Digitally signed documents/Strong Encryption: Python modules ??
Andrew Kuchling
akuchlin at mems-exchange.org
Fri Apr 20 12:20:36 EDT 2001
Steve Purcell <stephen_purcell at yahoo.com> writes:
> The receiver gets the document from wherever, and separately obtains the
> signed checksum and public key of the document provider. Using the public
> key he can verify that the checksum is the correct one, and he can compare
> this checksum with the one he calculates from the document.
The W3C also has some work going on about signing XML:
http://www.w3.org/Signature/ . One issue is that two XML documents
can be different and yet still have the same meaning due to trivial
changes such as the order of attributes and use of entities. For
example, <document a="foo" b="bar"/> is the same as <document b="bar"
a="foo" />. The approach taken seems to be putting the document
in a canonical format and then signing the resulting set of bytes.
--amk
More information about the Python-list
mailing list