问题描述
我有一个XML文档,其结构类似于以下
: < envelope&
< header> blaa< / header>
< message> blaa blaa< / message>
< footer>< / footer>
< / envelop>
我要对头部和消息元素进行数字签名并将签名添加到页脚元素。 p>
如何签署元素,然后验证签名(使用.net c#)?
您应该能够为签名添加XPath-Transform。应该看起来像这样:
< Transform Algorithm =http://www.w3.org/TR/1999 / REC-xpath-19991116>
< XPath xmlns:dsig =& dsig;>
...
< / XPath>
< / Transform>
我不熟悉XPath,但应该很容易制定一个XPath表达式,页脚元素。 (但是请注意,XPath是XML-DSIG的一个可选部分,因此并非所有实现都支持它。)
或者,如果您可以将文档重构为
< envelope>
< header> blaa< / header>
< message> blaa blaa< / message>
< Signature>< / Signature>
< / envelop>
或
< envelope>
< signedEnvelope>
< header> blaa< / header>
< message> blaa blaa< / message>
< / signedEnvelope>
< Signature>< / Signature>
< / envelop>
您可以使用包络签名转换(第一种情况)或签署signedEnvelope元素第二种情况)。
I have an XML document having structure similar to the following
<envelop>
<header>blaa</header>
<message>blaa blaa</message>
<footer></footer>
</envelop>
I want to digitally sign the header and message elements and add the signature to the footer element.
How can I sign the elements and then later verify the signature (using .net c#) ?
You should be able to add an XPath-Transform to the Signature. It should look something like this:
<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath xmlns:dsig="&dsig;">
...
</XPath>
</Transform>
I am not fluent in XPath, but it should be easy to formulate an XPath-expression that excludes the Footer-element. (But note that XPath is an optional part of XML-DSIG, so not all implementations may support it).
Alternatively, if you could restructure your document to be
<envelop>
<header>blaa</header>
<message>blaa blaa</message>
<Signature></Signature>
</envelop>
or
<envelop>
<signedEnvelope>
<header>blaa</header>
<message>blaa blaa</message>
</signedEnvelope>
<Signature></Signature>
</envelop>
you could handle it by using an Enveloped Signature Transform (first case) or by signing the signedEnvelope element (second case).
这篇关于数字签名XML文档的部分的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!