XML Digital Signature

Previous page
Table of content
Next page
Team-Fly    
 
XML, Web Services, and the Data Revolution
By Frank P. Coyle
Table of Contents
Chapter 7.  XML Security

XML Digital Signature elements.

The XML Digital Signature specification defines both the syntax and rules for processing XML digital signatures. Signatures provide integrity, message authentication, and signer authentication services for data either contained within an XML document or referred to by such a document.

Digital Signature Elements

The XML Digital Signature specification defines a series of XML elements for describing details of the signature. Some of these elements and what they signify are as follows :

  • SignedInfo : The required SignedInfo element holds the information that is actually signed.

  • CanonicalizationMethod : This element indicates the algorithm used to canonicalize the SignedInfo element before it is digested as part of the signature operation.

  • SignatureMethod : This element specifies the algorithm used to convert the canonicalized SignedInfo into the SignatureValue . It is a combination of a digest algorithm and a key-dependent algorithm. The algorithm names are signed to resist attacks based on substituting a weaker algorithm.

  • Reference : Each Reference element includes the method used to compute the digital hash and resulting digest value calculated over the identified data object. It also may include transformations that produced the input to the digest operation. A data object is signed by computing its digest value and a signature over that value. The signature is later checked via reference and signature validation.

  • KeyInfo : This element indicates the key to be used to validate the signature. Possible forms for identification include certificates, key names, and key agreement algorithms and information. KeyInfo is optional since the signer may not wish to reveal key information to all document processing parties.

  • Transforms : This element is an optional ordered list of processing steps applied to the resource's content before the digest was computed. Transforms can include operations such as canonicalization, encoding/decoding, compression/inflation, and the application of Extensible Stylesheet Language (XSL) or XPath. XPath transforms permit the signer to derive an XML document that omits portions of the source document. As a result, excluded portions may be changed without affecting signature validity.

  • DigestMethod : This element is the algorithm applied to the data after Transforms is applied to yield the DigestValue . The signing of the DigestValue is what binds resource content to the signer's key.

  • DigestValue : This element holds the value computed based on the data being signed. Changing one character of the data being signed will result in an entirely different digest value.

Steps in Signature Generation

To digitally sign an XML document using XML Signature, you must carry out the following steps:

  1. Create a SignedInfo element with SignatureMethod , CanonicalizationMethod , and Reference (s).

  2. Canonicalize the XML document.

  3. Calculate the SignatureValue based on algorithms specified in SignedInfo .

  4. Construct the Signature element that includes SignedInfo , KeyInfo (if required), and SignatureValue .

Team-Fly    
Top

Previous page
Table of content
Next page
XML, Web Services, and the Data Revolution
XML, Web Services, and the Data Revolution
ISBN: 0201776413
EAN: 2147483647
Year: 2002
Pages: 106
Authors: Frank Coyle
BUY ON AMAZON
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
High-Speed Signal Propagation[c] Advanced Black Magic
Snort Cookbook
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
.NET-A Complete Development Cycle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy