Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Android - verify the signature of XML

Tags:

android

xml

I have signed XML document (by pure Java with RSA and X509 tags) on the web and I have implemented XML pull parser - before I parse some information from my XML document to specific URL, I need to verify this document if it is the right one. Do you know how to check XML signature?

Thanks

edit:

my XML file looks like follows:

 <?xml version="1.0" encoding="UTF-8" standalone="no" ?> 
  <application id="1">
  <appversion>1.0</appversion> 
  <obligatory>yes</obligatory> 
  <update>http://www.xyz.....</update> 
  <check>http://www.xyz.....</check> 
  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    <ds:SignedInfo>
      <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" /> 
      <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 
      <ds:Reference URI="#1">
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> 
        <ds:DigestValue>fuv...</ds:DigestValue> 
    </ds:Reference>
  </ds:SignedInfo>
  <ds:SignatureValue>PC0+4uO4...</ds:SignatureValue> 
  <ds:KeyInfo>
  <ds:KeyValue>
    <ds:RSAKeyValue>
      <ds:Modulus>gEs/Fn2Gd5evwhlUgoS3...</ds:Modulus> 
      <ds:Exponent>AQAB</ds:Exponent> 
    </ds:RSAKeyValue>
  </ds:KeyValue>
  <ds:X509Data>
    <ds:X509IssuerSerial>
      <ds:X509IssuerName>CN=abc abc,OU=abcs,O=abc,L=abc,ST=abc,C=abc</ds:X509IssuerName> 
      <ds:X509SerialNumber>123456...</ds:X509SerialNumber> 
    </ds:X509IssuerSerial>
    <ds:X509SubjectName>CN=abc abc,OU=abcs,O=abc,L=abc,ST=abc,C=abc</ds:X509SubjectName> 
    <ds:X509Certificate>MIIDhzCCAm+gAwIBAgI...</ds:X509Certificate> 
  </ds:X509Data>
  </ds:KeyInfo>
 </ds:Signature>

like image 701
Waypoint Avatar asked Jan 19 '23 22:01

Waypoint

1 Answers

In J2EE Java you would use javax.xml.crypto as detailed here

http://java.sun.com/developer/technicalArticles/xml/dig_signature_api/

However these are not part of the standard Android package.

It may be a manageable amount of work to make your own package of the bits of the source you need.

http://google.com/codesearch/p?hl=en#-WpwJU0UKqQ/src/share/classes/javax/xml/crypto/dom/DOMCryptoContext.java&d=5

like image 175
Jim Blackler Avatar answered Jan 22 '23 10:01

Jim Blackler
Sign in to Comment

Related questions

Large amount of images to reference, don't want to hardcode support for each image

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!