OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] md5sum / sha1sum for XML?

[ Lists Home | Date Index | Thread Index ]

----- Original Message ----- 
From: "Mitch Amiano" <mitch.amiano@agilemarkup.com>
> But encryption alone is insufficient. One reason is that someone might 
> well encrypt another file and substitute it for your original encrypted 
> package. With a signature, both you and the receiver can perform a 
> subsequent test that the signature and file still match up.  Of course, if 
> the signature is also with the original data, and that's your only copy, 
> then someone could replace the signature too. Even if not, you or the 
> receiver could conceivably  maliciously replace both the file and the 
> signature, thus creating an uncertainty about whose copy is authentic.

That's where public key cryptography comes in.  You sign it using your 
private key in such a way that the third party can't do without the private 
key.  Third parties can authenticate your signature using your public key.

Depending on context, you may need a way for a third-party to validate your 
public key is really yours and not one made up by someone pretending to be 
you.  That may involve public key infrastructures, or a courier rider 
providing you with a floppy disk!


Pete Cordell
Tech-Know-Ware Ltd
                         for XML to C++ data binding visit
                         (or http://www.xml2cpp.com)


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS