You use message digest algorithms in the following contexts:
See Chapter 2 for a discussion of message digests. See also Figure 18-1. Figure 18-1. Digest and encryption algorithm element ancestors18.1.1 MD5MD5 Identifier: http://www.w3.org/2001/04/xmldsig-more#md5 The MD5 algorithm [RFC 1321] takes no explicit parameters. An example of an MD5 DigestAlgorithm element is <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#md5"/> An MD5 digest is a 128-bit string. In a Reference element, the content of the DigestValue element is the base-64 [RFC 2045] encoding of this bit string viewed as a 16-byte stream. For example, the MD5 of "abc" is the following in hexadecimal format: 90015098 3cd24fb0 d6963f7d 28e17f72
18.1.2 SHA-1SHA-1 Identifier: http://www.w3.org/2000/09/xmldsig#sha1 The SHA-1 algorithm [FIPS 180-1] takes no explicit parameters. Implementation of SHA-1 is mandatory for conformant implementations of the XML Digital Signature standard. An example of a SHA-1 algorithm element is <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> A SHA-1 digest is a 160-bit string. When it is used as a DigestMethod, the content of the DigestValue element will be the base-64 encoding of this bitstring viewed as a 20-byte stream. For example, the DigestValue element for the message digest A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D from Appendix A of the SHA-1 standard would be <DigestValue>qZk+NkcGgWq6PiVxeFDCbJzQ2J0=</DigestValue> 18.1.3 Additional SHA VersionsAdditional SHA Version Identifiers: http://www.w3.org/2001/04/xmlenc#sha256 http://www.w3.org/2001/04/xmldsig-more#sha384 http://www.w3.org/2001/04/xmlenc#sha512 These additional SHA versions take no explicit parameters. Implementation is optional under the XML Digital Signature standard. Under the XML Encryption standard, SHA-256 is recommended while SHA-384 and SHA-512 are optional [FIPS 180-2]. An example of an algorithm element for one of these is <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha512"/> SHA-256, SHA-384, and SHA-512 produce digest strings of 256, 384, and 512 bits, respectively. When used as a DigestMethod, the content of the DigestValue element is the base-64 encoding of this bit string viewed as a 32-, 48-, or 64-byte stream. 18.1.4 RIPEMD-160RIPEMD-160 Identifier: http://www.w3.org/2001/04/xmlenc#ripemd160 The implementation of RIPEMD-160 is optional; it takes no explicit parameters [RIPEMD-160]. An example of an algorithm element is <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160"/> A RIPEMD-160 digest is a 160-bit string. When it is used as a DigestMethod, the content of the DigestValue element is the base-64 encoding of this bit string viewed as a 20-byte stream. The RIPEMD-160 hash of the 14-byte string message digest is 5d0689ef 49d2fae5 72b881b1 23a85ffa 21595f36 |