mace-opensaml-users - Re: [OpenSAML] Validating signature with KeyValue
Subject: OpenSAML user discussion
List archive
- From: Brent Putman <>
- To:
- Subject: Re: [OpenSAML] Validating signature with KeyValue
- Date: Thu, 03 Apr 2008 19:36:17 -0400
Massimiliano Masi wrote:
Hello all,
I've a signature like this:
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>vVGporEy+B3+h3dFv7/Up0IOWfS7XCr2K2Vq1KgGI6Jc9mCaYnYy+U3ko0LUVXY2Z+01vgzVtWes
8yroJ1WL03xlS71Q0jbA5DKHeQBPYaSTQzpkFscFmndk/Hp5PGsfNTmch/0CP24k0/0XB+gEe4rX
T15TDCy/e5Lumk658wc=</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
I don't know exactly how to work with this.
I get the list of keyvalue from keyinfo, like this:
And now? Is it correct?Do you have examples or test?
How can I create a credential for signature verification?
You can either use a KeyInfo resolver (as you can can for any of the KeyInfo elements), this is probably the preferred way. For example:
KeyInfoCredentialResolver kiResolver = Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver();
Credential cred = kiResolver.resolveSingle( new CriteriaSet( new KeyInfoCriteria(keyInfo)) );
Or you can process the KeyValue "manually" with this helper method.
PublicKey pubKey = KeyInfoHelper.getKey(keyValue);
Credential cred2 = SecurityHelper.getSimpleCredential(pubKey, null);
Or how can I create trust relationship with the cert in my truststore?
There is an example of how to combine all this KeyInfo processing with signature validation + trust establishment with a trust engine here:
https://spaces.internet2.edu/display/OpenSAML/OSTwoUserManJavaDSIG
- Validating signature with KeyValue, Massimiliano Masi, 04/03/2008
- Re: [OpenSAML] Validating signature with KeyValue, Brent Putman, 04/03/2008
Archive powered by MHonArc 2.6.16.