>If you are going to be using SignText on the client side and wish >to verify the signed text on the server side, you may want to >consider signing the text into an XMLSignature document & using >readily-available XMLSignature libraries (JWSDP, Apache) for the >verification.
A problem with this approach is that signText generates PKCS #7 signatures which are different (=incompatible) to XML Signatures. If you can accept non-standard XML Signatures there seems to be a way ahead: http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2006JanMar/0008.html A snag is that you don't really want to sign XML, but rather "a screen display of something comprehensible". >The advantage of using XMLSignature is that you can then parse >out the signed text with other readily-available libraries and >save them into databases (including XML databases) easily. signText only offers signing of plain-text. There are many real-world (= implemented) e-gov applications that require more than that, not to mention uploaded attachments. Due to the availability of several Java applet-based Open Source signature solutions that do not limit you to Firefox, plain-text, and PKCS #7, I would personally not bother with signText. Anders Rundgren Pablo Andrade wrote: > > I would like to ask you, if is there a solution out there so you can verifiy > a signature on the server, or it has to be developed from scratch? > > We have a e-goverment solution, who signs/verify plain text documents at > client side using CAPICOM. Now we are trying to use Firefox/Linux as an > alternative to IE/Windows. We think Crypto.SignText from Mozilla could be a > start, but we still have the verify problem. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
