|
Hi, I've a question about the xml digital signature procedure.
I got a code written in C# that sign and verify an xml document and it works
well, but the question is:
How can I know that the signature come from a certain user?
I know that is possible add the tags:
<KeyInfo>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>CN=TAMURA Kent, OU=TRL, O=IBM,
L=Yamato-shi, ST=Kanagawa, C=JP
</X509IssuerName>
<X509SerialNumber>12345678</X509SerialNumber>
</X509IssuerSerial>
<X509SKI>31d97bd7</X509SKI>
</X509Data>
</KeyInfo
But those tags aren't hashed and I can change the CN= TAMURA Kent with
CN=ROSS Bill and the verify procedure still works.
Is it correct?
How can I do?
Thanks!
Marco Moioli
| 
