Chapter 32. Using Cryptography with the .NET Framework: Creating and Verifying XML Digital Signatures

Previous page
Table of content
Next page
for RuBoard

By Brian A. LaMacchia

IN THIS CHAPTER

  • XMLDSIG Design Principles and Modes of Use

  • The Structure of an XMLDSIG Signature

  • Verifying an XMLDSIG Signature

  • Extending System.Security.Cryptography.Xml for Custom Processing

In Chapter 30, "Using Cryptography with the .NET Framework: The Basics," you saw how to use a cryptographic hash function and an asymmetric (public key) algorithm to compute a digital signature for some content. The digital signatures you generated were simply binary arrays that encoded the mathematical output of applying the asymmetric signing function to a hash value. In theory, any binary content can be signed using only the core techniques from Chapter 30, but in practice, the signature needs to be encoded in an interoperable format that includes information about the algorithms used to generate it. This chapter discusses how to create and use digital signatures that conform to the IETF/W3C joint standard for XML digital signature syntax and processing rules (commonly abbreviated as XMLDSIG), an interoperable format that expresses digital signature data as XML objects.

NOTE

You can find the IETF/W3C XML-Signature Syntax and Processing Model standard on the Web at http://www.w3.org/TR/xmldsig-core/. The W3C home page for the XML-Signature Working Group can be found at http://www.w3.org/Signature/.


You are probably already familiar with XML, the Extensible Markup Language, through its use in other portions of the .NET Framework. The XML standard is the fundamental data format on which .NET Web Services are built. Web Services are described by XML documents corresponding to the Web Services Description Language (WSDL) XML schema. Clients interact with Web Services using the Simple Object Access Protocol (SOAP); SOAP messages are also XML documents. Even configuration data for the Common Language Runtime and ASP.NET is stored as XML.

As use of XML grew across the Internet, the need for security services specific to XML objects was quickly realized. Standards for providing message integrity and authentication for XML documents were obviously needed. While there were pre-existing standards for providing these security services to arbitrary data, there was no standard for expressing a digital signature itself as an XML object. In 1999, the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C) chartered a joint working group within their organizations to create a standard for XML digital signatures. The resulting standard, XMLDSIG, defines the XML format for representing a digital signature. The standard can be used to sign both XML and non-XML objects, although many of the features of the standard only apply to digital signatures over another XML object.

This chapter discusses the support included in the .NET Framework for creating and verifying digital signatures of XML documents and document fragments . The classes in the System.Security.Cryptography.Xml namespace implement the XMLDSIG standard and allow you to easily manipulate signatures that conform to the standard. After completing this chapter, you should be able to

  • Describe the contents of the System.Security.Cryptography.Xml namespace in the .NET Framework and the fundamental model of an XMLDSIG Signature element

  • Demonstrate how to create the three styles of XML signatures ”wrapped, detached, and enveloped

  • Demonstrate how to create XMLDSIG signatures over XML content using an asymmetric (public-key) algorithm, including both RSA and DSA

  • Demonstrate how to verify an XMLDSIG signature

  • Demonstrate how to add key- related information to an XMLDSIG Signature element via the KeyInfo element

This chapter covers both the theory and practice of XML digital signatures. We begin in the next section, "XMLDSIG Design Principles and Modes of Use," with a discussion of the design principles underlying the XMLDSIG standard and its various modes of operation. Even if you are familiar with other signature standards, such as PGP or S/MIME, we recommend that you read through this section completely because XMLDSIG has options not included in PGP or S/MIME. In "The Structure of an XMLDSIG Signature" section, we describe the XML structure of an XMLDSIG object in detail. Later sections demonstrate how the System.Security.Cryptography.Xml classes can be used to create and verify XMLDSIG-compliant signatures in each of these modes.

for RuBoard

Previous page
Table of content
Next page
. NET Framework Security
.NET Framework Security
ISBN: 067232184X
EAN: 2147483647
Year: 2000
Pages: 235
Authors: Brian A. LaMacchia, Sebastian Lange, Matthew Lyons, Rudi Martin, Kevin T. Price
BUY ON AMAZON
Lotus Notes and Domino 6 Development (2nd Edition)
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
Introduction to 80x86 Assembly Language and Computer Architecture
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Mapping Hacks: Tips & Tools for Electronic Cartography
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy