aspose file tools
The moose likes Other JSE/JEE APIs and the fly likes Using Java XML Digital Signature Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Elasticsearch in Action this week in the Big Data forum!
JavaRanch » Java Forums » Java » Other JSE/JEE APIs
Bookmark "Using Java XML Digital Signature" Watch "Using Java XML Digital Signature" New topic

Using Java XML Digital Signature

Henrik Engert
Ranch Hand

Joined: Apr 26, 2005
Posts: 70

We have xml that a client will send to us via a REST service. We would like to digitally sign this xml so we can be certain that it has not been tampered with during transmission. This is what we would like:

1. Client will generate it's own keystore
2. This keystore will then be used in the digital signature of the xml
3. The server side will then validate the signature to make sure no data has been altered.

The question is, is this possible to to it this way?

Any tips on what libraries etc. to use?


Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42954
The library you're looking for is Apache Santuario, the de facto standard implementation of XML-Sig and XML-Enc.
Henrik Engert
Ranch Hand

Joined: Apr 26, 2005
Posts: 70

So it is something that can be done right? Just wanted to post the question so we don't pursue something that is not possible to do.

Again Thanks!
Rob Spoor

Joined: Oct 27, 2005
Posts: 19908

For your server to be able to validate the signature, it needs information about the client's key store. Usually you use an asymmetric key pair, where the server has the private key and the client has the public key.
If the server doesn't know anything about how the signature was generated, it cannot validate it.

How To Ask Questions How To Answer Questions
I agree. Here's the link:
subject: Using Java XML Digital Signature