开发者

What does the digest and signature fields correspond to in the WS-Security x509 token profile?

an x509 cert has: a) the info, b) the public key, c) a signed value made from hashing (a)+(b), and then encrypted using the private key

The x509 token 开发者_如何学JAVAprofile includes the digestValue and signatureValue elements, shown in this example: http://publib.boulder.ibm.com/infocenter/cicsts/v3r1/index.jsp?topic=/com.ibm.cics.ts31.doc/dfhws/wsSecurity/dfhws_soapmsg_signed.htm

My question is, is the value of signatureValue the same as c)? And is digestValue the hash of a)+b)? If so, why is there a redundancy? Or am I not understanding something? Thanks.


DigestValue and SignatureValue tags are properties of the document, not of the certificate. DigestValue is a value of the digest calculated over the signed nodes, and SignatureValue is the signature of the digest, made using the key, information about which (key) is specified in KeyInfo.

You need to refer to XMLDSig standard for more details.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜