Jesus, You have a number of alternatives, probably none of them that attractive :-(
1. Accept signText as is. 2. Use Java applets. Much more common than signText as far as I know. example: http://openoces.org 3. Use the signText code as a basis for a signTextXML 4. Hope that I and others succeed with creating a more useful thing than signText example: http://webpki.org/WASP-tutorial.pdf Anders ----- Original Message ----- From: "j.fabre" <[EMAIL PROTECTED]> To: "Anders Rundgren" <[EMAIL PROTECTED]> Cc: <dev-tech-crypto@lists.mozilla.org>; <[EMAIL PROTECTED]> Sent: Monday, December 11, 2006 15:09 Subject: A possible solution to integrate crypto.Signtext PKCS #9 signing time attributes with XML-Signature ? Hi Anders (and Mikolaj and all the Mozilla mail-list subscribers :-) ) I´ve analized the information at the links you provided me, but the inconvenient for the signing mechanism proposed is that the resulting signature doesn´t match with the XML-Signature standard. They use a strange attribute called AuthenticatedAttributes, where the signing date and content type attribute are placed in. Do you think that there could be any way to avoid the use of the AuthenticatedAttributes element to conform to XML-Signature standard ? What do you think about substitute it for a Reference element, which points to the extra attributes added by Signtext function, encapsulated, for example, in a <ds:Object> element in order to be XML-Signature standard compliant ? I think that it would be desirable that the resulting XML-Signature element could be verified by any library which implements XML-DSig, without any kind of extra "custom" components. Any help will be appreciated. Regads. Jesús el tuty. Anders Rundgren escribió: >Hi again Jesús, >Thanx for the nice comment. > >Maybe the following links could be of some interest? > >http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2006JanMar/0008.html >http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2006AprJun/0007.html > >I also think that a native solution would be much better but unfortunately >the Mozilla team is fairly uninterested in these things. One of the reasons >is of course that there is no real standard for the thing I call "on-line >signing" >which involves (as I see it) quite a bit more than producing XML DSig, >because the document/view must be in there in some way. There are >*many* ways to do that. All of them quite different :-( > >regards >Anders Rundgren > >----- Original Message ----- >From: "j.fabre" <[EMAIL PROTECTED]> >Cc: <dev-tech-crypto@lists.mozilla.org> >Sent: Tuesday, December 05, 2006 20:04 >Subject: Re: Problem with crypto.Signtext and A PKCS #9 signing timeattribute > > >Hi Anders, > >First of all, I must thank you for your "more than quick" answer, and >then I will explain you my concrete situation: > >I´m trying to convert the signature produced by crypto.signtext() to XML >format at the server-side. In order to achieve this, I need a "clean" >detached signature, without any kind of "extra" date attributes. I think >that only in this way I could map the signature produced by >crypto.signtext() to an XML signature. >I think that the most appropiate option would be to implement a >"non-java" plugin that accesses to Firefox´s credential store. But I >don´t know certainly if this option is feasible. > >Could you help me to solve this subject ? > >Thanks a lot man. >Jesús el tuty. > >Anders Rundgren escribió: > > > >>Hi J, >> >>Your only option is to try a proprietary signature plugin. >>There are many, most of them are in the form of Java applets. >>Some are free, including open source, some are licensed. >> >>Personally I think that you should try to live with the >>client-side time-stamp because it adds some evidence to >>the on-line transaction. Commercial signature plugins >>AFAIK, almost always insert time-stamps and often >>other things as well, like the URI of the requester. >> >>A signature without any environmental attributes (context) >>seems a bit "naked" in my opinion. >> >>Anders Rundgren >> >> >>----- Original Message ----- >>From: "j.fabre" <[EMAIL PROTECTED]> >>To: <dev-tech-crypto@lists.mozilla.org> >>Sent: Tuesday, December 05, 2006 19:15 >>Subject: Problem with crypto.Signtext and A PKCS #9 signing time attribute >> >> >>Hi all, >>I´m looking for a signing tool which allows me to sign a text in Mozilla >>Firefox (now I´m using version 2.0 of this browser). I found >>crypto.Signtext function, but this tool adds a PKCS#9 signing time >>attribute that I want to avoid. >> >>¿Anyone knows how I could sign text, forms, etc from Firefox 2.0 without >>any kind of extra attribute in the final signature? >> >>Any help will be appreciated. >>Thanks in advance. >> >>PD1: I have tried with secclab extension, but it doesn´t install >>properly in Firefox 2.0 >>PD2: ¿It would be posible to create a "custom Signtext" function which >>doesn´t include this time attribute? >>_______________________________________________ >>dev-tech-crypto mailing list >>dev-tech-crypto@lists.mozilla.org >>https://lists.mozilla.org/listinfo/dev-tech-crypto >> >> >> >> >> >> >> > > >-- >-------------------------------------------------------------------- > > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
