This is wrt sending XML files securely without using ssl.
I had encrypted the whole document using receiver's public key.
Then signed using the senders private key. Then I had enclosed both the message digest and signature in to the XML document without encrypting them. But this set up has a problem.
Any body can replace the signature and can sign the socument with his private key and can claim that he has sent this document,even though he is not able to see the contents.

Is there any alternate to prevent this?