1 / 14

An Overview of XML Digital Signatures

An Overview of XML Digital Signatures. Xuemei Wu. Introduction. XML Digital Signatures are digital signatures designed for use in XML transactions. An XML Signature may be applied to the content of one or more resources. Three different types XML Signatures: (a) enveloped

rosie
Download Presentation

An Overview of XML Digital Signatures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Overview of XML Digital Signatures Xuemei Wu

  2. Introduction • XML Digital Signatures are digital signatures designed for use in XML transactions. • An XML Signature may be applied to the content of one or more resources. • Three different types XML Signatures: (a) enveloped (b) enveloping (c) detached signatures

  3. Introduction (cont.) • XML Signature can be used to sign only portions of a XML message. • The use of XML Digital Signatures involves two parts: (a) XML Digital Signatures creation (b) XML Digital Signatures verification.

  4. <Signature ID?> <SignedInfo> <CanonicalizationMethod/> <SignatureMethod/> (<Reference URI? > (<Transforms>)? <DigestMethod> <DigestValue> </Reference>)+ </SignedInfo> <SignatureValue> (<KeyInfo>)? (<Object ID?>)* </Signature> <Signature> element is the root element <SignedInfo> element is the information that you signed <CanonicalizationMethod> is the algorithm which used to canonicalize the <SignedInfo> <SignatureMethod> is the algorithm which used to convert the <SignedInfo> into the <SignatureValue> <Reference> includes the digest method and resulting digest value <Transforms> is an optional ordered list of processing steps <DigestMethod> is the algorithm applied to the data to obtain the <Digest Value> <KeyInfo> indicates the public key <Object> includes data objects Basic Structure

  5. Enveloped Format <document> <signature> … </signature> </document> Detached Format < signature > … </ signature> Enveloping Format < signature > < document > … </ document > </ signature> Basic Structure (cont.)

  6. <?xml version="1.0" encoding="UTF-8"?> <DocumentRoot> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo Id="myXMLSignature"> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <Reference URI="http://www.xyz.com/updates/2005/Feb-10.xml"> <Transforms> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue>1pllwx3rvEPO0vKtNup4NbeVu8kd=</DigestValue> </Reference> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>V6v9a34rTYglRflKiuYxu3VgVKA=</DigestValue> </Reference> <Reference URI=""> Basic Structure (Example)

  7. <Transforms> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>1lCKQWfJg9712sP9o9ekL6o7Mg8=</DigestValue> </Reference> </SignedInfo> <SignatureValue>RTYE1EF2wv7H6YaLC1XoM7qMnU55rMRSYouXKsnL1zDdR2R58WN6XiZPW4exvrq56OuVFHNdJWbtgcuXAkW5wg==</SignatureValue> <KeyInfo> <KeyValue> <RSAKeyValue> <Modulus>pLdP0GGla/imcV1JZve+J881NtZvHD0gcGmkAIdYlM33bHopEhKC7c+rIDSceLx0As+WKaVAcxIJVsfZCtpERP== </Modulus> <Exponent>BQCB</Exponent> </RSAKeyValue> </KeyValue> </KeyInfo> <Object> this test message to be signed is enveloped within the XML signature</Object> </Signature> <data>this test message to be signed is part of the document that envelops the XML signature</data> </DocumentRoot> Basic Structure (Example)

  8. <?xml version="1.0" encoding="UTF-8"?> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <Reference URI="http://www.xyz.com/updates/foobar.html#core"> <Transforms> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>1C3KWAjgF9712sQ9o9ekL6o7oP8=</DigestValue> </Reference> </SignedInfo> <SignatureValue>PEOR1EF2wv7H6YaLC1XoM7qMnU55rMRSYouXKsnL1zDdR2R58WN6XiZQW4exvrq56OuFGHNdJWbtgcuXAkCR5g==</SignatureValue> <KeyInfo> <KeyValue> <RSAKeyValue> <Modulus>opEQ0GGla/imcV1JZve+J881NtZvDH0gcGmkAIdYlM33bHopEhKC7c+rIFJceLx0As+WKaVAcxIJVsfZCtpPRY== </Modulus> <Exponent>POBA</Exponent> </RSAKeyValue> </KeyValue> </KeyInfo> </Signature> Basic Structure (Sign a portion of the resource)

  9. XML Signatures Application • XML Signatures Creation • XML Signatures Verification

  10. XML Signature Creation • Identifying the resources to be signed • Computing the digest of each resource • Signing the document

  11. XML Signature Creation (cont.) • Adding key information - Public key info be put into the <KeyInfo> element. - The step is optional. • Constructing the signature element - Put all the pieces together.

  12. XML Signature Verification • Verifying the digital signature of the <SignedInfo> element - Calculate the digest of the <SignedInfo> element. - Unsign the <SignatureValue> element with public key. - Compare the two values above. • Computing the digests of the references - Recalculate the digests of the references in the <SignedInfo> element - compare them with the digest values specified in <DigestValue>.

  13. Summary • XML Signature is powerful and flexible (a) Three basic formats (b) Any combination of the three basic formats (c) Ability to sign multiple resources (d) Ability to sign a portion or portions of a resource • XML Signature is straightforward to understand and implement • References W3C XML-Signature Syntax and Processing http://www.w3.org/TR/xmldsig-core http://www.w3.org/TR/2002/REC-xmldsig-core-20020212

  14. Thank You. .

More Related