堆栈内存溢出
  简体   繁体   English

具有x509证书和加密功能的数字签名

[英]Digital signature with x509 certificate and encryption

 原文  2012-04-20 10:32:31       c#/ java/ digital-signature/ x509/ x509certificate2

问题描述

I want to sign the xml document which will be validated at server. 我想签署将在服务器上验证的xml文档。 i dont know how to sign and encrypt the xml file using digital certificates such as .cer and .pfx files. 我不知道如何使用数字证书(例如.cer和.pfx文件)对xml文件进行签名和加密。 i googled out & found various examples but could not understand the standard way ie 我用谷歌搜索并找到了各种示例,但无法理解标准方法,即

What are the step by step process to sign and encrypt the xml file 对xml文件进行签名和加密的逐步过程是什么

One catch here is, 这里有一个陷阱,

i want to sign and encrypt the file on client(.net c# code) in such a way that it could be validated and decrypt at server(java code) 我想对客户端(.net c#代码)上的文件进行签名和加密,以便可以在服务器上对其进行验证和解密(java代码)

2 个解决方案

解决方案1
 1  2012-04-20 10:34:31

If you want to do this both in C# and in Java, you might want to take a look at BouncyCastle. 如果要在C#和Java中都执行此操作,则可能需要看一下BouncyCastle。 This is a popular library for working with encryption and it supports C# and Java. 这是用于加密的流行库,它支持C#和Java。

Resource: http://www.bouncycastle.org/ 资源: http//www.bouncycastle.org/

解决方案2
 0  2012-04-20 10:53:44

What you need is called XMLDSig and XMLEnc (these are names of corresponding standards for signing and encryption of XML in XML way in opposite to PKCS7/CMS which encrypts and signs data as opaque blobs). 您需要的是XMLDSig和XMLEnc(这是用于以XML方式对XML进行签名和加密的相应标准的名称,与PKCS7 / CMS相对,后者将数据作为不透明的Blob进行加密和签名)。

Java has built-in XMLDSig API ( read the article here ) though there seems to be no native way for XMLEnc. Java内置了XMLDSig API(请参阅此处的文章 ),尽管XMLEnc似乎没有本机的方法。

.NET Framework 4.0 also has built-in mechanisms for XML signing and encryption, yet they are not so obvious. .NET Framework 4.0还具有用于XML签名和加密的内置机制,但是它们并不那么明显。 See how-tos here . 在此处查看操作方法

Our company offers extensive library for security tasks named SecureBlackbox, and SecureBlackbox includes flexible and easy to use support for XMLDSig, XMLEnc and XAdES. 我们公司提供了大量用于安全任务的库,称为SecureBlackbox,并且SecureBlackbox包括对XMLDSig,XMLEnc和XAdES的灵活且易于使用的支持。 Both .NET and Java editions are available. .NET和Java版本均可用。 Read details about XMLBlackbox package of SecureBlackbox. 阅读有关 SecureBlackbox的XMLBlackbox软件包的详细信息

Update: If you don't care about format and the only route of your XML data is from one particular place to another, then you can use PKCS#7/CMS instead of XMLDSig and XMLEnc. 更新:如果您不关心格式,并且XML数据的唯一路由是从一个特定位置到另一个位置,则可以使用PKCS#7 / CMS代替XMLDSig和XMLEnc。 As said above, CMS treats your data as opaque blob and wraps it into binary data. 如上所述,CMS将您的数据视为不透明的Blob,并将其包装为二进制数据。 BouncyCastle is one of options then and SecureBlackbox can also be of use. BouncyCastle是当时的选项之一,SecureBlackbox也可以使用。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 x509和数字签名 - x509 and digital signature 检查x509证书的签名 - Check signature for x509 certificate Windows或浏览器是否保存X509证书的签名? - Do Windows or browsers save the signature of X509 certificate? 充气城堡的CMS签名X509证书 - CMS Signature X509 Certificate with Bouncy Castle 证书链 X509 - Certificate chain X509 X509证书合格吗? - Is X509 certificate qualifed? X509证书格式 - X509 Certificate format 如何从 .NET 和 C# 中的 SAML 断言中的数字签名参数以编程方式创建 X509 证书 - How to programmatically create a X509 cert from the digital signature parameters in a SAML assertion in .NET and C# 使用 X509 密钥的文件加密 - File Encryption using X509 Keys 通过X509Certificate加载时,私钥证书不支持数字签名 - Private key certificate does not support digital signature when loaded via X509Certificate
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM