lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On Wed, May 27, 2009 at 3:40 PM, gary ng <> wrote:
> Out of curiosity, how can you embedd the signature into a body for something you want to sign ?

The xml document has an element which is signed, and the element which
contains the signature.

To the OP:

xml signature validation is hard because it requires canonicalization
of the xml prior to digest calculation (it's the digest which is
actually signed).

I suggest finding a C library that does this for you, writing a simple
C function on top that does the sig verification, then binding that
simple function into lua. I'd start by looking at libxml2, I think
they have canonicalization support, and somebody should have
implemented xml-sig on top of it by now.

Remember to verify the x.509 certificate, too, signatures mean nothing
if the signer isn't authenticated.