Hi Anders (and Mikolaj and all the Mozilla mail-list subscribers :-) )
I´ve analized the information at the links you provided me, but the
inconvenient for the signing mechanism proposed is that the resulting
signature doesn´t match with the XML-Signature standard. They use a
strange attribute called AuthenticatedAttributes, where the signing date
and content type attribute are placed in.
Do you think that there could be any way to avoid the use of the
AuthenticatedAttributes element to conform to XML-Signature standard ?
What do you think about substitute it for a Reference element, which
points to the extra attributes added by Signtext function, encapsulated,
for example, in a <ds:Object> element in order to be XML-Signature
standard compliant ?
I think that it would be desirable that the resulting XML-Signature
element could be verified by any library which implements XML-DSig,
without any kind of extra "custom" components.
Any help will be appreciated.
Regads.
Jesús el tuty.
Anders Rundgren escribió:
Hi again Jesús,
Thanx for the nice comment.
Maybe the following links could be of some interest?
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2006JanMar/0008.html
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2006AprJun/0007.html
I also think that a native solution would be much better but unfortunately
the Mozilla team is fairly uninterested in these things. One of the reasons
is of course that there is no real standard for the thing I call "on-line
signing"
which involves (as I see it) quite a bit more than producing XML DSig,
because the document/view must be in there in some way. There are
*many* ways to do that. All of them quite different :-(
regards
Anders Rundgren
----- Original Message -----
From: "j.fabre" <[EMAIL PROTECTED]>
Cc: <dev-tech-crypto@lists.mozilla.org>
Sent: Tuesday, December 05, 2006 20:04
Subject: Re: Problem with crypto.Signtext and A PKCS #9 signing timeattribute
Hi Anders,
First of all, I must thank you for your "more than quick" answer, and
then I will explain you my concrete situation:
I´m trying to convert the signature produced by crypto.signtext() to XML
format at the server-side. In order to achieve this, I need a "clean"
detached signature, without any kind of "extra" date attributes. I think
that only in this way I could map the signature produced by
crypto.signtext() to an XML signature.
I think that the most appropiate option would be to implement a
"non-java" plugin that accesses to Firefox´s credential store. But I
don´t know certainly if this option is feasible.
Could you help me to solve this subject ?
Thanks a lot man.
Jesús el tuty.
Anders Rundgren escribió:
Hi J,
Your only option is to try a proprietary signature plugin.
There are many, most of them are in the form of Java applets.
Some are free, including open source, some are licensed.
Personally I think that you should try to live with the
client-side time-stamp because it adds some evidence to
the on-line transaction. Commercial signature plugins
AFAIK, almost always insert time-stamps and often
other things as well, like the URI of the requester.
A signature without any environmental attributes (context)
seems a bit "naked" in my opinion.
Anders Rundgren
----- Original Message -----
From: "j.fabre" <[EMAIL PROTECTED]>
To: <dev-tech-crypto@lists.mozilla.org>
Sent: Tuesday, December 05, 2006 19:15
Subject: Problem with crypto.Signtext and A PKCS #9 signing time attribute
Hi all,
I´m looking for a signing tool which allows me to sign a text in Mozilla
Firefox (now I´m using version 2.0 of this browser). I found
crypto.Signtext function, but this tool adds a PKCS#9 signing time
attribute that I want to avoid.
¿Anyone knows how I could sign text, forms, etc from Firefox 2.0 without
any kind of extra attribute in the final signature?
Any help will be appreciated.
Thanks in advance.
PD1: I have tried with secclab extension, but it doesn´t install
properly in Firefox 2.0
PD2: ¿It would be posible to create a "custom Signtext" function which
doesn´t include this time attribute?
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
--
--------------------------------------------------------------------
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
