SignedInfo into the SignatureValue. It is a combination of a key-dependent algorithm and a digest algorithm, here DSA and SHA-1. The KeyInfo element indicates the key used to validate the signature. This element is not mandatory.

Example 2-11 An XML digital signature

<Signature Id="UnitedSignature" xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo>

<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>

<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>

<Reference URI="http://www.w3.org/TR/2000/REC-xhtml1-20000126/"> <Transforms>

<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>

</Transforms>

<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>kgqwequetuwetqwetteuqteuyyey</DigestValue>

</Reference>

</SignedInfo>

<SignatureValue>iu7e876werew776er</SignatureValue>

<KeyInfo>

<KeyValue>

<DSAKeyValue> <p>...</p><Q>...</Q><G>...</G><Y>...</Y>

</DSAKeyValue>

</KeyValue>

</KeyInfo>

</Signature>

Transforms

When a document or parts of a document are decrypted, we say it is transformed into a decrypted form. The user may need to encrypt parts of a document that already has parts of it that have been encrypted by another user. This user may not be able, or may not need to, decrypt those parts that he has no authority of interest over. The W3C published a candidate recommendation on Decryption Transform for XML Signature in March 2002 that addresses this situation.

In the following example, some data (as in line 11) has already been encrypted, and the user needs to further encypted data of his own.

Example 2-12 Part encryption of an XML document

[01]<ticket Id="EXTYGH">

[02]<passengers>

38 The XML Files: Development of XML/XSL Applications Using WebSphere Studio

Page 54
Image 54
IBM Version 5 manual Transforms, Example 2-11 An XML digital signature, Example 2-12 Part encryption of an XML document