0

I am currently developing an integration code where in before sending the request XML I need to digitally sign it. I have researched a lot over it.

Initial xml: 

<?xml version ="1.0" encoding="utf-8">
<command>
some xml
</command>

Resultant xml must be: 

<?xml version="1.0" encoding ="utf-8">
<command>
some xml...
<signature>
some signature value...
</signature>
</command>

The code I am using is: 

`SecureRandom secureRandom = new SecureRandom();
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
KeyPair keyPair = keyPairGenerator.generateKeyPair();

Signature signature = Signature.getInstance("SHA1WithRSA");

signature.initSign(keyPair.getPrivate(), secureRandom);

byte[] data = myxmlstring.getBytes("UTF-8");
signature.update(data);

byte[] digitalSignature = signature.sign();
  • All the help is showing me above kind of code.
  • I am completely new to Java cryptography.
  • I have to sign the xml using private key and share the public key to the middleware for verification.
  • I need to understand how to generate key store, key pair and certificates, use the keys and how to share the public key with the middleware.
Mikev
  • 2,012
  • 1
  • 15
  • 27
Saif Khan
  • 1
  • See this https://www.oracle.com/technetwork/articles/javase/dig-signature-api-140772.html – pedrofb Feb 26 '19 at 09:37
  • Thanks @pedrofb . I have read those docs but the signature tag in the article you shared is having lots of elements like signedinfo etc. while my requirement is to only have a signature tag with the value inside it. see resultant xml posted in my question. – Saif Khan Feb 26 '19 at 09:58
  • `XMLDsig` is the standard for XML signatures. If you are going to make a signature that does not meet the standard (absolutely not recommended), then include in your question how do you expect the signature value to be calculated from the XML. Note that you are going to alter the original XML message, so the verifier party will not be able to apply the same algorithm as you to calculate the digest on the document – pedrofb Feb 26 '19 at 10:30
  • My requirement is to remove the and then then sign the remaining xml. The resultant xml must have signature tag with only signature value with it. No further tags within signature tag. Something like below dasdsadasdasdkasdasdasda(some signature valye) – Saif Khan Feb 28 '19 at 05:16
  • Refer to this [SO Answer](https://stackoverflow.com/a/63173083/9659885). It has Javascript API signXML. Also other Signing APIs. It can sign XML from USB or local Certificate store from web browser. You may send signed B64 string to your server and integrate in your XML the way you want it to be. – Bharat Vasant Sep 02 '20 at 05:51

0 Answers0