开发者

What does the digest and signature fields correspond to in the WS-Security x509 token profile?

开发者 https://www.devze.com 2023-02-08 18:52 出处：网络

an x509 cert has: a) the info, b) the public key, c) a signed value made from hashing (a)+(b), and then encrypted using the private key

相关专题：signature soap ws-security x509

an x509 cert has: a) the info, b) the public key, c) a signed value made from hashing (a)+(b), and then encrypted using the private key

The x509 token 开发者_如何学JAVAprofile includes the digestValue and signatureValue elements, shown in this example: http://publib.boulder.ibm.com/infocenter/cicsts/v3r1/index.jsp?topic=/com.ibm.cics.ts31.doc/dfhws/wsSecurity/dfhws_soapmsg_signed.htm

My question is, is the value of signatureValue the same as c)? And is digestValue the hash of a)+b)? If so, why is there a redundancy? Or am I not understanding something? Thanks.

DigestValue and SignatureValue tags are properties of the document, not of the certificate. DigestValue is a value of the digest calculated over the signed nodes, and SignatureValue is the signature of the digest, made using the key, information about which (key) is specified in KeyInfo.

You need to refer to XMLDSig standard for more details.