Digital signature save file xml
hello, you can save the digital signature in an XML file?
Make sure you also change your SignatureMethod algorithm to RSA_SHA1, ex:
... fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null) ...
Similar Messages
-
Validating a digital signature in an xml
Hi,
Im working on validating a digital signature from an xml file . Im using the below code to get the value of signature node from the xml file.
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
I'm getting it as nodelist object . When i try to get the length of the signature element it says 0 and hence it throws me an exception .
I have to pass this nodeliest object to validate the xml file. Im attaching the xml file as well as the progarm to validate the xml file . Can somebody help me on this.
Validate.java
import javax.xml.crypto.*;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dom.*;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.*;
import java.io.File;
import java.io.FileInputStream;
import java.security.*;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
* This is a simple example of validating an XML
* Signature using the JSR 105 API. It assumes the key needed to
* validate the signature is contained in a KeyValue KeyInfo.
public class Validate {
public static void main(String[] args) throws Exception {
try
File file = new File("c:\\test.xml");
// Instantiate the document to be validated
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
DocumentBuilder db = dbf.newDocumentBuilder();
dbf.setNamespaceAware(true);
//Document doc = dbf.newDocumentBuilder().parse(new FileInputStream("C://signature.xml"));
Document doc = db.parse(file);
// Find Signature element
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
System.out.println("the nodelist value is"+nl);
if (nl.getLength() == 0) {
throw new Exception("Cannot find Signature element");
// Create a DOM XMLSignatureFactory that will be used to unmarshal the
// document containing the XMLSignature
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
// Create a DOMValidateContext and specify a KeyValue KeySelector
// and document context
//DOMValidateContext valContext = new DOMValidateContext
// (new KeyValueKeySelector(), nl.item(0));
DOMValidateContext valContext = new DOMValidateContext
(new KeyValueKeySelector(), nl.item(0));
// unmarshal the XMLSignature
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
// Validate the XMLSignature (generated above)
boolean coreValidity = signature.validate(valContext);
// Check core validation status
if (coreValidity == false) {
System.err.println("Signature failed core validation");
boolean sv = signature.getSignatureValue().validate(valContext);
System.out.println("signature validation status: " + sv);
// check the validation status of each Reference
Iterator i = signature.getSignedInfo().getReferences().iterator();
for (int j=0; i.hasNext(); j++) {
boolean refValid =
((Reference) i.next()).validate(valContext);
System.out.println("ref["+j+"] validity status: " + refValid);
} else {
System.out.println("Signature passed core validation");
catch (Exception e)
e.printStackTrace();
* KeySelector which retrieves the public key out of the
* KeyValue element and returns it.
* NOTE: If the key algorithm doesn't match signature algorithm,
* then the public key will be ignored.
private static class KeyValueKeySelector extends KeySelector {
public KeySelectorResult select(KeyInfo keyInfo,
KeySelector.Purpose purpose,
AlgorithmMethod method,
XMLCryptoContext context)
throws KeySelectorException {
if (keyInfo == null) {
throw new KeySelectorException("Null KeyInfo object!");
SignatureMethod sm = (SignatureMethod) method;
List list = keyInfo.getContent();
for (int i = 0; i < list.size(); i++) {
XMLStructure xmlStructure = (XMLStructure) list.get(i);
if (xmlStructure instanceof KeyValue) {
PublicKey pk = null;
try {
pk = ((KeyValue)xmlStructure).getPublicKey();
} catch (KeyException ke) {
throw new KeySelectorException(ke);
// make sure algorithm is compatible with method
if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) {
return new SimpleKeySelectorResult(pk);
throw new KeySelectorException("No KeyValue element found!");
//@@@FIXME: this should also work for key types other than DSA/RSA
static boolean algEquals(String algURI, String algName) {
if (algName.equalsIgnoreCase("DSA") &&
algURI.equalsIgnoreCase(SignatureMethod.DSA_SHA1)) {
return true;
} else if (algName.equalsIgnoreCase("RSA") &&
algURI.equalsIgnoreCase(SignatureMethod.RSA_SHA1)) {
return true;
} else {
return false;
private static class SimpleKeySelectorResult implements KeySelectorResult {
private PublicKey pk;
SimpleKeySelectorResult(PublicKey pk) {
this.pk = pk;
public Key getKey() { return pk; }
test.xml
<?xml version="1.0" encoding="UTF-8"?><Signature XMLNS="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#CWRT"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>VWmTb6knCBXhNjDLp6w5aX79AW4=</DigestValue></Reference><Reference URI="js/weatherData.js"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>aRyqMcnVA7UsxHaq3VPjIzKnR30=</DigestValue></Reference><Reference URI="js/accuweather.js"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>NKBau43TGuOTSwOiFLtC7xgeUxk=</DigestValue></Reference><Reference URI="js/location.js"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>SNowBnKItayjP8hVg2a+qlrNnl4=</DigestValue></Reference><Reference URI="index.html"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>ImhqtDT/KgYLUMwhzBjxo7kX16c=</DigestValue></Reference><Reference URI="images/bg_fade_current.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>6YBFwLJdH7wLSLwgheOzTgLxe0g=</DigestValue></Reference><Reference URI="images/setdefault.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>VD9Ay9DjNvHoCt4QpWI6H5gHo84=</DigestValue></Reference><Reference URI="images/bg_portrait.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>eMNhpeowX/LaxFhZ0choyWoGdnU=</DigestValue></Reference><Reference URI="images/form_bg.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xRsfhpWI8R21vXcPd73EJ0SPg4c=</DigestValue></Reference><Reference URI="images/nav_hourly_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>7tBjRZQ6PC5uVRg8J5bAFTmBS4s=</DigestValue></Reference><Reference URI="images/bg_landscape.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>nTZ9DoZPW1UgjEvE3WfSBt3DdYA=</DigestValue></Reference><Reference URI="images/nav_maps_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>ywLUlQ+DCMuybGr2YLYDQx85jJw=</DigestValue></Reference><Reference URI="images/nav_graph_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>853j9KcFEpuI5c8e5+0TEpmU33U=</DigestValue></Reference><Reference URI="images/label_forecast.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>2feKnZklWElbyqItqq5Q1bZRtn4=</DigestValue></Reference><Reference URI="images/bg_fade_content_wide.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>GDFP4Tcu96NBOCo9qRw7K25l8as=</DigestValue></Reference><Reference URI="images/btn_getlocation.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>sJajd6TTV4VyB2ibMRl8hM4cV+8=</DigestValue></Reference><Reference URI="images/bg_fade_home.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>joxnBor/RV5uvqc+SiNU613+W6U=</DigestValue></Reference><Reference URI="images/label_hourly.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>uinbV5pKm/XFwNsBjI21m0tYkhs=</DigestValue></Reference><Reference URI="images/wxicons/33.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>X8HvsFhHLUr3624myAcox9QyagQ=</DigestValue></Reference><Reference URI="images/wxicons/37.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>ldJztK5xrBf3UOyRkSN9zFAootc=</DigestValue></Reference><Reference URI="images/wxicons/13.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>bAah/tMqPUVrXis2iiOZLYo4jRw=</DigestValue></Reference><Reference URI="images/wxicons/16.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>UZ2CKfWZN/FCLnILVz8bIXWlRAA=</DigestValue></Reference><Reference URI="images/wxicons/19.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>jRL/Ea5Dcj7DpvKOHnqGvUmpw4Q=</DigestValue></Reference><Reference URI="images/wxicons/18.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>76si6qIfm8bAPKBRIQCQScg0Mow=</DigestValue></Reference><Reference URI="images/wxicons/44.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>HkCAXti0I181Pjqkw2QNTjXN6/8=</DigestValue></Reference><Reference URI="images/wxicons/08.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>OAvQ6xMeMXCFznUUMZyL1frgJQk=</DigestValue></Reference><Reference URI="images/wxicons/20.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>BavTiifJ1XKhQx/AO4Y2PywHi+w=</DigestValue></Reference><Reference URI="images/wxicons/12.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>NNVCA+3eTGXWUXGjO1G4qoPPDaU=</DigestValue></Reference><Reference URI="images/wxicons/36.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>5Wy7pMJKjwc+fdL0+ez3OrhZ/WY=</DigestValue></Reference><Reference URI="images/wxicons/32.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>GrhBWg3ODd19NHkdaEyuzUDYGaQ=</DigestValue></Reference><Reference URI="images/wxicons/25.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>kVSt7ZBsrGBlnRp2mnNd4jzbjdc=</DigestValue></Reference><Reference URI="images/wxicons/29.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>CHkrsHgL9qFAKCgxQfGOaBgCg+A=</DigestValue></Reference><Reference URI="images/wxicons/17.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>SxQBu2aYDFDTD1N6XXcL/Z9r2G0=</DigestValue></Reference><Reference URI="images/wxicons/05.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>UR0ntm9xdDzhcq9m+EqdcDRhk5I=</DigestValue></Reference><Reference URI="images/wxicons/06.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>XUKHRCVRhhgG7M44QlhzFKulVf0=</DigestValue></Reference><Reference URI="images/wxicons/40.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>0vBrc/yiUz4pE8epTER19nblmCA=</DigestValue></Reference><Reference URI="images/wxicons/41.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>y5a8jOOsS/qPhcEMQV3Aufb/aNE=</DigestValue></Reference><Reference URI="images/wxicons/Thumbs.db"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>pch5wjLWZAPSgNO09d1x7SMayY=</DigestValue></Reference><Reference URI="images/wxicons/14.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>QoLGKWD8MVS0XxCvkvweDmYg1U=</DigestValue></Reference><Reference URI="images/wxicons/42.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>D9K0JzNNrtpryfckrNQNS87y1BQ=</DigestValue></Reference><Reference URI="images/wxicons/43.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>qlRMGFaqLYTej/k3k1wAGL+GWxM=</DigestValue></Reference><Reference URI="images/wxicons/04.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>a2ftn992/Hl3y1wp9IzsLSSqDdk=</DigestValue></Reference><Reference URI="images/wxicons/30.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>6Ad7HYjHxySf33JzQdS/oDTgcno=</DigestValue></Reference><Reference URI="images/wxicons/23.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>LsAfryFOtLhgviUgiOXM3z4lBAA=</DigestValue></Reference><Reference URI="images/wxicons/07.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>bV4gju3kZ780HDNOVP2lHE1TDW4=</DigestValue></Reference><Reference URI="images/wxicons/22.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>AeFmuHupwwVszEvbV94o0rngpCQ=</DigestValue></Reference><Reference URI="images/wxicons/01.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>6DsWdqkV1/ub3FaeUeXvxsQxckA=</DigestValue></Reference><Reference URI="images/wxicons/21.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>Z4W51hSrbkM5N91/F9xwDJwABb0=</DigestValue></Reference><Reference URI="images/wxicons/38.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>Jfl9KECyaQ68D0Fq2iyAHubQYJE=</DigestValue></Reference><Reference URI="images/wxicons/35.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>c1SmObYV0bMJwveQBuyOk/aHjoY=</DigestValue></Reference><Reference URI="images/wxicons/39.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>apdCy1y7Bhx4c8j8xZKpw9sLiHQ=</DigestValue></Reference><Reference URI="images/wxicons/34.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>RlUoSL1kyNF/LNHglKJojfidqDo=</DigestValue></Reference><Reference URI="images/wxicons/24.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>rp274RE36TIQ/cJqykbC1pfma64=</DigestValue></Reference><Reference URI="images/wxicons/31.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>4T9iGJPK46NYQtmGWyvMhFXqefg=</DigestValue></Reference><Reference URI="images/wxicons/15.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>V/kRSkl8RuSLp5XHkK+Ev2qkA/Q=</DigestValue></Reference><Reference URI="images/wxicons/02.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>LnzYacHZQ8dWbBsfY/xIBFf+FhY=</DigestValue></Reference><Reference URI="images/wxicons/26.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>L/fdXr1GduUly+gZoqoHtjSEeug=</DigestValue></Reference><Reference URI="images/wxicons/11.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>5tlEUU8jkLu69GjxyKrj/dlCBnE=</DigestValue></Reference><Reference URI="images/wxicons/03.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>eVam0Q5Ns+f0ivmOFlayoQjFJuQ=</DigestValue></Reference><Reference URI="images/btn_severe_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xkpq8N5rnVv2QUOOPEC3t2UZ3io=</DigestValue></Reference><Reference URI="images/bg_fade_prefs.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>mGtHZB8HWR4Kr46E9ibtgPqkSjg=</DigestValue></Reference><Reference URI="images/btn_previous.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>tYsSyliuIQHfoqX8Ljjd514gjiY=</DigestValue></Reference><Reference URI="images/btn_search.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>Xs3TiHv5GVKqvqKcH4QQTLGeL5M=</DigestValue></Reference><Reference URI="images/nav_calendar_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>km6Jeefk1pbxhKPuKdX0tAikn20=</DigestValue></Reference><Reference URI="images/bg_fade_location.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>dsoQD4U3FStFnFCn9IU8XZOnbZ8=</DigestValue></Reference><Reference URI="images/logo_leaf.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>AI6UYnx1653B/rX71hqlXRYayK0=</DigestValue></Reference><Reference URI="images/radar.jpg"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>IEaZz7VDYcwgBHJhTFttbNpSr8=</DigestValue></Reference><Reference URI="images/btn_done.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>VZYygwwnJmzSykTWnC3UMjx7UVU=</DigestValue></Reference><Reference URI="images/Thumbs.db"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>aXryLm/7bU2iLfP6mwM96Q7iFfk=</DigestValue></Reference><Reference URI="images/btn_plus.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>apIaI0Q/XpYkQIZgrE8y4KDpe34=</DigestValue></Reference><Reference URI="images/label_calendar.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>Ek3gLnM9lZCvsJrn49FinTEFoc=</DigestValue></Reference><Reference URI="images/btn_severe_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>rMRQheIr8WGukddQsbW79yPUa68=</DigestValue></Reference><Reference URI="images/bg_fade_about_wide.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>exAFOiVOEx5VKUopSxkbRc3RTLc=</DigestValue></Reference><Reference URI="images/btn_removelocation.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>BAAQeIMdUoZumMexhxIJFLOXy8M=</DigestValue></Reference><Reference URI="images/label_weathermap.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>QLd8kSOk/dq9/PtPl3hycoufBGw=</DigestValue></Reference><Reference URI="images/space.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>lPyPvOmX8EoCzEM8iIruq8hfHIE=</DigestValue></Reference><Reference URI="images/btn_magnify.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>3lSDkwWlIMufqacsbJ8dShiDvPc=</DigestValue></Reference><Reference URI="images/btn_next.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>5l3/6rRyibJQXlQdSfopJ4Q9e3o=</DigestValue></Reference><Reference URI="images/bg_fade_current_wide.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>klPlC3aqn33AAxtAzDCksik4CXo=</DigestValue></Reference><Reference URI="images/nav_hourly_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>oW7HwXpGfcEz6q1UEixc48IuEf0=</DigestValue></Reference><Reference URI="images/btn_shrink.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>/6ORP54At9CAqkQno9aCvbXCF2E=</DigestValue></Reference><Reference URI="images/bg_cal_date.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>g10327Jhy+CE2XXE62b6Ea6cUZg=</DigestValue></Reference><Reference URI="images/key.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>anFOcEcBGzbkeEsfKJ7+y3S2Y0E=</DigestValue></Reference><Reference URI="images/degree_f.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>QtJd4lj3Gaqm59G0J6TT87N9jLk=</DigestValue></Reference><Reference URI="images/bg_fade_about.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>rYYhIG+rT3f8jPqSuzC65g2BRuE=</DigestValue></Reference><Reference URI="images/degree_c.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>0AwnOwXF+1iAySDhG6u+WKGzmEE=</DigestValue></Reference><Reference URI="images/nav_maps_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>B7IsyllFvqC+hrxow9QlM+IdDkQ=</DigestValue></Reference><Reference URI="images/label_graph.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>8dKb7eEM6PKj2NqpJmTIA6d4OZw=</DigestValue></Reference><Reference URI="images/bg_fade_nav.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>0gR7yxY7kUde+5gnApaniAR70c4=</DigestValue></Reference><Reference URI="images/nav_forecast_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>T6cSnzVZ6+NYmcJkSxagrBG34VA=</DigestValue></Reference><Reference URI="images/bg_fade_content.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>eAAeix95CFcyTRFP0L37wCTiCT4=</DigestValue></Reference><Reference URI="images/nav_calendar_off.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>+7NYqrzg6E42x4bcSmI7oR+06Ok=</DigestValue></Reference><Reference URI="images/nav_graph_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>IuDRMdZ5SGeHtOUrIO6N8Kz2ug0=</DigestValue></Reference><Reference URI="images/logo_accu.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>/uv3wU6UomVHWqNw6FnQYutp19g=</DigestValue></Reference><Reference URI="images/nav_forecast_on.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>x+QqY/MePBUZryW4TH5q+IF1G+g=</DigestValue></Reference><Reference URI="config.xml"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xo9qqZXg+0DwkCx8Kks9jgMLaLA=</DigestValue></Reference><Reference URI="css/accuweather.css"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>wIZ0bV7p0RmG7GEQzl9GoN+MMEs=</DigestValue></Reference><Reference URI="icon.png"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>vReEx8PURNyRoFZDvLHfXSAW5U=</DigestValue></Reference></SignedInfo><SignatureValue>H6RxXxj0OfpZuhbNHUkm048kZ1uzlGUwQV4TadOvFJ0VKHIyjTcJgzx7ApSUmCTjg/5JaRufBjAzihXmd7UTkq+aVm8smRgHpr3puz0w2wKGhPizO0dz4qfw3U7lqV6eLgSDakRj1jnFgqcMVHI+0k5vvYeVxgUVi6bz2b+IbM=</SignatureValue><Object Id="CWRT"><SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties" ><SignatureProperty Id="profile"><dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile" /></SignatureProperty><SignatureProperty Id="role"><dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-distributor" /></SignatureProperty><SignatureProperty Id="identifier"><dsp:Identifier>{247220a7-f378-4151-83d3-6be32024c0ae}</dsp:Identifier></SignatureProperty></SignatureProperties></Object><KeyInfo><X509Data><X509Certificate>MIICzDCCAjWgAwIBAgIBADANBgkqhkiG9w0BAQUFADArMRAwDgYDVQQKEwdSRCBD
ZXJ0MRcwFQYDVQQDEw5SRCBDZXJ0aWZpY2F0ZTAeFw0wNDExMTUxMjQyMDZaFw0z
NzA5MjMxMjQyMDZaMCsxEDAOBgNVBAoTB1JEIENlcnQxFzAVBgNVBAMTDlJEIENl
cnRpZmljYXRlMIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQDLRF+r1FGGkCwT
rb420kbnAps7gi1yYUcXYUdWeFTuBeQe5eW46Y+LWaA8HMlDdoHRB0FgASisYcFa
gwno9+oFf4AJka4H1gWEs5XTGwAA1s0d8XGh7W7Dt9F5FZij8F7/9Pi6+FhhxZFI
f1DD+yry9D7+Sp+BgdNALe4XOpf25QIBA6OCAQAwgf0wDAYDVR0TBAUwAwEB/zAL
BgNVHQ8EBAMCAoQwHQYDVR0OBBYEFFi/kuGzxhVpjGxe9ZwlxC3fH9jFMFMGA1Ud
IwRMMEqAFFi/kuGzxhVpjGxe9ZwlxC3fH9jFoS+kLTArMRAwDgYDVQQKEwdSRCBD
ZXJ0MRcwFQYDVQQDEw5SRCBDZXJ0aWZpY2F0ZYIBADBsBgNVHSAEZTBjMGEGBFUd
IAAwWTATBggrBgEFBQcCARYHaHR0cDovLzBCBggrBgEFBQcCAjA2GjRGb3IgUiZE
IHVzYWdlIG9ubHkuIFRoaXMgY2VydGlmaWNhdGUgaXMgbm90IHRydXN0ZWQuMA0G
CSqGSIb3DQEBBQUAA4GBAHGB4RQMAgBdeT2hxfOr6f2nA/dZm+M5yX5daUtZnET9
Ed0A9sazLawfN2G1KFQT9kxEParAyoAkpbMAsRrnRz/9cM3OHgFm/NiKRnf50DpT
7oCx0I/65mVD2kt+xXE62/Ii5KPnTufIkPi2uLvURCia1tTS8JmJ8dtxDGyQt8BR</X509Certificate></X509Data></KeyInfo></Signature>>
// Instantiate the document to be validated
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
DocumentBuilder db = dbf.newDocumentBuilder();
dbf.setNamespaceAware(true);
Document doc = db.parse(file);Your problem is that you've instantiated the DocumentBuilder before you've made the factory namespace aware. As a result, does not know against which namespace it is parsing the XML file.
Change the lines of code to have the factory be namespace-aware before you instantiate the DocumentBuilder and then parse the class. You'll get past your "node not found" error to receive a number of other errors which you need to correct.
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse(file);As a practice when generating an XML document, you should try to validate it inside an IDE like Netbeans/Eclipse before trying to do anything with the document to ensure you've not only got a well-formed XML document, but also one that is "schema-conformant. Your XML signature is not (the Object element cannot come before the KeyInfo element, and the SignatureProperty element is missing the required Target attribute); as a result your Signature element will fail to pass validation even if your code is correct. A cursory review of the XML Signature specs and its XSD is always helpful: [http://www.w3.org/TR/xmldsig-core/].
Finally, please use the {code} tag for source-code to make it readable. Thanks.
Arshad Noor
StrongAuth, Inc. -
Send a digital signature along with xml file
My requirment is that I am to send a file along with digital signature,authorizing the envoys, which are conducted by the algorithm MD5
(cryptographic algorithm reduction of 128 bits) and RSA PCKS1. How to send it and at receiver end(SOAP Adapter) how to authenticate it?
What is algorithm MD5 (cryptographic algorithm reduction of 128 bits) and RSA PCKS1?Hi Jaideep,
do chk this links
Using Digital Signatures in XI
How to use Digital Certificates for Signing & Encrypting Messages in XI
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/9727ea90-0201-0010-be8e-b649280fe6ff
Regards
Sampath -
Digital Signature & Save As via internet
Hello,
I am currently trying to figure out a problem that my users are having when they are working with a web based application that handles workflow. When they open and then sign a pdf with their digitial signature they are prompted to save the document. The web developers have informed me that the user is supposed to save OVER the document already open without changing the name. Well, we can't. When we try and save over the document the following error pops:
"The document could not be saved. This file is already open or in use by another application."
The program creates a personal store for temporary documents that are "ckecked out" of the system in their own user folder. They have full rights to that folder.
Now - the developers of this application have assured me that this is NOT supposed to happen. We should be able to save over the current document and be perfectly fine.
The program is designed to capture the newly signed document and upload it back to the website with the same name.
If i do the same process without being connected to the internet I can save a file over itself with the same name after a signature without a problem. This only seems to happen when the document is opened through the internet.
I'm scratching my head after 10 days of trial and error and research. Is this an error with our systems here or is this a limitation of Acrobat and these developers are wrong?
We are using Acrobat Professional 8.2.2 with IE6 & XP SP3Not since Acrobat 9. It was done this way as a change to the way Digital Signatures were handled starting with Acrobat 9. There is a document that discusses the change on the Devnet site.
-
Is there a way to have a document do a Save instead of a Save As after signing? When saving PDF forms from the Web (such as Sharepoint) that contain '%20' in the place of spaces (ASCII), the Save As removes these characters which in essence creates a copy of the document.
Not since Acrobat 9. It was done this way as a change to the way Digital Signatures were handled starting with Acrobat 9. There is a document that discusses the change on the Devnet site.
-
Digital Signature Data File Issue
Hello all,
I am something of a network administrator / supervisor (by position not education so some of the technical aspects of my shop still alude me). Right now I am having an issue with digitally signing PDF files; previously when I signed the files the size would remain approximately the same (moving perhaps from 200 KB to 300 KB, however when I sign files now the size jumps to almost 7000 KB. Previously I had received a message when signing that indicated I could change a setting to add an extra layer of protection and my hypothesis is that this may be the cause, but I am not 100% sure of that.
Has anyone experienced this problem before, or have any possible solutions? My guess is that there is an option where Adobe controls how secure the signature I create has to be and it defaulted to the more secure, much larger file size after I received the initial notification.
Thank you for your guidance and wisdom.Hello all,
I am something of a network administrator / supervisor (by position not education so some of the technical aspects of my shop still alude me). Right now I am having an issue with digitally signing PDF files; previously when I signed the files the size would remain approximately the same (moving perhaps from 200 KB to 300 KB, however when I sign files now the size jumps to almost 7000 KB. Previously I had received a message when signing that indicated I could change a setting to add an extra layer of protection and my hypothesis is that this may be the cause, but I am not 100% sure of that.
Has anyone experienced this problem before, or have any possible solutions? My guess is that there is an option where Adobe controls how secure the signature I create has to be and it defaulted to the more secure, much larger file size after I received the initial notification.
Thank you for your guidance and wisdom. -
Cannot upgrade software on sensor due to digital signature update file
Attached is a jpg of the error message when trying to apply update through IDM for the latest version:
IPS-SSM_20-K9-sys-1.1-a-7.0-6-E4.img
I've downloaded the image twice now from Cisco. I've done a token reboot but that didnt help.
I did apply the recovery image right before this with no issues.
Any ideas?
Thanks,
JYou've experience a very common area of confusion.
There are multiple different file types of the same version.
Some of which can be applied through IDM and CLI, and otherwise which can only be applied through other methods.
Basic Types:
System Images
Recovery Packages
Uprgade Packages
System Images have "-sys-" in the filename and generally end in .img.
These files can Not be installed through IDM or the CLI.
These files will erase the entire compact flash and install a completely new image on the system.
These files are generally only used when trying to get back to an Older image, or when you believe that the current image on the sensor has been Corrupted.
They are not recommended for upgrading as the configuration of the sensor will be completely removed during erasing of the compact flash.
They are installed through either ROMMON (on appliances), from the hw-module recover command of the ASA (on ASA IPS modules), through the bootloader (on AIM and NME router modules), or through the maintenance partition (in the IDSM2 Cat 6K module).
In your case it was a System Image you were trying to install through IDM, which is not allowed.
Recovery Packages have "-r-" in the filename and end in .pkg.
They will re-image the Recovery partition of the sensor.
They are installed using IDM or the CLI upgrade command. (.pkg files work with the Upgrade command)
The "recover" command on the sensor can then be used to boot to the Recovery Partition and re-image the Application partition to that version.
The "recover" can be done from a remote box through an SSH connection to the sensor. Unlike System Images which often require a Console connection or connection to the hosting device.
Recovery Packages are recommended when you believe that the current image on the sensor has been Corrupted.
They can often be used for Downgrading to an older version, but this is not officially supported (and will sometimes fail, if it fails then you need to use a System Image instead).
Upgrade Packages come in different types.
Major, Minor, and Service Pack upgrade files do not have a designator in their name, and usually just have the platform and version.
Signature Updates have "-sig-" in the name.
Engine Updates have "-engine-" in the name.
All Upgrade Packages end in .pkg.
Upgrade Packages can be installed using IDM or the CLI upgrade command.
In your situation you want to download the Upgrade file for 7.0-6-E4 instead of the System Image file.
Because the SSM-20 has the common architecture it will use the standard upgrade file that does not list the platform name.
The package you want is IPS-K9-7.0-6-E4.pkg. -
Loading Invoice XML IDoc with digital signature via XI into R/3
Hi,
I received an Invoice XML IDoc with digital signature via Mail (for test purposes) and want to load it via XI into an R/3 systeme.
My idea is to load the Invoice XML IDoc file via the File Sender Adapter into XI and send it to the R/3 system via the IDoc Inbound adapter.
Due to the digital signature the file looks like this:
0 S *H÷
D0 @ 1 0 + 0 ' *H÷
0 0 û etc.
When I load the file like this with the File Sender Adapter, an error message occurs in the XI Monitoring as the XML Parser cannot read the file due to the digital signatur (as expected).
Has anybody an idea how I can configure the File Sender Adapter Communication Channel to be able to load only the XML IDoc and ignore the digital Signature strings?
Thanks in advance for your support.
AlexBTW
do use the second way you need:
Security Settings for the Sender Mail Adapter
http://help.sap.com/saphelp_nw04/helpdata/en/27/c0524257a1b56be10000000a155106/content.htm
and
Key Storage Service
http://help.sap.com/saphelp_webas630/helpdata/DE/e9/a1dd44d2c83c43afb5ec8a4292f3e0/content.htm
apart from adapter module config
Regards,
michal -
Xfa Form, Digital Signatures, file attachments and Reader 9
Hi,
In reader 8 and previous, when i wanted to have a form that could be signed, passed to the next persons, added attachement signed, repeat, while maintaining the signatures valid, i could.
Since we updated to reader 9.12 all previously signed documents appear with invalid signatures and if i try to attach a file, the add button just isn't there.
If i follow he following steps:
Server side:
- Create PDF from xdp + xml (using forms).
- Assign Form Fillin, Digital Signatures and File Attachment (using Reader Extentions)
Client side:
- Populate the Form data
- Attach files
- Certifiy
- Sign (multiple Signatures)
It works fine, but it isn't the workflow i had in previous versions.
The workflow i have here is:
Server side:
- Create PDF from xdp + xml (using forms).
- Assign Form Fillin, Digital Signatures and File Attachment (using Reader Extentions)
Client side:
- Populate the Form data
- Attach files
- add Signature (only locks a collections of form fields)
- Repeat until everyone has attached their files and signed.
The problem is that this worked fine in versions before 9 (all digital signatures here validated with the yellow exclamation mark indicating new content), but in 9 and up what i get, after validating the signatures in reader, is a information indicating that the signatures are invalid because the document is either corrupt or has been changed.
Is this a bug or has this been changed from version 8 to version 9?
I've read the changelist of reader 9 and it talks nothing about this situation or Digital Rights other than form fillin, annotations and digital signtatures (the ones we can choose in the certification wizard of Acrobat Pro).
Any idea if its possible to implement the second scenario in reader 9, or even if its possible? Is there a guide on the practices Adobe garaties will allow to validate signatures in the following years? Even if it means usings PDFA.
Thanks in advance.One last try.
You help would really be welcome in finding out the root cause of the difference in behaviour between reader 8 and 9 in this matter (bug or change).
I have no idea what documentation to read (since i've read the launch documentation and change list documentation) about reader 9, i've contacted Adobe 3 days ago (and the answer is silence, like usuall) and have no clear thought about what to say (without taking a huge risk by giving a uninformed answer) about this issue.
Thanks. -
XML digital signature XAdES support
Are there any plans for supporting XaDES Advanced electronic signature as specified by ETSI TS 101-93?
It's a quite common format, and well acknowledged (for instance by italian and other EU countries regulations).
Should i file or vote an RFE?Charles_F wrote:
Hi.
I would appreciate any help regarding the topic.
I need to create xml digital signature of files that are located in the same directory,
let's say working directory (current directory) of application.
I only get in the Reference tag with URI
<Reference URI="file:/D:/projects/netbeans/CryptoHelpers/form.xml>
althought I'd like to achieve
<Reference URI="form.xml">To do that, just specify "form.xml" when creating the Reference and not the complete path. Change:
Reference refList = xmlSignatureFactory.newReference(
srcFile.toURI().toString(),
digestMethod);
referenceList.add(refList);to:
Reference refList = xmlSignatureFactory.newReference(
filePath, digestMethod);
referenceList.add(refList);Also, make sure your baseURI is set to the directory that the file is located in and ends with a trailing slash. Change:
signContext.setBaseURI("file:/");to
signContext.setBaseURI("file:/D:/projects/netbeans/CryptoHelpers/"); -
XML Digital Signature Canonicalisation Error.
Hi,
I am writing JAVA code to perform XML Digital Signature and Verification. I am using jwsdp-2.0 jar files xmldsig.jar and xmlsec.jar.
I am successfully able to sing the xml but still have few issues.
1. Canoniclisation on SignedInfo is not happening. API is signing the SignedInfo Element without performing Canonicalisation. I turned on debugging and it shows FINE: Canonicalized SignedInfo:error. Because its not able to perform Canonicalisation verification fails on other end.
fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,(C14NMethodParameterSpec)null) is the canonicalisation param I am passing to SI.
2. Not able to specify XPointer in URI string when creating Reference object. It works fine with, just id of element as reference, but not with xpointer.
Any help on these issue is greatly appreciated.
Thanks for your help.
Ajit Rathod
CODE :
============================================================
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.spec.*;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.net.URLEncoder;
import java.security.*;
import java.util.Collections;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.*;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
public class GenEnveloped {
public static void main(String[] args) throws Exception {
String providerName = System.getProperty
("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",(Provider) Class.forName(providerName).newInstance());
String strRefURI = "";
strRefURI = "#testID";
Transform trf = fac.newTransform(CanonicalizationMethod.EXCLUSIVE,(TransformParameterSpec)null);
Reference ref = fac.newReference (strRefURI, fac.newDigestMethod(DigestMethod.SHA1,null), Collections.singletonList(trf),null,null);
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,(C14NMethodParameterSpec)null),fac.newSignatureMethod(SignatureMethod.HMAC_SHA1, null),Collections.singletonList(ref));
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse(new FileInputStream("testSamlData.xml"));
NodeList nlWSSESecurity = doc.getElementsByTagName("wsse:Security");
String strKey = "asefasfsadfasdfsfasfdfsdasdfasdf";
ByteArrayOutputStream baos = new ByteArrayOutputStream();
byte keyBytes[] = strKey.getBytes();
SecretKey sk = new SecretKeySpec(keyBytes,SignatureMethod.HMAC_SHA1);
XMLSignature signature = fac.newXMLSignature(si,null);
DOMSignContext dsc = new DOMSignContext (sk,nlWSSESecurity.item(0));
//DOMSignContext dsc = new DOMSignContext (sk,doc.getDocumentElement());
dsc.setDefaultNamespacePrefix("ds");
signature.sign(dsc);
OutputStream os;
boolean blFile = true;
if (blFile)
os = new FileOutputStream("testSamlDataSigned.xml");
System.out.println("Result is written out to File system");
else
os = System.out;
TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
trans.transform(new DOMSource(doc), new StreamResult(os));
}Charles_F wrote:
Hi.
I would appreciate any help regarding the topic.
I need to create xml digital signature of files that are located in the same directory,
let's say working directory (current directory) of application.
I only get in the Reference tag with URI
<Reference URI="file:/D:/projects/netbeans/CryptoHelpers/form.xml>
althought I'd like to achieve
<Reference URI="form.xml">To do that, just specify "form.xml" when creating the Reference and not the complete path. Change:
Reference refList = xmlSignatureFactory.newReference(
srcFile.toURI().toString(),
digestMethod);
referenceList.add(refList);to:
Reference refList = xmlSignatureFactory.newReference(
filePath, digestMethod);
referenceList.add(refList);Also, make sure your baseURI is set to the directory that the file is located in and ends with a trailing slash. Change:
signContext.setBaseURI("file:/");to
signContext.setBaseURI("file:/D:/projects/netbeans/CryptoHelpers/"); -
Digital Signatures and Coldfusion
I want to add a digital signature field (3 to be exact) to a PDF file that I
generate via coldfusion (via the cfdocument tag), OR use a form built in livecycle that once it is signed by the first person, the only allowable changes to the form are the second and third digital signature.
Any help would be appreciated as digital signatures are not handled in cfdocument as well (at all) as I had hoped.
Thanks,
DrewHello Francesco,
I want to generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
Digital Signatures and Document Encryption api
so my question is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
Kind Regards,
Kubra fatima. -
Has anyone had any success implimenting digital signatures (PKI) within APEX?
Here is a brief synapsis of what we are looking to accomplish and realize that third-party hardware/software might be necessary. We require users to login using LDAP credentials. We want them to be able to generate documents (i.e. PDF, Word, or Excel) from our application data. We want the users to have the ability to Digitally Sign their documents. We will be issuing individual private keys & certificates and we are considering generating the documents as XML. We are still in requirements gathering, but wanted to explore any and all capabilities within APEX.
Any thoughts? Thanks.Hello Francesco,
I want to generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
Digital Signatures and Document Encryption api
so my question is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
Kind Regards,
Kubra fatima. -
Digital signatures and view document througt URL
Hello together,
We use status document and digital signatures workflow and we canu2019t use URL link to documents which have been approved. In browseru2019s window I see digital signatures information and error :u201DHTTP 404 the web page cannot be foundu201D.
In transaction SOLAR01, SOLAR02 when, I display approved document, at first I see the windows with digital signatures information and then, after push enter - required document.
If document in status u201Cin progressu201D we donu2019t have problem.
Could you help me to resolve this problem or disable windows with signatures information?Hello Francesco,
I want to generate a digital signature (PKCS#7,XML) using SAP SSF API as explained in
http://help.sap.com/saphelp_nw04/helpdata/en/4f/65c3b32107964996a56e4165077e24/content.htm and in Amol Joshi's reply in
Digital Signatures and Document Encryption api
so my question is From which PI/XI version and its SPS this SAP SSF LIBRARY is supported ?
Kind Regards,
Kubra fatima. -
Validating digital signatures successfull on Win7 but fails on Vista/XP/W2K3
Microsoft has announced (Security Advisory 2880823: Recommendation to discontinue use of SHA-1) that
they will stop recognizing the validity of SHA-1 based certificates after 2016. Microsoft started to sign their files with digital signatures which use the stronger SHA-2 hashing algorithm. For the countersignatures (Time Stamping Authenticode Signatures)
they also use SHA-256. These certificates can be validated fine on Windows 7/8 but can't be validated on Windows Vista, Windows XP and Windows Server 2003R2. The status of certificates in the Certification Path are OK but on the older operating systems the
countersignature seem to be missing... See the forum thread
EMET 4.1 Update 1: 'The digital signature of the object did not verify.' on Vista/XP in the
Enhanced Mitigation Experience Toolkit (EMET) Support Forum for several screenshots.
Can someone explain this behavior and maybe provide a solution?
W. SpuHi,
It looks like it is related with this
https://technet.microsoft.com/library/security/2749655
This issue might be caused by a missing timestamp Enhanced Key Usage (EKU) extension during certificate generation and signing of Microsoft core components and software.
Microsoft is aware of an issue involving specific digital certificates that were generated by Microsoft without proper timestamp attributes. These digital certificates were later used to sign some Microsoft core components and software binaries. This
could cause compatibility issues between affected binaries and Microsoft Windows. While this is not a security issue, because the digital signature on files produced and signed by Microsoft will expire prematurely, this issue could adversely impact the ability
to properly install and uninstall affected Microsoft components and security updates.
So have you applied this update on XP\Vista\Server 2003?
http://support.microsoft.com/kb/2749655
This update will help to ensure the continued functionality of all software that was signed with a specific certificate that did not use a timestamp Enhanced Key Usage (EKU) extension. To extend their functionality, WinVerifyTrust will ignore the lack of
a timestamp EKU for these specific X.509 signatures.
Yolanda Zhu
TechNet Community Support
Maybe you are looking for
-
Safari 5.1.7 instability in Snow Leopard
I use Chrome, Firefox, and Safari depending on what project I am working on. The recent update to Safari 5.1.7 using Snow Leopard has only resulted in instability and constant crashing. Has anyone figured out why and how to stop it?
-
Displaying text from domain in ALV Grid OO
Hi all, i have a problem regarding ALV grid OO. I try to displaying domain text instead of domain value in the grid. The domain value range are: 1 text 1 5 text 5 6 text 6 I created a drop down list and it works fine, but the eintries in
-
i backed up my ipod and i lost all my music. And its not letting me put my music back on my iPod and i also tried to buy a song from iTunes but it didn't download to my IPod. So now i dont have any music on my ipod now
-
Which Apple servers are used for authentification?
Hello. I use iPad in corporate network via WiFi. Network is secured by gateway, which stands as a proxy for any inside/outside traffic. I have an issue - while using AppStore on iPad, after pressing Install button on any application, I got error mes
-
Including objects in a transporte request
Dear Gurus, I have two questions: 1) I tried to include objects manually in a transport request because I had to delete them from another request where they did not belong. I copied in a notepad the Program Id, Object Type and Object name in order to