I want to sign my xml files so that the persons I give them to can be certain that they are not tampered with and that I guarantee that these are XML files from me. Im using xmlseclib (php which seems to work). I have som questions I hope you could answer for me:
In the library I send a private RSA key and a certificate. How should I handle the certificate? If I use my cert I bought for my https server it is only valid for 1 year? I want my signed documents to valid forever. Should I generate my own cert? How do I do that in openssl?
Could someone please give me an overview of what goes into ds:SignatureValue, ds:DigestValue and ds:X509Certificate and how they are used?
My auto-added tag:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml- exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference>
<ds:Transforms>
<ds:TransformAlgorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>WHAT_GOES_HERE</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>WHAT_GOES_HERE</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>WHAT_GOES_HERE</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
Thanks