data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/Readme.txt - santuario-xml-security-java - Git at Google

 Sample XML Signatures[1][2]

 [1] http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
 [2] http://www.w3.org/TR/2001/REC-xml-c14n-20010315

 1. A large and complex signature:

 This includes internal and external base 64, references of the forms
 "", "#xpointer(/)", "#foo" and "#xpointer(id('foo'))" (with and
 without comments), manifests, signature properties, simple xpath
 with here(), xslt, retrieval method and odd interreferential
 dependencies.

   signature.xml - A signature
   signature.tmpl - The template from which the signature was created
   signature-c14n-*.txt - All intermediate c14n output

 2. Some basic signatures:

 The key for the HMAC-SHA1 signatures is "secret".getBytes("ASCII")
 which is, in hex, (73 65 63 72 65 74). No key info is provided for
 these signatures.

   signature-enveloped-dsa.xml
   signature-enveloping-b64-dsa.xml
   signature-enveloping-dsa.xml
   signature-enveloping-hmac-sha1-40.xml
   signature-enveloping-hmac-sha1.xml
   signature-enveloping-rsa.xml
   signature-external-b64-dsa.xml
   signature-external-dsa.xml - The signatures
   signature-*-c14n-*.txt - The intermediate c14n output

 3. Varying key information:

 To resolve the key associated with the KeyName in `signature-keyname.xml'
 you must perform a cunning transformation from the name `Xxx' to the
 certificate that resides in the directory `certs/' that has a subject name
 containing the common name `Xxx', which happens to be in the file
 `certs/xxx.crt'.

 To resolve the key associated with the X509Data in `signature-x509-is.xml',
 `signature-x509-ski.xml' and `signature-x509-sn.xml' you need to resolve
 the identified certificate from those in the `certs' directory.

 In `signature-x509-crt-crl.xml' an X.509 CRL is present which has revoked
 the X.509 certificate used for signing. So verification should be
 qualified.

   signature-keyname.xml
   signature-retrievalmethod-rawx509crt.xml
   signature-x509-crt-crl.xml
   signature-x509-crt.xml
   signature-x509-is.xml
   signature-x509-ski.xml
   signature-x509-sn.xml - The signatures
   certs/*.crt - The certificates

 Merlin Hughes <merlin@baltimore.ie>
 Baltimore Technologies, Ltd.
 http://www.baltimore.com/

 Thursday, April 4, 2002
	Sample XML Signatures[1][2]

	[1] http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
	[2] http://www.w3.org/TR/2001/REC-xml-c14n-20010315

	1. A large and complex signature:

	This includes internal and external base 64, references of the forms
	"", "#xpointer(/)", "#foo" and "#xpointer(id('foo'))" (with and
	without comments), manifests, signature properties, simple xpath
	with here(), xslt, retrieval method and odd interreferential
	dependencies.

	signature.xml - A signature
	signature.tmpl - The template from which the signature was created
	signature-c14n-*.txt - All intermediate c14n output

	2. Some basic signatures:

	The key for the HMAC-SHA1 signatures is "secret".getBytes("ASCII")
	which is, in hex, (73 65 63 72 65 74). No key info is provided for
	these signatures.

	signature-enveloped-dsa.xml
	signature-enveloping-b64-dsa.xml
	signature-enveloping-dsa.xml
	signature-enveloping-hmac-sha1-40.xml
	signature-enveloping-hmac-sha1.xml
	signature-enveloping-rsa.xml
	signature-external-b64-dsa.xml
	signature-external-dsa.xml - The signatures
	signature--c14n-.txt - The intermediate c14n output

	3. Varying key information:

	To resolve the key associated with the KeyName in `signature-keyname.xml'
	you must perform a cunning transformation from the name `Xxx' to the
	certificate that resides in the directory `certs/' that has a subject name
	containing the common name `Xxx', which happens to be in the file
	`certs/xxx.crt'.

	To resolve the key associated with the X509Data in `signature-x509-is.xml',
	`signature-x509-ski.xml' and `signature-x509-sn.xml' you need to resolve
	the identified certificate from those in the `certs' directory.

	In `signature-x509-crt-crl.xml' an X.509 CRL is present which has revoked
	the X.509 certificate used for signing. So verification should be
	qualified.

	signature-keyname.xml
	signature-retrievalmethod-rawx509crt.xml
	signature-x509-crt-crl.xml
	signature-x509-crt.xml
	signature-x509-is.xml
	signature-x509-ski.xml
	signature-x509-sn.xml - The signatures
	certs/*.crt - The certificates

	Merlin Hughes <merlin@baltimore.ie>
	Baltimore Technologies, Ltd.
	http://www.baltimore.com/

	Thursday, April 4, 2002