- From: Chris Solc <csolc@adobe.com>
- Date: Mon, 6 Oct 2008 19:23:40 -0700
- To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
Use Case:
A customer wishes to use an XML signature to sign a binary file where a section of the file is permitted to change. An example would be an image file that contains meta-data that changes as it is edited by different applications.
Requirement:
The ability to sign a subset of a non XML resource.
Proposal:
Add a new ByteRange transform that produces as output, a subset of the input Octet stream. The ByteRange transform contains a collection of byte ranges (defined by a starting byte offset and a length value) that describe the exact set of bytes from the input Octet stream to be used in the digest calculation of the signatures. More than one byte range can be used do exclude a set of bytes in the middle of the input Octet Stream.
Example:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
...
<Reference URI="./image.jpeg">
<Transforms>
<Transform Algorithm="http://www.w3.org/2009/xmldsig#ByteRange">
<ByteRange>
<Range offset="0" length="20"/> <!-- first 20 bytes of the image -->
<Range offset="220" length="50"/> <!-- bytes 220 to 270 -->
</ByteRange>
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue></SignatureValue>
</Signature>
Received on Tuesday, 7 October 2008 02:24:20 UTC