XML schema for digital signatures
There are 2 notes for this topic, click above title to see all notes.
May 03, 2011 14:27:15 Last update: May 03, 2011 14:28:06
The XML schema for a contact might look like this:
With XML digital signatures, a
which no longer validates with the original schema.
The schema should be updated to (with the addition of digital signature namespace, schema
<?xml version="1.0" encoding="UTF-8"?> <schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="http://example.com/ns/contact" xmlns:cntct="http://example.com/ns/contact" elementFormDefault="qualified" version="1.0"> <annotation> <documentation> Contact Definition 1.0 </documentation> </annotation> <element name="contact" type="cntct:ContactType"/> <complexType name="ContactType"> <sequence> <element name="first-name" type="string"/> <element name="last-name" type="string"/> <element name="address" type="cntct:USAddress"/> </sequence> </complexType> <complexType name="USAddress"> <sequence> <element name="number" type="string"/> <element name="street" type="string"/> <element name="city" type="string"/> <element name="state" type="string"/> <element name="zip" type="string"/> </sequence> </complexType> </schema>
With XML digital signatures, a
Signature element is inserted inside the contact element after the contact file is signed. Like this:
<?xml version="1.0" encoding="UTF-8" standalone="no"?><contact xmlns="http://example.com/ns/contact"> <first-name>Jack</first-name> <last-name>Smith</last-name> <address> <number>1234</number> <street>N. 14th</street> <city>Chicago</city> <state>IL</state> <zip>60634</zip> </address> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>03WEA1MBlg12nHxKLQFNEFxkAOI=</DigestValue></Reference></SignedInfo><SignatureValue>SbvGv97hRIf8319hYHIG/c37XBDud/8KwH/7P53T/8ne6nit9itH9BGpfnn+il9wsW3aPSiJwMqv 3uTAfhv5v3FwSrDdcJ5L7zmF1E0xYpOhZN2JVLbjXkRSDQ2EijQDd0SrjnzGONGcGQ3ymwzTDmne wamXxKsBilXmjXSi+ig=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>rZXAxLaJEX2Mk+k6h5C7Am6WUnNEM6HG30Jol23SfqFFFzA8cKMVctP2i3b9JD31/zLsbcL1dZKg /rCbfliewPLbNR2Q/mW42EyQy7ndK6i5qBRJWuaHvaL5fMuoKd7if06tp8poxEv8ovyano0djZyD zwAa+9Xz3ElrgjRn/gs=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature></contact>
which no longer validates with the original schema.
The schema should be updated to (with the addition of digital signature namespace, schema
import and Signature ref):
<?xml version="1.0" encoding="UTF-8"?> <schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="http://example.com/ns/contact" xmlns:cntct="http://example.com/ns/contact" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="qualified" version="1.0"> <annotation> <documentation> Contact Definition 1.0 </documentation> </annotation> <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/> <element name="contact" type="cntct:ContactType"/> <complexType name="ContactType"> <sequence> <element name="first-name" type="string"/> <element name="last-name" type="string"/> <element name="address" type="cntct:USAddress"/> <element ref="dsig:Signature"/> </sequence> </complexType> <complexType name="USAddress"> <sequence> <element name="number" type="string"/> <element name="street" type="string"/> <element name="city" type="string"/> <element name="state" type="string"/> <element name="zip" type="string"/> </sequence> </complexType> </schema>
Easy email testing with http://www.ximailstop.com
