Re: XML digital signature verification

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: XML digital signature verification
From: Sam Roberts <vieuxtech@...>
Date: Wed, 27 May 2009 16:48:55 -0700

On Wed, May 27, 2009 at 3:40 PM, gary ng <garyng2000@yahoo.com> wrote:
> Out of curiosity, how can you embedd the signature into a body for something you want to sign ?

The xml document has an element which is signed, and the element which
contains the signature.

To the OP:

xml signature validation is hard because it requires canonicalization
of the xml prior to digest calculation (it's the digest which is
actually signed).

I suggest finding a C library that does this for you, writing a simple
C function on top that does the sig verification, then binding that
simple function into lua. I'd start by looking at libxml2, I think
they have canonicalization support, and somebody should have
implemented xml-sig on top of it by now.

Remember to verify the x.509 certificate, too, signatures mean nothing
if the signer isn't authenticated.

Sam

References:
- Re: XML digital signature verification, gary ng

Prev by Date: Re: Status of lposix?
Next by Date: Re: Status of lposix?
Previous by thread: Re: XML digital signature verification
Next by thread: Perforce API for Lua
Index(es):
- Date
- Thread