AnsweredAssumed Answered

How to perform RSA Signature verification

Question asked by res13 on Mar 30, 2016
Latest reply on Sep 7, 2016 by macjo14

For a customer I have to implement RSA Signature verification on the API Gateway. So this means that I receive a soap message (without ws security) with several attributes, a signature hash and a public key as well.

The sender of the soap message told me that he created the signature out of a simple pattern like: <attrName1>AttrName1</attrName1><attrName2>AttrName2</attrName2><attrNameN>AttrNameN</attrNameN>.

The sender:

  1. Created a String out of all Attributes according to the pattern
  2. Hashed this String with SHA-256
  3. Signed this hash with his private key
  4. Sends Attributes, signatur and public key to my API Gateway over soap

 

What I have to do:

  1. Extract attributes [done]
  2. Create a String out of all Attributes according to the pattern [done]
  3. Perform a RSA Signature verification of the String with the given public key and signatur [don't know how to do that???]

 

What I found in the given API GW policies is the "(Non SOAP) Verify XML Element" policy but here i could not set the string...

What is the right policy for doing this?

Outcomes