advertisement
javaboutique
Search Tips
Articles  |   Tutorials  |   Reviews  |   Tools  |   by Category  |   by Date  |   by Name  |   Submit  |   Source  |   Forums  |  
javaboutique
Browse DevX


Partners & Affiliates


advertisement

Tutorials : Tighten Data Security with the Java XML Digital Signature API :

Looking Inside an XML Digital Signature

Suppose you're starting with an XML signature that looks like Listing 1.

Here's a description of these XML elements:

  • <Signature>: This is the main element of your XML signature. It encapsulates the whole signature and is used as a "flag" to find the XML signature.

  • <SignedInfo>: This element encapsulates the actual signature.

  • <CanonicalizationMethod>: This element uses the Algorithm attribute to specify which algorithm is used to canonicalize the <SignedInfo> element. This operation converts the XML content to a physical form, before <SignedInfo> is signed/validated. To specify the algorithm, this element uses an URI.

  • <SignatureMethod>: This element uses the Algorithm attribute to specify which algorithm is used to generate the signature. The algorithm is specified using an URI.

  • <Reference>: This element identifies the data that is signed. <SignatureMethod> allows more than one <Reference> child. The empty string passed to the URI attribute indicates the root of the document (the whole document). The URI attribute can be an external link (http://...) or an internal link (specified with the "#" character).

  • <Transforms>: This element contains one or more <Transform> elements. The <Transform> element uses the Algorithm attribute to specify the algorithm used to transform data before signing, validating, or digesting it. In this case, the algorithm is specified by using an URI. In other cases, you can use XPath Filter Transform, which allows you to select a subset of nodes to be signed by using an XPath expression (http://www.w3.org/TR/xmldsig-filter2/).

  • <DigestMethod>: This XML element uses an Algorithm attribute to specify the algorithm used to digest the data. The algorithm is specified using an URI.

  • <DigestValue>: This element contains the digest value encoded as a base64 value.

  • <SignatureValue>: This XML element contains the signature value of the signature over the <SignedInfo> element as a base64 value.

  • <KeyInfo>: This element contains information about the key used to validate the signature. The content of this element is dependent of the signature type, as you will see in the coming examples.

Generate an Enveloped XML Signature Using KeyPairGenerator Class

An XML signature is known as an enveloped signature—if it is over data that contains the <Signature> element itself.

First thing's first. Suppose you have the following, average XML document: 

<?xml version="1.0" encoding="UTF-8"?>

<math>
<simple-equations>
  <first_degree_equation>
      First-degree equation:
      <terms_first_degree a="0.0" b="0.0"></terms_first_degree>
      <solution>"-b/a"</solution>
  </first_degree_equation>
</simple-equations>
</math>
Next, follow these steps to sign this document with an enveloped XML signature using the KeyPairGenerator class:
  1. Create an XMLSigantureFactory Object: You'll use the getInstance method. This method searches a DOM-supporting provider and returns the XMLSignatureFactory implementation.

  2. Create a Reference Object: You'll specify the URI ("" represents the whole document) and create a DigestMethod object and a Transform object. You'll use the Reference object to identify the data that will be signed. All these objects are created using the XMLSignatureFactory created during Step 1.

  3. Create a SignedInfo Object: This object is created using the CanonicalizationMethod object, a SignatureMethod object, and a list of References.

  4. Create the KeyInfo Object: You'll first create a pair of keys, using the KeyPairGenerator, a KeyInfoFactory object, and a KeyValue object.To create KeyValue, use the KeyInfoFactory and the public key. To create the KeyInfo object, you will use the KeyInfoFactory and the KeyValue.
    5. ]

  5. Prepare the Document to be Signed: This is an easy job, based on a simple DOM routine for obtaining the Document object.

  6. Signing the Document: First, you'll need to create an instance of the DOMSignContext by using the private key and the Document root. This object will be passed to the sign method later. Next, to sign the document, create an XMLSignature object (using the SignedInfo and the KeyInfo objects) and call the sign method.

  7. Write the Signed Document into a File: This task can be accomplished in various ways (per example, using a Transformer).
Now that you know the theory, let's see a concrete example. The application shown in Listing 2 exemplifies exactly what you've read in the above seven steps. The document to be signed is called in.xml and the output will be saved into a file named outEnveloped.xml. The code that follows shows the output: 
<?xml version="1.0" encoding="UTF-8" standalone="no"?><math>
<simple-equations>
  <first_degree_equation>
      First-degree equation:
      <terms_first_degree a="0.0" b="0.0"/>
      <solution>"-b/a"</solution>
  </first_degree_equation>
</simple-equations>
<Signature xmlns=
"http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm=
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><SignatureMethod Algorithm=
"http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI=
""><Transforms><Transform Algorithm=
"http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms><DigestMethod Algorithm=
"http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>
PlQASEXK+FR8BAhzfgtKfh79LmM=
</DigestValue></Reference></SignedInfo><SignatureValue>
nA6rYiwQ0Bz4ec87zyVh5tLpT435zSVPX9VrDM+aOCUwMoYZObxpc1CvDEgorrtCAFbu2fIN+LYj
xq8ZRshDPg==</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>
sUQKShQ/4yooq8PynHhT6IorNJ6mXr1sMLZvuDAqKPx3VEs74s0SelkF2G/dnz5Bn7OQmMEtiJgH
BICTElsYgw==
</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>
</KeyValue></KeyInfo></Signature></math>

Home / Articles / Tighten Data Security with the Java XML Digital Signature API / 1 / 2 / Next Page

How to Add Java Applets to Your Site

New on the Java Boutique:

New Review:

Time Management Made Easy with the Quartz Enterprise Job Scheduler
Why not just use the Java timer API? This open source scheduling API boasts simplicity, ease-of-integration, a well-rounded feature set, and it's free!

New Applet:

Reverse Complement
Reverse Complement is a simple applet that converts DNA or RNA sequences into three useful formats.

Elsewhere on internet.com:

WebDeveloper Java
Lots of Java information on webdeveloper.com

WDVL Java
Thorough Java resource at the Web Developer's Virtual Library.

ScriptSearch Java
Hundreds of free Java code files to download.

jGuru: Your View of the Java Universe
Customizable portal with online training, FAQs, regular news updates, and tutorials.

 DevX Skillbuilding from IBM developerWorks
 RIA Run Contest: Build Next-Gen Apps in Microsoft Silverlight 2
 Avaya DevConnect Center
 Intel Go Parallel Portal
 Internet.com eBook Library
 Microsoft RIA Development Center
 Destination .NET
XML error: not well-formed (invalid token) at line 53
advertisement
Receive Articles via our XML/RSS feed
Receive Articles via our XML/RSS feed

JavaBytes
Internet Cyclone
This powerful, easy-to-use, internet optimizer is for Windows 95, 98, ME, NT, 2000 and XP. It's designed to automatically optimize your Windows settings, boosting your Internet connection up to 200%.

SaaS Tool Offers Custom Database Development
Microsoft’s Automated Agent: Can We Talk?
Borland Finally Sells CodeGear
Red Hat Heads For The JON 2.0
Out with the Old, in with the New at JavaOne
Trolltech Expands WebKit Footprint
Oracle: Eating its Own Open Source Food
Big Money and Open Source May Not Compute
Open Source Embrace Gives Sun New Fans
NetBeans, OpenSolaris Also in Spotlight at JavaOne

Taming Trees: Building Branching Structures
Clean Up Function Syntax Mess with decltype
Sutter Speaks: The Future of Concurrency
INTEL SCAVENGER HUNT, LENOVO X300 AND APPLE IPOD TOUCH GIVEAWAY (the "Giveaway")
Comparing Multi-Core Processors for Server Virtualization
Intel® Desktop Business Computing Solutions
Intel: What Downturn?
Managing the Evolving Data Center
Implement Drag and Drop in Your Windows Forms Applications
Processing Linked Web Data with XSLT

Advertising Info  |   Member Services  |   Contact Us  |   Help  |   Feedback  |   Site Map  |   Network Map  |   About



JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers
Solutions
Whitepapers and eBooks
Microsoft Article: HyperV-The Killer Feature in WinServer ‘08
Avaya Article: How to Feed Data into the Avaya Event Processor
Microsoft Article: Install What You Need with Win Server ‘08
HP eBook: Putting the Green into IT
Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
 Avaya Article: Setting Up a SIP A/S Development Environment
IBM Article: How Cool Is Your Data Center?
Microsoft Article: Managing Virtual Machines with Microsoft System Center
HP eBook: Storage Networking , Part 1
Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
MORE WHITEPAPERS, EBOOKS, AND ARTICLES
Webcasts
Intel Video: Are Multi-core Processors Here to Stay?
On-Demand Webcast: Five Virtualization Trends to Watch
HP Video: Page Cost Calculator
Intel Video: APIs for Parallel Programming
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
MORE WEBCASTS, PODCASTS, AND VIDEOS
Downloads and eKits
Sun Download: Solaris 8 Migration Assistant
Sybase Download: SQL Anywhere Developer Edition
Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
 Red Gate Download: SQL Compare Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS
Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
IBM Article: Collaborating in the High-Performance Workplace
HP Demo: StorageWorks EVA4400
 Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
Microsoft How-to Article: Get Going with Silverlight and Windows Live
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES