Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » XML » Security   (RSS)
Thursday, October 12, 2006 9:07 AM

XML Digital Signature Verification with Unknown URI Schemes

A few years back, there was a discussion thread on one of my XML digital signature posts about verifying an XML digital signature which had references to a URI prefixed with cid:. Recently Mattias Lindberg ran into this problem as well, and devised a
Posted by shawnfa | 0 Comments
Filed under: , ,
Thursday, November 03, 2005 1:48 PM

Adding SignatureProperties to SignedXml

One of the optional portions of the W3C XML digital signature specification allows for a set of SignatureProperties to be assigned to a signature. SignatureProperties allow the signer to place some metadata into the signature itself, such as the time
Posted by shawnfa | 3 Comments
Tuesday, December 14, 2004 1:27 PM

Hitting the Mailbag

I've gotten quite a few questions from this blog over the past several months. And although I can't answer all of them, here's some quick answers to some of the more common ones. If you do have more questions, its usually best to post them in the comments
Posted by shawnfa | 2 Comments
Filed under: , , ,
Tuesday, October 19, 2004 9:34 AM

I'm Published!

The November 2004 issue of MSDN magazine is available online now, and it includes the first article I've ever had published. I co-authored this month's Trustworthy Code article, Exchange Data More Securely with XML Digital Signatures and Encryption with
Posted by shawnfa | 4 Comments
Filed under: , ,
Thursday, September 02, 2004 2:26 PM

.NET 1.0 SP 3 and .NET 1.1 SP 1 Released

Today we pushed .NET 1.0 SP3 and .NET 1.1 SP1 onto Windows Update as a Critical Update. You can also download the service packs from the MSDN download center. Here's a brief review of what's new for security in each service pack: .NET 1.0 SP3 (v1.0.3705.6018)
Posted by shawnfa | 23 Comments
Filed under: , , ,
Wednesday, July 21, 2004 11:31 AM

Using DecryptDocument with Super-Encrypted Data

The EncryptedXml class comes with a nice utility method called DecryptDocument (For more information about using DecryptDocument check out my previous post introducing XML Encryption ). This method will decrypt all the EncryptedData elements it finds,
Posted by shawnfa | 2 Comments
Filed under: , ,
Wednesday, May 19, 2004 12:33 PM

Using the XSLT Transform with XML Signatures

One of the transforms that ships with the .Net framework is the XmlDsigXsltTransform, which implements the XSLT transform specified in the W3C recommendation. A few people have asked me to write a bit on how to use this transform, so here's a brief explanation
Posted by shawnfa | 5 Comments
Filed under: , ,
Tuesday, April 27, 2004 2:53 PM

xml:id and SignedXml

A few weeks back, I posted about customizing how SignedXml searches for XML elements identified by a reference to an ID. By default, SignedXml searches for elements with an attribute named Id that has the given value. Recently, the W3C has come up with
Posted by shawnfa | 4 Comments
Filed under: , ,
Wednesday, April 07, 2004 5:25 PM

Using XPath to Sign Specific XML

In my last posting , I promised to write about a more general purpose way of selecting specific XML to sign. Although the technique I presented in the last post will work, it requires a custom class derived from SignedXml, and will not work unless both
Posted by shawnfa | 13 Comments
Filed under: , ,
Monday, April 05, 2004 5:56 PM

Searching for Custom ID Tags With Signed XML

Last week, I blogged about using references to sign only specific parts of an XML document. The biggest limitation with doing this is that you must refer to the nodes that are being signed by ID, which for v1.1 and 1.0 of the framework was given by an
Posted by shawnfa | 16 Comments
Filed under: , ,
Wednesday, March 31, 2004 4:15 PM

Signing Specific XML With References

I've previously blogged about creating XML digital signatures using the .NET framework, but today I'd like to write about a more advanced technique using these signatures. My previous post signed an entire XML document, however, this is not always necessary
Posted by shawnfa | 6 Comments
Filed under: , ,
Tuesday, February 24, 2004 6:25 PM

Creating a SecurityElement from XML

Most of the .NET security system can be serialized out to XML, and knows how to deserialize itself from an XML stream. This would seem to make it easy to create security objects (such as PermissionSet's) from XML documents, or maybe use an XPath query
Posted by shawnfa | 2 Comments
Filed under: , ,
Wednesday, February 18, 2004 2:30 PM

Using XML Encryption With CipherReferences, Part 2 - Remote Data

Earlier this week, I posted about using cipher references to refer to data stored in the same document. Today I'll use the same technique, but instead of storing the encrypted data elsewhere in the document, I'm going to store it on a seperate server.
Posted by shawnfa | 3 Comments
Filed under: , ,
Monday, February 16, 2004 4:30 PM

Using XML Encryption With CipherReferences, Part 1 - Local Data

Most users of encrypted XML will encrypt their data and embed the resulting cipher value directly into the EncryptedData element, using a CipherValue tag. However, XML encryption also supports the use of CipherReferences, which allow you to place the
Posted by shawnfa | 5 Comments
Filed under: , ,
Thursday, January 22, 2004 11:53 AM

More Secure XML Digital Signatures

I've gotten some comments about my XML Digital Signatures entry, pointing out that since I chose to embed the signing key into the document, nothing is preventing anyone from simply removing the signature, modifying the document, and then resigning with
Posted by shawnfa | 8 Comments
Filed under: , ,
More Posts Next page »
 
Page view tracker