Search code examples
xml-signaturexml-dsig

From where the Digest in xmlSig is created?

From where the Digest in xmlSig is created?

Its only a checksum/hash from the soap header? have some special treatment on this?

thanks

Solution

  • For example if I want sign this file (test.xml):

    <root>
    <creditcard>
        <number>19834209</number>
        <expiry>02/02/2002</expiry>
    </creditcard>
</root>

    With X.509 or Digital signature identity, etc, you have to sign test.xml with a tool that allow generate XML signed.

    This tool must generate an <signature>....</signature> with specifications from xmlsig Like: 

    <Signature>
  <SignedInfo>
    <CanonicalizationMethod />
    <SignatureMethod />
    <Reference>
       <Transforms>
       <DigestMethod>
       <DigestValue>
    </Reference>
    <Reference /> etc.
  </SignedInfo>
  <SignatureValue />
  <KeyInfo />
  <Object />
</Signature>

    This signature is attached to xml file (test.xml), here you can try it in c# http://msdn.microsoft.com/en-gb/library/ms229745(v=vs.80).aspx