154 Chapter 5 • XML Digital Signatures Y/EIpZkBrnVvZA3MvPEJ7ogd3jdMhoiv22sMC7RwLX8= </G> <Y> Ewtznkij4904qLeMAQ6695qrnHe5EDzGj9Ud2++6MiVmo/1bBJEAJXk4lKBGF9h5 HoR66tSMPb7KEbf5I07ep4x4KhNKmIUi+vnr4aMBJfANeeN9SYzbtXYfWLXENuGT PZrd1vNgczNbnujTjhBL84HCchA34n2yAapmdDxCiX4= </Y> </DSAKeyValue> </KeyValue> </KeyInfo> <Object Id="object">The data that we want to sign...</Object> </Signature> </Envelope> Changing any aspect of this file (including the addition or removal of spaces) will be detected by anybody with the tools to verify an XML digital signature. Furthermore, if you had a copy of someone’s public DSA key, you could also conclusively determine if that person is the person who generated it. Notice all the data placed into the KeyValue element.This is a copy of one party’s public DSA key that is required in order to authenticate the data’s integrity.This infor- mation cannot be used alone for the purposes of nonrepudiation. An Example of an Enveloped Signature Next let’s consider an enveloped signature that will use an RSA key.The canonical form of this signature is shown in Figure 5.5. Figure 5.5 Canonical Enveloped XML Digital Signature <?xml version="1.0" encoding="UTF-8"?> <Envelope xmlns="http://example.org/envelope"> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <Reference URI=""> www.syngress.com Figure 5.4 Continued Continued