XML Digital Signatures •  Chapter 5 157 A Detached Signature Example As a final basic example, let’s consider a detached signature.This form can be used when it is undesirable or impractical to physically merge the digital signa- ture and its data (see Figure 5.7). Figure 5.7 Canonical Detached XML Digital Signature <?xml version="1.0" encoding="UTF-8"?> <Envelope xmlns="urn:envelope"> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n- 20010315" /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" /> <Reference URI="file:///home/skip/xml/weather.xml"> <Transforms> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue></DigestValue> </Reference> </SignedInfo> <SignatureValue/> <KeyInfo> <KeyValue/> </KeyInfo> </Signature> </Envelope> The only thing new about this canonical form is that the Reference URI is now filled in.This URI can be anything that both the signer and the verifier will have read access authorization to. In this example, we used a local file, but it could have easily been a remote file accessible through HTTP, FTP, or other protocols. For our example file, we use an XML file that contains some weather reports (see Figure 5.8). www.syngress.com