XML Digital Signatures •  Chapter 5 151 Once we have our key, we next make a template of the signature.To do this, we chose the mode we will use and fill in the structure for all the required elements of Figure 5.1.The format in which all the required elements, including the “one or more” elements, known as the canonical form (www.w3.org/TR/xml-c14n), is required when working with XML digital signatures. www.syngress.com Generating Keys with openssl If  you  want  to  experiment  with  XML  digital  signatures  and  do  not already have suitable keys, here is how to generate them from the com- mand-line tool openssl (which can be found at www.openssl.org). First, we choose the type of key we will use. To generate a private RSA key, we enter the command: openssl genrsa  —passout stdin  —out myrsakey.pri   After entering this command, type the pass phrase and press Enter. If we create our signatures without the KeyInfo element, we need the public key; otherwise, it’s not needed, since it is automatically placed within the XML signature when the signature is generated. This is how to obtain the public key from the private key: openssl rsa -passout stdin -in myrsakey.pri -out myrsakey.pub - pubout Again,  after  entering  this  command,  type  the  pass  phrase  and  press Enter. To generate a private DSA key, we enter the commands: openssl dsaparam -out mydsakey.params 1024 and: openssl gendsa -out mydsakey.pri -aes128  mydsakey.params This  second  command  prompts  you  for  the  pass  phrase.  In  this example, we have chosen to encrypt the key with 128-bit AES encryption. (We could have chosen any of DES, triple DES, IDEA, and 128-, 192-, or 256-bit AES.) Again, the public key can obtained from the private key: openssl dsa -in mydsakey.pri -out mydsakey.pub -pubout Tools & Traps…