- From: Joseph Reagle <reagle@w3.org>
- Date: Mon, 29 Jul 2002 13:02:38 -0400
- To: "David Wall" <dwall@Yozons.com>, <w3c-ietf-xmldsig@w3.org>
On Friday 26 July 2002 10:11 pm, David Wall wrote:
> Here's an example (with the attachment, logo, signature and public keys
> truncated for space) of what I have today. I think I have an
> understanding now of how to do this better, using Signature elements that
> reference the common data elements, but I'm not sure. Of course, I'd
> prefer to keep my data format and then wrap the signature elements we
> have with XML Signature elements.
I still can't say I undestand since you still seem to have your own
signature scheme (and use say the first signature is, " composed of the
elements: attachment.messageId, attachment.id, fileSize, createdTimestamp,
signedWithName, realSignedTimestamp, originalName, contentType, rawData,
preText, and postText and ipAddr." How do you know that?
Regardless, I might have a sense of your larger application, and this
pseudo-example demonstrates how might one do such a thing with XML
Signatures.
The following is a message with a header, body, and two attachments. Two
signature is included, the first is specified and contains two references:
one to the first attement, and another to the associated Signature
Properties. If you want to sign the *actual* attachment (instead of the
attement element iwth id = "a1") you would need a transform that isolates
the element content (e.g., XPath). You could further decode the base64 data
in that element content, as decribed in:
http://www.w3.org/TR/xmldsig-core/#sec-Object
<message>
<headers id="h1">...</headers>
<body id="b2">...</body>
<attachment id="a1">...</attachment>
<attachment id="a2">...</attachment>
<Signature id="s1">
<SignedInfo>
<CanonicalizationMethod Algorithm="../REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm=../xmldsig#dsa-sha1"/>
<Reference URI="a1">
<Transforms>
<Transform Algorithm="../isolate-the-base-64-encoded-object"/>
</Transforms>
<DigestMethod Algorithm="../xmldsig#sha1"/>
<DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue>
</Reference>
<Reference URI="sp1">
<Transforms>
<Transform Algorithm="../c14n"/>
</Transforms>
<DigestMethod Algorithm="../xmldsig#sha1"/>
<DigestValue>jcafebabe=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>MC0CFFrVLtRlk=...</SignatureValue>
<KeyInfo>...</KeyInfo>
<Object>
<SignatureProperties>
<SignatureProperty Id="sp" Target="s1">
<ipAddr>4.64.120.118</ipAddr>
<hostname>evrtwa2...</hostname>
<signedWithName><![CDATA[Leo Falcon]]></signedWithName>
<userSignedDate seconds="1018249200">04/08/2002</userSignedDate>
<realSignedTimestamp seconds="1018279613">04/08/02 8:26 AM
PDT</realSignedTimestamp>
<emailFullDisplayName confirmed="true" paidConfirmed="false"><![CDATA[
<leo.falcon@msn.com>]]></emailFullDisplayName>
<preText><![CDATA[By typing my name clicking the Add my signature
button, I agree to be bound to the terms described in the attached sales
representative agreement.]]></preText>
<postText><![CDATA[]]></postText>
</SignatureProperty>
</SignatureProperties>
</Object>
</Signature>
<Signature id="s2">...</Signature>
</message>
Received on Monday, 29 July 2002 13:03:08 UTC