|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
XML files and .Net, digital signatures, WebService SecurityWebService Security. >>>>> If any of our XML files are signed (which happens when being serialized through .net as part of WS-Security), then the files themselves will be completely corrupted if opened. Opening the file period has this impact. Part of using digital signatures is to detect if/when a file has been accessed (opened). Take a word doc, for instance, and hash with SHA, save and open. If you don't do anything to the file and just close it, the hash is broken. WS-Security signs the document, therefore opening the file will compromise the digest, therefore causing it to not work. >>>> Questions:I understand if the file is opened in an editorand then saved but what if they are viewed via IE? is any of the above statement correct? If so please point me to any White papers that would cover this topic. thanks! Signing a document, does not prevent it from being opened. Everyone can open
a document and the signature will still be valid. If one however opens AND alters/modifies the content - yes, the signature will be invalid as the hash you can generate (usually SHA1) will be changed. If you are concerned about revealing the content of a document, you need to encrypt it using the recipients public key. This has the effect, that only the recipient is capable of decrypting it to view the content. /Claus Show quoteHide quote "x-ref" wrote: > I am being told the following as it relates to .Net, digital signatures and > WebService Security. > > >>>>> > If any of our XML files are signed (which happens when being serialized > through .net as part of WS-Security), then the files themselves will be > completely corrupted if opened. > > Opening the file period has this impact. > > Part of using digital signatures is to detect if/when a file has been > accessed (opened). Take a word doc, for instance, and hash with SHA, save and > open. If you don't do anything to the file and just close it, the hash is > broken. > > WS-Security signs the document, therefore opening the file will compromise > the digest, therefore causing it to not work. > >>>> > > Questions: > I understand if the file is opened in an editorand then saved but what if > they are viewed via IE? is any of the above statement correct? > > If so please point me to any White papers that would cover this topic. > > thanks! > > 
Other interesting topics
CASPOL - StrongName trusts not being applied
TripleDES output size Thread.CurrentPrincipal only set once strong name validation failed problem Trusting a location for Framework 2.x how to use microsoft application blocks ent lib june 2005 interop assembly requiring full trust Windows File Encryption Re: Encrypting using RSA private Key Single sign on for Outlook Web Access. |
|||||||||||||||||||||||
