I would like to sign an XML file I have created, and have followed this tutorial in order to sign it:http://msdn.microsoft.com/en-us/library/ms229950.aspx I have also read this tutorial on verifying the files:http://msdn.microsoft.com/en-us/library/ms229950.aspxI was able to compile both correctly without issues, but what I don't understand is how it is that using this I am able to produce an XML, that is guaranteed to be from be and not forged.My thinking (which is wrong and needs correcting) : I make an XML and sign it using the code from those tutorials. I am also able to verify it using that code. No problems, it works and detects when I have modified the XML. But how is it that someone else can't just take the code from the tutorial, make their own XML, and then sign it themself, and use it in my program? Wouldn't the verifying program still verify it?
Make sure your signed XML is signed by you
- Thread starter koraaa
- Start date