10.1. Introduction to XML Digital Signatures
What does a digital signature “mean”?
In reality, it merely associates some data with a “key.” The application that generates the signature must have access to the data to be signed and the signature generation key. Later, an application can verify the signature if it has access to the signed data and to the signature verification key. (The verification key may or may not be the same as the generation key, depending on the kind of authentication in use.) If the signature is verified, the verifier knows that either some application with the generation key has produced the signature or an adversary has broken the cryptographic algorithms. Let's assume good cryptographic algorithms and good control over ...
Get Secure XML: The New Syntax for Signatures and Encryption now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.