NonStop SOAP User's Manual
NonStop SOAP with Digital Signatures
NonStop SOAP User’s Manual—520501-012
7-11
NonStop SOAP Header for Digital Signature
<ds:DigestMethod>
Requirement Category: MANDATORY
This element identifies the digest algorithm to be applied to the signed object. Only
one algorithm is mentioned under this attribute:
http://www.w3.org/2000/09/xmldsig#sha1
Therefore, the requests containing references to any other digest algorithm are
considered invalid and are not processed by NSSOAP.
<ds:DigestValue>
Requirement Category: MANDATORY
This element contains the base46-encoded value of the digest.
<ds:SignatureValue>
Requirement Category: MANDATORY
This element contains the actual value of the digital signature. It is always encoded
using base64 encoding.
<ds:KeyInfo>
Requirement Category: OPTIONAL
This element provides the recipient with the key information needed to validate the
signature. The following scenarios can be considered while sending KeyInfo
element:
•
SCENARIO 1: The client may send its Public Key.
•
SCENARIO 2: The client may send both the Subject Name and certificate.
•
SCENARIO 3: The client may send its certificate.
•
SCENARIO 4: The client may send the Subject Name.
The above-mentioned four scenarios are described as follows:
•
Under SCENARIO 1, a child element KeyValue is defined under KeyInfo
element. This element contains the RSA Public Key of the client.
<ds:KeyValue>
Requirement Category: OPTIONAL
This element contains a single public key of the client that may be useful in
validating the signature. The public key is mentioned under the child element
RSAKeyValue. The formats for the RSA public key are as per RSASSA-
PKCS1-v1_5 algorithm described in RFC2437.
The requests containing public keys generated using any algorithm other than
RSA are considered invalid and are not processed by NSSOAP.