SWID tag signing utility

Author Michael M. Welch
Employed by Symantec
License Specified Apache 2.0
Language used Java
Abstract This Java code utilizes the Java crypto library to create W3C XMLDSIG-compliant signatures for a SWID tag.  This code base was used to create the digitally signed SWID tag included in the final draft of the FDIS version of the ISO/IEC 19770-2 document.Note that this code does not include the use of timestamps as part of the example.  The example assumes a digital certificate that does not expire.When creating a tool or utility to digitally sign a SWID tag, the timestamp is strongly recommended, as most certificates will either have a timestamp specifying an expiration date, or could at some point be revoked.  Either way, with a timestamp included, the validation routine can validate that the SWID tag was signed while the certificate was valid and therefore the SWID tag can still be considered valid without having to re-sign the tag.
