views:

68

answers:

1

I'm posting data to REST URI, in the form of xml snippet with header and body. The body is encrypted, and then the header includes a digital signature (which is the encypted body hashed with SHA1 and then encrypted. My question is, how do I create the signature. What is the method used to encrypt - I have been told to use the same shared key as used for the Rinjdael encrypted body.

Thanks

+1  A: 

You can do the signing using RSA.

Here's a link: How to: Sign XML Documents with Digital Signatures

I'm not too sure on using the same key for the encryption as with the signing however, as RSA signing is a public/private key signing method, which allows the signature to be safely created using the private key, and safely verified on the client using the public key only.

As a supplement, Encryption != Hashing. SHA1 is a hashing algorithm, aka. a one-way non-reversible function. Encryption is reversible. Encryption is a two-way function.

Kyle Rozendo
You've got public and private keys mixed up. Also a signature involves both a Hash _and_ encryption.
Henk Holterman
@Henk - Gah thanks, fixed that. For the signature part, yeps, I know. I just don't know if the op knows the difference between the two, so I figured I'd add it.
Kyle Rozendo