aspose file tools*
The moose likes Other JSE/JEE APIs and the fly likes Using Java XML Digital Signature Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Other JSE/JEE APIs
Bookmark "Using Java XML Digital Signature" Watch "Using Java XML Digital Signature" New topic
Author

Using Java XML Digital Signature

Henrik Engert
Ranch Hand

Joined: Apr 26, 2005
Posts: 70
Hi,

We have xml that a client will send to us via a REST service. We would like to digitally sign this xml so we can be certain that it has not been tampered with during transmission. This is what we would like:

1. Client will generate it's own keystore
2. This keystore will then be used in the digital signature of the xml
3. The server side will then validate the signature to make sure no data has been altered.

The question is, is this possible to to it this way?

Any tips on what libraries etc. to use?

Thanks!


SCJP 5.0, SCWCD
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42263
    
  64
The library you're looking for is Apache Santuario, the de facto standard implementation of XML-Sig and XML-Enc.


Ping & DNS - my free Android networking tools app
Henrik Engert
Ranch Hand

Joined: Apr 26, 2005
Posts: 70
Thanks!

So it is something that can be done right? Just wanted to post the question so we don't pursue something that is not possible to do.

Again Thanks!
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19718
    
  20

For your server to be able to validate the signature, it needs information about the client's key store. Usually you use an asymmetric key pair, where the server has the private key and the client has the public key.
If the server doesn't know anything about how the signature was generated, it cannot validate it.


SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6
How To Ask Questions How To Answer Questions
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Using Java XML Digital Signature