Sample XML Signatures[1][2] [1] http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/ [2] http://www.w3.org/TR/2001/REC-xml-c14n-20010315 1. A large and complex signature: This includes internal and external base 64, references of the forms "", "#xpointer(/)", "#foo" and "#xpointer(id('foo'))" (with and without comments), manifests, signature properties, simple xpath with here(), xslt, retrieval method and odd interreferential dependencies. signature.xml - A signature signature.tmpl - The template from which the signature was created signature-c14n-*.txt - All intermediate c14n output 2. Some basic signatures: The key for the HMAC-SHA1 signatures is "secret".getBytes("ASCII") which is, in hex, (73 65 63 72 65 74). No key info is provided for these signatures. signature-enveloped-dsa.xml signature-enveloping-b64-dsa.xml signature-enveloping-dsa.xml signature-enveloping-hmac-sha1-40.xml signature-enveloping-hmac-sha1.xml signature-enveloping-rsa.xml signature-external-b64-dsa.xml signature-external-dsa.xml - The signatures signature-*-c14n-*.txt - The intermediate c14n output 3. Varying key information: To resolve the key associated with the KeyName in `signature-keyname.xml' you must perform a cunning transformation from the name `Xxx' to the certificate that resides in the directory `certs/' that has a subject name containing the common name `Xxx', which happens to be in the file `certs/xxx.crt'. To resolve the key associated with the X509Data in `signature-x509-is.xml', `signature-x509-ski.xml' and `signature-x509-sn.xml' you need to resolve the identified certificate from those in the `certs' directory. In `signature-x509-crt-crl.xml' an X.509 CRL is present which has revoked the X.509 certificate used for signing. So verification should be qualified. signature-keyname.xml signature-retrievalmethod-rawx509crt.xml signature-x509-crt-crl.xml signature-x509-crt.xml signature-x509-is.xml signature-x509-ski.xml signature-x509-sn.xml - The signatures certs/*.crt - The certificates Merlin Hughes Baltimore Technologies, Ltd. http://www.baltimore.com/ Thursday, April 4, 2002