Previous
Chapter 9
XML Digital Signature API
XML is an open standard for data exchange as well as the format used in web services SOAP messages. As a format for data exchange often used to carry sensitive data, there needs to be a way of securing XML messages, and securing SOAP messages involves signing them. JSR 105, XML Digital Signature API, defines a standard Java API for digitally signing XML documents. The API is particularly useful for digitally signing XML documents and validating XML signatures. In addition, if you or your company is in the business of making software for making software, you need to understand the JSR so that you can write an implementation for it. Mustang includes the reference implementation for JSR 105.
The primary focus of this chapter is the packages created along with JSR 105, namely the javax.xml.crypto package and its subpackages. To smooth your learning experience, this tutorial starts with a general discussion of Java cryptography, in particular these four types: KeyPair, KeyPairGenerator, PrivateKey, and PublicKey. They are all but new to Mustang, but you will invariably use them when writing code that uses the new cryptography packages. In addition, the following site may be useful to refresh your memory about Java security:
http://java.sun.com/javase/6/docs/technotes/guides/security/