What does the digest and signature fields correspond to in the WS-Security x509 token profile?
an x509 cert has: a) the info, b) the public key, c) a signed value made from hashing (a)+(b), and then encrypted using the private key
The x509 token 开发者_如何学JAVAprofile includes the digestValue and signatureValue elements, shown in this example: http://publib.boulder.ibm.com/infocenter/cicsts/v3r1/index.jsp?topic=/com.ibm.cics.ts31.doc/dfhws/wsSecurity/dfhws_soapmsg_signed.htm
My question is, is the value of signatureValue the same as c)? And is digestValue the hash of a)+b)? If so, why is there a redundancy? Or am I not understanding something? Thanks.
DigestValue and SignatureValue tags are properties of the document, not of the certificate. DigestValue is a value of the digest calculated over the signed nodes, and SignatureValue is the signature of the digest, made using the key, information about which (key) is specified in KeyInfo.
You need to refer to XMLDSig standard for more details.
精彩评论