I decided recently to take a tilt at the windmill of making an xmldsig application somewhat more approachable by driving it entirely from a web browser. The signing support in browsers at the moment (javascript crypto.signText method) generates a PKCS7 signature which contains all the usual data, but isn't directly morphable into a ds:Signature block due to the signature being over an ASN.1 block instead of a ds:SignedInfo. I'd like to propose a new signature algorithm which replicates the PKCS7 algorithm. Actually, rather than proposing, I'd also like to point y'all to an example of it at http://wiki.rcpt.to:8180/pkcs/ which will generate a ds:Signature block for an arbitrary document. The signing operation is done entirely on the browser with client-side certificates, although the transformation into a ds:Signature is server-side because I couldn't quite stomach the idea of writing an ASN.1 parser in Javascript. The generated signatures can be verified using a plugin for Apache's XML-Security toolkit available from http://wiki.rcpt.to/perl/wiki.pl?PKCSToXMLDSig (which also contains some random annotations on this little project). Comments warmly invited. m.Received on Wednesday, 29 March 2006 14:45:59 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 29 March 2006 14:46:00 GMT