Jump to: navigation, search

Difference between revisions of "XST Project/UserGuide/Signing"

 
(XML Signature Wizard)
Line 2: Line 2:
  
 
[[Image:Egg-incubation.png|right]]
 
[[Image:Egg-incubation.png|right]]
 +
 +
The '''XML Signature Wizard''' consists of three pages, with a variable second page depending on the chosen keystore/ key option. To launch the wizard you either have to select an XML document in one of the supported views in the XML perspective or open an XML document in the WTP XML editor (in any perspective). Open the context menu, choose '''XML Security''' and click on '''New Signature...'''. In order to sign a selected XML fragment select the desired document part in the editor and launch the wizard as described before. The selection has to exist before launching the wizard, and it has to be well-formed: in case a start-tag is selected the end-tag must be selected too. Signing only text-content of an element is possible too.
 +
 +
== Resource and Signature Type ==
 +
 +
This is the first page of the XML Signature Wizard. You'll have to select the resource you want to sign, the signature type, the keystore/ key option and the Basic Security Profile option.
 +
 +
[[Image:Xst_sig_wiz_page_1.png‎|XML Signature Wizard page 1|center]]
 +
 +
'''Resource'''
 +
 +
It is possible to sign the complete document, the selected text or a document fragment specified by an XPath expression. The complete document is always possible. For a text selection this selection has to exist before launching the wizard and it has to be well-formed. XPath is always possible too. You can either enter an XPath expression in the textfield or you can select one in the dialog after clicking on the '''Browse...''' button. The XPath expression has to return exactly one element or element content. Signing attributes is not supported.
 +
 +
'''Signature Type'''
 +
 +
There are three different signature types available. The difference between them is the position of the signed data and the signature itself.An ''enveloped'' and an ''enveloping'' signature are relatively equal. Both types to store the signed data (and possibly some unsigned data as well) together with the signature in the same XML document. With the '''XML Security Tools''' the signature will be placed in the XML document you have chosen to sign.So, the difference between an enveloped and an enveloping signature is, that with an enveloping signature the signed content is moved inside the XML signature element (into an ''object'' element). With an enveloped signature, the signature is a child element of the signed data. A detached signature may be something completely different. The normal detached signature consists of two documents: one containing the signature and one containing the signed data. To make it more complicated you can create a detached signature within one document too (but not with the '''XML Security Tools'''). With the XML Signature Wizard you do have to select a file to sign when selecting to create a detached signature.
 +
 +
Confused about all the possibilities? Well, there are quite some, and the differences are not often that clear. Simply give it a try and sign your XML documents with the different signature types.
 +
 +
'''Keystore and Key'''
 +
 +
The chosen option here sets the following wizard page. You can either select to [[XST_Project/UserGuide/Signing#Use a Key from an existing Keystore | Use a Key from an existing Keystore]], to [[XST_Project/UserGuide/Signing#Insert a new Key in an existing Keystore | Insert a new Key in an existing Keystore]] or to [[XST_Project/UserGuide/Signing#Create a new Key and a new Keystore | Create a new Key and a new Keystore]].
 +
 +
'''Basic Security Profile'''
 +
 +
A Basic Security Profile compliant XML Signature has some restrictions in comparison to a regular XML Signature. By activating this checkbox all options in the XML Signature Wizard will be limited to options that are compliant to this profile. In case of the XML Signature Wizard this only limits the available algorithms on the [[XST_Project/UserGuide/Signing#Algorithms and Signature Properties | Algorithms and Signature Properties]] page.
  
 
[[Category:Eclipse Web Tools Platform Project]]
 
[[Category:Eclipse Web Tools Platform Project]]
 
[[Category:XML Security Tools]]
 
[[Category:XML Security Tools]]
 
[[Category:Draft Documentation]]
 
[[Category:Draft Documentation]]

Revision as of 02:06, 24 January 2010

XML Signature Wizard

Egg-incubation.png

The XML Signature Wizard consists of three pages, with a variable second page depending on the chosen keystore/ key option. To launch the wizard you either have to select an XML document in one of the supported views in the XML perspective or open an XML document in the WTP XML editor (in any perspective). Open the context menu, choose XML Security and click on New Signature.... In order to sign a selected XML fragment select the desired document part in the editor and launch the wizard as described before. The selection has to exist before launching the wizard, and it has to be well-formed: in case a start-tag is selected the end-tag must be selected too. Signing only text-content of an element is possible too.

Resource and Signature Type

This is the first page of the XML Signature Wizard. You'll have to select the resource you want to sign, the signature type, the keystore/ key option and the Basic Security Profile option.

XML Signature Wizard page 1

Resource

It is possible to sign the complete document, the selected text or a document fragment specified by an XPath expression. The complete document is always possible. For a text selection this selection has to exist before launching the wizard and it has to be well-formed. XPath is always possible too. You can either enter an XPath expression in the textfield or you can select one in the dialog after clicking on the Browse... button. The XPath expression has to return exactly one element or element content. Signing attributes is not supported.

Signature Type

There are three different signature types available. The difference between them is the position of the signed data and the signature itself.An enveloped and an enveloping signature are relatively equal. Both types to store the signed data (and possibly some unsigned data as well) together with the signature in the same XML document. With the XML Security Tools the signature will be placed in the XML document you have chosen to sign.So, the difference between an enveloped and an enveloping signature is, that with an enveloping signature the signed content is moved inside the XML signature element (into an object element). With an enveloped signature, the signature is a child element of the signed data. A detached signature may be something completely different. The normal detached signature consists of two documents: one containing the signature and one containing the signed data. To make it more complicated you can create a detached signature within one document too (but not with the XML Security Tools). With the XML Signature Wizard you do have to select a file to sign when selecting to create a detached signature.

Confused about all the possibilities? Well, there are quite some, and the differences are not often that clear. Simply give it a try and sign your XML documents with the different signature types.

Keystore and Key

The chosen option here sets the following wizard page. You can either select to Use a Key from an existing Keystore, to Insert a new Key in an existing Keystore or to Create a new Key and a new Keystore.

Basic Security Profile

A Basic Security Profile compliant XML Signature has some restrictions in comparison to a regular XML Signature. By activating this checkbox all options in the XML Signature Wizard will be limited to options that are compliant to this profile. In case of the XML Signature Wizard this only limits the available algorithms on the Algorithms and Signature Properties page.