18.1 Message Digests

You use message digest algorithms in the following contexts:

• DigestMethod, to digest referenced data in a Reference element.

• SignatureMethod, as part of the signature or message authentication code algorithm, although in the cases listed here, the message digest algorithm is indicated by part of the SignatureMethod algorithm URI.

• EncryptionMethod, as part of the encryption algorithm. In the cases given in this chapter, it appears as an explicit parameter in the form of a DigestMethod element.

• AgreementMethod, as part of the key agreement algorithm. In the cases given in this chapter, it appears as an explicit parameter in the form of a DigestMethod element.

See Chapter 2 for a discussion of message digests. See also Figure 18-1.

18.1.1 MD5

 MD5 Identifier:     http://www.w3.org/2001/04/xmldsig-more#md5 

The MD5 algorithm [RFC 1321] takes no explicit parameters. An example of an MD5 DigestAlgorithm element is

 <DigestMethod   Algorithm="http://www.w3.org/2001/04/xmldsig-more#md5"/> 

An MD5 digest is a 128-bit string. In a Reference element, the content of the DigestValue element is the base-64 [RFC 2045] encoding of this bit string viewed as a 16-byte stream. For example, the MD5 of "abc" is the following in hexadecimal format:

 90015098 3cd24fb0 d6963f7d 28e17f72 

MD5 is not considered to be very strong by current cryptographic standards. That is, 128 bits of hash is not much and collisions have been found in MD5 outputs.

18.1.2 SHA-1

 SHA-1 Identifier:     http://www.w3.org/2000/09/xmldsig#sha1 

The SHA-1 algorithm [FIPS 180-1] takes no explicit parameters. Implementation of SHA-1 is mandatory for conformant implementations of the XML Digital Signature standard. An example of a SHA-1 algorithm element is

 <DigestMethod   Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> 

A SHA-1 digest is a 160-bit string. When it is used as a DigestMethod, the content of the DigestValue element will be the base-64 encoding of this bitstring viewed as a 20-byte stream. For example, the DigestValue element for the message digest

 A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D 

from Appendix A of the SHA-1 standard would be

 <DigestValue>qZk+NkcGgWq6PiVxeFDCbJzQ2J0=</DigestValue> 

18.1.3 Additional SHA Versions

 Additional SHA Version Identifiers:     http://www.w3.org/2001/04/xmlenc#sha256     http://www.w3.org/2001/04/xmldsig-more#sha384     http://www.w3.org/2001/04/xmlenc#sha512 

These additional SHA versions take no explicit parameters. Implementation is optional under the XML Digital Signature standard. Under the XML Encryption standard, SHA-256 is recommended while SHA-384 and SHA-512 are optional [FIPS 180-2]. An example of an algorithm element for one of these is

 <DigestMethod   Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha512"/> 

SHA-256, SHA-384, and SHA-512 produce digest strings of 256, 384, and 512 bits, respectively. When used as a DigestMethod, the content of the DigestValue element is the base-64 encoding of this bit string viewed as a 32-, 48-, or 64-byte stream.

18.1.4 RIPEMD-160

 RIPEMD-160 Identifier:     http://www.w3.org/2001/04/xmlenc#ripemd160 

The implementation of RIPEMD-160 is optional; it takes no explicit parameters [RIPEMD-160]. An example of an algorithm element is

 <DigestMethod   Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160"/> 

A RIPEMD-160 digest is a 160-bit string. When it is used as a DigestMethod, the content of the DigestValue element is the base-64 encoding of this bit string viewed as a 20-byte stream.

The RIPEMD-160 hash of the 14-byte string

 message digest 

is

 5d0689ef 49d2fae5 72b881b1 23a85ffa 21595f36