- From: Mikolaj Habryn <dichro@rcpt.to>
- Date: Thu, 30 Mar 2006 01:25:04 +1100
- To: w3c-ietf-xmldsig@w3.org
I decided recently to take a tilt at the windmill of making an xmldsig application somewhat more approachable by driving it entirely from a web browser. The signing support in browsers at the moment (javascript crypto.signText method) generates a PKCS7 signature which contains all the usual data, but isn't directly morphable into a ds:Signature block due to the signature being over an ASN.1 block instead of a ds:SignedInfo. I'd like to propose a new signature algorithm which replicates the PKCS7 algorithm. Actually, rather than proposing, I'd also like to point y'all to an example of it at http://wiki.rcpt.to:8180/pkcs/ which will generate a ds:Signature block for an arbitrary document. The signing operation is done entirely on the browser with client-side certificates, although the transformation into a ds:Signature is server-side because I couldn't quite stomach the idea of writing an ASN.1 parser in Javascript. The generated signatures can be verified using a plugin for Apache's XML-Security toolkit available from http://wiki.rcpt.to/perl/wiki.pl?PKCSToXMLDSig (which also contains some random annotations on this little project). Comments warmly invited. m.
Received on Wednesday, 29 March 2006 14:45:59 UTC