5Bpsy4pNWMOHCBiNU0Nogps
  QW5QvnlMpA==</ds:G><ds:Y>p48gU203NGPcs9UxEQQQzQ19KBtDRGfEs3BDt0cbCRJHMh3EoySpeqOnuTeKLXuFr96nzAPq4BEU
  dNAc7XpDvQ==</ds:Y></ds:DSAKeyValue></ds:KeyValue></ds:KeyInfo><ds:Object Id="QualifyingInfos"><QualifyingProperties Target="Sig1" xmlns="http://uri.etsi.org/01903/v1.3.2#"><SignedProperties Id="SignP"/><UnsignedProperties/></QualifyingProperties></ds:Object></ds:Signature></PurchaseOrder>

  I believe the problem is that you are not explicitly adding the xades namespace
  attribute to the SignedProperties element before generating the signature. Thus,
  the namespace attribute is not visible when canonicalizing, but when you serialize the
  DOM tree to an output stream, (for reasons I'm not entirely sure why), the namespace
  attribute is visible and is added to the SignedProperties element, which breaks the
  signature.
  You must always explicitly add namespace attributes using the Element.setAttributeNS
  method. Try changing the following code from:
  Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
  to:
  Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
  SPElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", xadesNS);

• Xml digital signature api

  hello
  Has anyone tried to use the xml digital signature api on an application deployed on appserver 8.2 bundled with stucio?
  I am trying to,,but it seems i cannot work it out,.Here is what i do,,i ve built a sample application where when i clik a button the following code runs.I have imported the xmldsig.jar file i found on jwsdp-1.5 that includes the needed classes and i am using jdk 1.4.2.07.
  I should mention that when i deploy the application on tomcat 4.1.31 everything works fine and the xml file is properly signed.But it never works on when i run it on appserver.for ANY help i would be grateful!!!!!!!!
  the following code is on the click button action
  ypografi ob2 =new ypografi();
  boolean ok ;
  ok = ob2.ypegrapse("C:/attach.xml");
  the following code is the ypografi.java file
  package dokimi;
  import javax.xml.crypto.*;
  import javax.xml.crypto.dsig.*;
  import javax.xml.crypto.dom.*;
  import javax.xml.crypto.dsig.dom.DOMSignContext;
  import javax.xml.crypto.dsig.keyinfo.*;
  import java.io.FileInputStream;
  import java.io.FileOutputStream;
  import java.io.OutputStream;
  import java.security.*;
  import java.util.Collections;
  import java.util.Iterator;
  import javax.xml.parsers.DocumentBuilderFactory;
  import javax.xml.transform.*;
  import javax.xml.transform.dom.DOMSource;
  import javax.xml.transform.stream.StreamResult;
  import org.w3c.dom.Document;
  public class ypografi {
  /** Creates a new instance of ypografi */
  public ypografi() {
  public boolean ypegrapse(String nameoffile){
  // Create a DOM XMLSignatureFactory that will be used to generate the
            // enveloped signature
       try {     
  String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
            XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",(Provider) Class.forName(providerName).newInstance());
  // Create a Reference to the enveloped document (in this case we are
            // signing the whole document, so a URI of "" signifies that) and
            // also specify the SHA1 digest algorithm and the ENVELOPED Transform.
            Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null),Collections.singletonList(fac.newTransform(Transform.ENVELOPED, null)),null, null);
            // Create the SignedInfo
            SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, null),fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),Collections.singletonList(ref));
  // Create a DSA KeyPair
  KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
            kpg.initialize(512);
  KeyPair kp = kpg.generateKeyPair();
  // Create a KeyValue containing the DSA PublicKey that was generated
            KeyInfoFactory kif = fac.getKeyInfoFactory();
  KeyValue kv = kif.newKeyValue(kp.getPublic());
            // Create a KeyInfo and add the KeyValue to it
  KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
            // Instantiate the document to be signed
            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
            dbf.setNamespaceAware(true);
            Document doc = dbf.newDocumentBuilder().parse(new FileInputStream(nameoffile));
  // Create a DOMSignContext and specify the DSA PrivateKey and
  // location of the resulting XMLSignature's parent element
            DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement());
            // Create the XMLSignature (but don't sign it yet)
            XMLSignature signature = fac.newXMLSignature(si, ki);
  // Marshal, generate (and sign) the enveloped signature
  signature.sign(dsc);
            // output the resulting document
            OutputStream os;
       os = new FileOutputStream(nameoffile);
            TransformerFactory tf = TransformerFactory.newInstance();
            Transformer trans = tf.newTransformer();
            trans.transform(new DOMSource(doc), new StreamResult(os));
  }catch(Exception e){
  System.out.println(e);
  return false;
  return true;
  }

  Something like this should work:
          Text text = doc.createTextNode("testContent");
          SignatureProperty sp = fac.newSignatureProperty
              (Collections.singletonList(new DOMStructure(text)),
              "#testTarget", "testID");
          SignatureProperties sps = fac.newSignatureProperties
              (Collections.singletonList(sp), null);
          objs.add(fac.newXMLObject(Collections.singletonList(sps), null,
              null, null));

• XML Digital Signature and sun PKCS#11

  Hi,
  I am trying to use xmldsig/xmlsec from Java Web Services Developer's Pack to do signing of XML documents. My goal is to use the keys from the card via sunpkcs11 to perform this signature.
  At this stage, i'm able to get the correct key from the card via sun pkcs 11 (J2SE 5) and able to sign some data with it.
  However, when i try to sign a xml document via xmldsig, i get the error which i believe to occur while trying to read the private key from the card as a string, which results in a "not a byte[]" exception.
  At this stage, are there any ways to configure the xmldsig/xmlsec to use the pkcs11 provider?
  I understand that the current implementation of XML Digital signature is using apache XML libraries. Is the source code for the wsdp downloadable from SUN?
  If not, will it be possible to make use of the open-source apache XML jars, set it up for pkcs11 and use it instead?
  Finally, has anyone done what I'm trying to do? Will be glad to know
  Thank u in advance,
  Louis

  Hello
  Did you resolve yout problem, because i have the same when i try to sign message
  String testData = "Hello World";
  p11KeyStore = KeyStore.getInstance("PKCS11");
  p11KeyStore.load(null, new char[] {'1', '2', '3', '4'});
  sig = Signature.getInstance("SHA1withRSA");
  sig.initSign( (PrivateKey) p11KeyStore.getKey(myAlias, null));
  sig.update(testData.getBytes());
  signatureBytes = sig.sign()
  This code fails and i get java.lang.RuntimeException: Not a byte[]
       at sun.security.pkcs11.wrapper.CK_ATTRIBUTE.getBigInteger(CK_ATTRIBUTE.java:168)
       at sun.security.pkcs11.P11Key$P11RSAPrivateKey.fetchValues(P11Key.java:419)

• XML Digital Signature Canonicalisation Error.

  Hi,
  I am writing JAVA code to perform XML Digital Signature and Verification. I am using jwsdp-2.0 jar files xmldsig.jar and xmlsec.jar.
  I am successfully able to sing the xml but still have few issues.
  1. Canoniclisation on SignedInfo is not happening. API is signing the SignedInfo Element without performing Canonicalisation. I turned on debugging and it shows FINE: Canonicalized SignedInfo:error. Because its not able to perform Canonicalisation verification fails on other end.
  fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,(C14NMethodParameterSpec)null) is the canonicalisation param I am passing to SI.
  2. Not able to specify XPointer in URI string when creating Reference object. It works fine with, just id of element as reference, but not with xpointer.
  Any help on these issue is greatly appreciated.
  Thanks for your help.
  Ajit Rathod
  CODE :
  ============================================================
  import javax.crypto.SecretKey;
  import javax.crypto.spec.SecretKeySpec;
  import javax.xml.crypto.dsig.*;
  import javax.xml.crypto.dsig.dom.DOMSignContext;
  import javax.xml.crypto.dsig.spec.*;
  import java.io.ByteArrayOutputStream;
  import java.io.FileInputStream;
  import java.io.FileOutputStream;
  import java.io.OutputStream;
  import java.net.URLEncoder;
  import java.security.*;
  import java.util.Collections;
  import javax.xml.parsers.DocumentBuilderFactory;
  import javax.xml.transform.*;
  import javax.xml.transform.dom.DOMSource;
  import javax.xml.transform.stream.StreamResult;
  import org.w3c.dom.Document;
  import org.w3c.dom.NodeList;
  public class GenEnveloped {
       public static void main(String[] args) throws Exception {
  String providerName = System.getProperty
  ("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
       XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",(Provider) Class.forName(providerName).newInstance());
       String strRefURI = "";
       strRefURI = "#testID";     
       Transform trf = fac.newTransform(CanonicalizationMethod.EXCLUSIVE,(TransformParameterSpec)null);
  Reference ref = fac.newReference (strRefURI, fac.newDigestMethod(DigestMethod.SHA1,null), Collections.singletonList(trf),null,null);
       SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,(C14NMethodParameterSpec)null),fac.newSignatureMethod(SignatureMethod.HMAC_SHA1, null),Collections.singletonList(ref));     
       DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
       dbf.setNamespaceAware(true);
       Document doc = dbf.newDocumentBuilder().parse(new FileInputStream("testSamlData.xml"));     
       NodeList nlWSSESecurity = doc.getElementsByTagName("wsse:Security");
       String strKey = "asefasfsadfasdfsfasfdfsdasdfasdf";
       ByteArrayOutputStream baos = new ByteArrayOutputStream();     
       byte keyBytes[] = strKey.getBytes();     
       SecretKey sk = new SecretKeySpec(keyBytes,SignatureMethod.HMAC_SHA1);
       XMLSignature signature = fac.newXMLSignature(si,null);
       DOMSignContext dsc = new DOMSignContext     (sk,nlWSSESecurity.item(0));     
       //DOMSignContext dsc = new DOMSignContext     (sk,doc.getDocumentElement());
       dsc.setDefaultNamespacePrefix("ds");          
  signature.sign(dsc);
       OutputStream os;
       boolean blFile = true;
       if (blFile)
            os = new FileOutputStream("testSamlDataSigned.xml");
            System.out.println("Result is written out to File system");
       else
       os = System.out;
       TransformerFactory tf = TransformerFactory.newInstance();
       Transformer trans = tf.newTransformer();
       trans.transform(new DOMSource(doc), new StreamResult(os));
  }

  Charles_F wrote:
  Hi.
  I would appreciate any help regarding the topic.
  I need to create xml digital signature of files that are located in the same directory,
  let's say working directory (current directory) of application.
  I only get in the Reference tag with URI
  <Reference URI="file:/D:/projects/netbeans/CryptoHelpers/form.xml>
  althought I'd like to achieve
  <Reference URI="form.xml">To do that, just specify "form.xml" when creating the Reference and not the complete path. Change:
  Reference refList = xmlSignatureFactory.newReference(
  srcFile.toURI().toString(),
  digestMethod);
  referenceList.add(refList);to:
  Reference refList = xmlSignatureFactory.newReference(
  filePath, digestMethod);
  referenceList.add(refList);Also, make sure your baseURI is set to the directory that the file is located in and ends with a trailing slash. Change:
  signContext.setBaseURI("file:/");to
  signContext.setBaseURI("file:/D:/projects/netbeans/CryptoHelpers/");