Tip

The Java XML Digital Signature API Spec (JSR 105)

Those who've been reading my XML tips for any length of time, especially recently, will know that I just finished up a marathon 9-part collection of same on the subject of XSLT. After a brief hiatus, I'm now playing catch-up for all the cool XML specifications, tools and technologies I didn't have time to cover while dispatching that XSLT magnum opus. That explains why I'm reporting on something significant, but a little bit dated here. The API spec that provides the subject for this tip was actually released in final form on 7/12/2005.

Nevertheless, the Java XML Digital Signature API (JSR 105) Version 1.0 is worth covering for a variety of reasons, not least of which is that it makes a standard programming interface available to Java that complies with a variety of related W3C recommendations, including:

• XML-Signature Syntax and Processing

• XML-Signature XPath Filter 2.0

• Exclusive XML Canonicalization Version 1.0

This work is a joint effort that involved Sun, IBM and other companies under the direction of specification leads Anthony Nadalin (IBM) and Sean Mullan (Sun), who jointly now occupy the role of JSR 105 maintenance lead. JSR 105's approval involved affirmation votes from the Apache Software Foundation, Apple Computer, BEA Systems, Fujitsu, HP, IBM, Intel, IONA Technologies, JBoss, Nortel Networks, SAP AG, and Sun Microsystems.

JSR 105 provides a Java API that developers can use to generate and validate

    Requires Free Membership to View

XML signatures. It is also usable for Java programmers who might wish to implement JSR 105 and then register it as a cryptographic service for a JCA provider, a package or set of packages that supply a working implementation of the Java 2 DSK Security API cryptography features whether in whole or in part.

XML Signatures may be applied to any kind of digital content, including XML documents themselves. Signatures also apply to the content of one or more resources, where enveloped or enveloping signatures apply to data within the same XML document as the signature or where detached signatures apply to data external to the signature element itself. The specification also details with how to create and use XML signature elements and XML signature applications, while meeting proper conformance requirements. It explains methods to reference collections of resources and algorithms, as well as keying and management information.

The API specification consists of 6 packages:

• Javax.xml.crypto includes common classes for XML cryptography

• Javax.xml.crypto.dsig includes interfaces for the core elements defined in the W3C XML digital signature recommendation

• Javax.xml.crypto.dsig.spec includes interfaces and classes to represent input parameters for digest, signature, transform or canonicalization algorithms used to process XML signatures

• Two other packages relate to W3C DOM-specific classes

• A KeyInfo package supplies classes to parse and process KeyInfo elements and structures

For more information see the JSR 105 reference implementation within the Java Web Services Developer Pack 1.6 and the JSR-000105 XML Digital Signature APIs document on the Sun Web site.

About the author
Ed Tittel is a full-time writer and trainer whose interests include XML and development topics, along with IT Certification and information security topics. E-mail Ed with comments, questions, or suggested topics or tools for review.


This was first published in November 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.