XML Security Suite: Increasing the Security of E-Business

By Doug Tidwell
2005-05-18


Verifying a digital signature
The XML Security Suite provides a utility, SampleVerify, that verifies a digital signature. You can check a given signature to ensure that the signed resource has not changed, and you can check that the signature matches the information in the sender's certificate. If a signature is valid, Listing 5 shows the results you'll get:

Listing 5. SampleVerify application

java SampleVerify -dom < external-signature.xml Signer: CN=Doug Tidwell, OU=developerWorks, O=IBM, L=Research Triangle Park, ST=North Carolina, C=US SignedInfo Bytes: 1069 ---------------------------------------- --> Location: file:///d:/xss4j/samples/sonnet.xml Validity: Ok --> SignedInfo: Ok --> All: Ok ----------------------------------------

If you change the signed file, the signature will no longer be valid. To illustrate this, add a blank space to the end of one of the <line> elements. Change <line>My mistress' eyes are nothing like the sun,</line> to <line>My mistress' eyes are nothing like the sun, </line>.

When we check the signature again, Listing 6 shows the results:

Listing 6. SampleVerify application (changed file)

java SampleVerify -dom < external-signature.xml Signer: CN=Doug Tidwell, OU=developerWorks, O=IBM, L=Research Triangle Park, ST=North Carolina, C=US SignedInfo Bytes: 1069 ---------------------------------------- --> Location: file:///d:/xss4j/samples/sonnet.xml Validity: NG Reason: Digests were mismatched. --> SignedInfo: Ok --> All: NG ----------------------------------------

Because the changed XML document doesn't match the digital signature, you know not to trust the document. (If someone other than the original document signer had tried to pass themselves off as the creator of the digital signature, the SignedInfo message would have indicated that.)

Tutorial Pages:
» A brief overview of Web security
» Creating a secure session
» The XML Security Suite
» XML Signatures
» About the sample programs
» Creating a certificate
» Signing an internal XML resource
» Signing an external XML resource
» Signing a non-XML resource
» Verifying a digital signature
» The joys of nonrepudiability
» Canonical XML
» Element-level encryption
» Other utilities
» Summary
» Resources


First published by IBM DeveloperWorks

Related Tutorials: » Starting with XML » Performing Client-Side XSL Transformations » Create a Google Sitemap for your Web Site » XML and Scripting Languages » Parsing Comma-Separated Values » Servlets and XML: Made for Each Other

Tutorials AJAX ASP CGI & Perl CSS Flash HTML Illustrator Java JavaScript Linux MySQL PHP Photoshop Python Wireless XML Miscellaneous Scripts AJAX ASP ASP.NET CGI & Perl Flash Java JavaScript PHP Python Remotely Hosted Tools & Utilities XML Web Hosting Articles ASP.NET Budget Dedicated Servers Ecommerce Linux Resellers Shared Small Business Windows Developer Manuals Learn HTML Learn PHP Learn CSS Learn AJAX Learn JavaScript Learn Pear White Papers Resources Developer Tools Developer Content