9.1. Canonicalization—Essential for Signatures Over XML
Assume we have some data we want to sign. We calculate a digital signature, as described in Chapter 10, over the data using some key and algorithm. Next, we store the data and the digital signature or send them to another place. After subsequently retrieving or receiving the data, we expect the verification of the digital signature to indicate whether the data remains the “same.” It might seem that what it means to say that two instances of XML are the “same” is clear. In the real world, however, this determination turns out to be a difficult question.
The calculation of modern digital signatures involves signing a sequence of eight-bit binary bytes or octets. If the data being signed already ...
Get Secure XML: The New Syntax for Signatures and Encryption now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
