17.2 Algorithmic Roles

This section lists all of the algorithmic elements/roles in the XML Security specifications in alphabetic order. Table 17-1 summarizes the roles.

Next, for each role, a subsection briefly describes that role and provides an enumeration of its implicit parameters. The subsections also include a table of algorithms that can be used in that role.


In this chapter, you will notice a difference between XMLDSIG and XML Encryption in the style of URIs for algorithms that can be considered composed of other algorithms.

The XMLDSIG Working Group chose to create single URIs that incorporate all algorithmic elements such as a public key signature algorithm, padding method, and message digest algorithm. Thus we have one URI for RSA-SHA1, another URI for RSA-SHA256, and so on. This format could have been expressed as a single RSA algorithm with an explicit parameter that could be SHA1, SHA256, or other message digest algorithm. Using a single URI is less verbose and encourages the use of compatible "cipher suites."

The XML Encryption Working Group chose to move more toward the orthogonal specification of algorithm components that make up an encryption method. For example, AgreementMethod algorithms and OAEP encryption algorithms take an explicit DigestMethod as a parameter rather than encoding this parameter into the AgreementMethod or OAEP-based EncryptionMethod URI. This method is more verbose but more flexible and avoids a combinatorial explosion in the number of URIs if many different combinations might be used.

Table 17-1. Algorithm Role Elements
Role Element/Role Section Function Section(s) Possible Parent Elements of the Role Element Security Service in Which Role Is Used


Section 17.2.1

Key Agreement 18.2 KeyInfo




Section 17.2.2

Canonicalization 19.1 SignedInfo XMLDSIG


Section 17.2.3

Message Digests 18.1







Section 17.2.4

Block Encryption 18.5

Stream Encryption 18.6

Key Transport 18.7

Symmetric Key Wrap 18.8




Retrieval Method

Chapter 14

None[2] KeyInfo




Section 17.2.5

Message Authentication 18.3

Signature 18.4

SignedInfo XMLDSIG


Section 17.2.6

Canonicalization 19.1

Transform 19.2




[1] For algorithms specified in this book, DigestMethod appears as a child of Encryption Method only for the RSA- OAEP algorithm, where it is an explicit parameter.

[2] RetrievalMethod is not an algorithmic role, even though its name makes it look like it should be one.

Both philosophies are commonly seen and seem to work. This difference probably reflects the different balance of opinions among the members of the two working groups.

17.2.1 AgreementMethod

An AgreementMethod algorithm element appears as the child of KeyInfo. It takes as implicit input the type of key to be agreed upon, as described in Section 18.2. As explicit input, it takes a DigestMethod, an optional Nonce, and possibly other explicit inputs. As optional explicit input, it takes compatible sender and recipient keying information. From these inputs, it calculates a shared secret key.

Table 17-2 lists AgreementMethod algorithms.

Table 17-2. Key Agreement Algorithms
Implementation Name URI



Dif .e-Hellman http://www.w3.org/2001/04/xmlenc#dh

17.2.2 CanonicalizationMethod

The CanonicalizationMethod role performs the canonicalizing of the SignedInfo element in a Signature element. It takes the SignedInfo element as an implicit input.

You can also use the canonicalization algorithms with the Transform role element (see Section 17.2.6). Because you can use Transform in both signatures and encryption, implementation requirements for both are listed here. Table 17-3 lists canonicalization algorithms.

17.2.3 DigestMethod

The DigestMethod appears as the child of a Reference. As an implicit input, it takes the data referred to by the Reference URI attribute, after processing by any Transform elements specified.

Table 17-3. Canonicalization Algorithms
Implementation Name/

XMLDSIG: Required

XMLENC: Recommended

Canonical XML

XMLDSIG: Recommended

XMLENC: Required

Canonical XML with Comments

XMLDSIG: Required[1]

XMLENC: Optional

Exclusive XML Canonicalization

XMLDSIG: Recommended[1] XMLENC: Optional

Exclusive XML Canonicalization with Comments

XMLDSIG: Not Recommended[2]

XMLENC: Not Recommended

Minimal Canonicalization

[1] Exclusive XML Canonicalization does not actually appear in the XMLDSIG Recommendation. As explained in Chapter 9, it is the most appropriate canonicalization for signatures where the context of the signed XML may change. Its listing here as "Required"should therefore be considered editorial.

[2] As explained in Section 19.1, minimal canonicalization is a text- based canonicalization, not an XML- based algorithm.

The DigestMethod can also appear as the child of EncryptionMethod, if the encryption algorithm specified is RSA-OAEP, or as a child of AgreementMethod. In these cases, its use and implicit inputs are complex, as described in Sections 18.7.2 and 18.2.

Table 17-4 lists DigestMethod algorithms.


SHA384 was not popular with XML Security working groups. It does the same work as SHA512, albeit using different constants, and then truncates the output from 512 to 384 bits. For XML applications, where terseness is not a goal, there is little reason not to just use SHA512 instead of SHA384.

Some argument focused on the inclusion of RIPEMD-160. The XML Encryption Working Group decided that without it the list would be too "U.S.-centric" and that Europeans were bound to use it anyway, so a standard URI for it might as well be specified. (While RIPEMD-256 produces a 256-bit message digest, it was not included because it has only 160 bits of strength.)

17.2.4 EncryptionMethod

EncryptionMethod appears as a child of either the EncryptedData or EncryptedKey element. In the first case, its role is specified for the encryption and decryption of data. In the second case, its role is normally specified for the encryption and decryption of a key. In both cases, it takes, as implicit inputs, keying information and the plain text to encrypt or cipher text to decrypt. Table 17-5 lists encryption algorithms.


The XML Encryption Working Group's logic in setting the implementation requirements of the various key lengths in AES was as follows: For almost all uses, 128 bits is probably adequate. Paranoid developers will want to use 256 bits. Thus, these two lengths are required. A length of 192 bits is stronger than most anyone needs but not strong enough for the paranoid, so who would want to use it? As a result, it is optional to implement.

17.2.5 SignatureMethod

SignatureMethod appears as the child of a SignedInfo element. This algorithmic role is applied to the result from CanonicalizationMethod and the keying material, which are its implicit inputs, to yield the SignatureValue. Table 17-6 lists authentication algorithms.

Table 17-4. Message Digest Algorithms
Implementation Name URI

XMLDSIG: Required

XMLENC: Required

SHA1 http://www.w3.org/2000/09/xmldsig#sha1

XMLDSIG: Recommended

XMLENC: Recommended

SHA256 http://www.w3.org/2001/04/xmlenc#sha256

XMLDSIG: Optional

XMLENC: Optional

SHA384 http://www.w3.org/2001/04/xmldsig-more#sha384

XMLDSIG: Optional

XMLENC: Optional

SHA512 http://www.w3.org/2001/04/xmlenc#sha512

XMLDSIG: Optional

XMLENC: Optional

RIPEMD160 http://www.w3.org/2001/04/xmlenc#ripemd160

XMLDSIG: Optional

XMLENC: Optional

MD5 http://www.w3.org/2001/04/xmldsig-more#md5

Table 17-5. Encryption Algorithms
Implementation (XMLENC Only) Name URI
Required TRIPLEDES http://www.w3.org/2001/04/xmlenc#tripledes-cbc
Required AES- 128 http://www.w3.org/2001/04/xmlenc#aes128-cbc
Required AES- 256 http://www.w3.org/2001/04/xmlenc#aes256-cbc
Required RSA- v1.5 http://www.w3.org/2001/04/xmlenc#rsa-1_5
Required RSA- OAEP http://www.w3.org/2001/04/xmlenc#rsa-oaep-mbg1p
Required Triple DES Key Wrap http://www.w3.org/2001/04/xmlenc#kw-tripledes
Required AES- 128 Key Wrap http://www.w3.org/2001/04/xmlenc#kw-aes128
Required AES- 256 Key Wrap http://www.w3.org/2001/04/xmlenc#kw-aes256
Optional AES- 192 http://www.w3.org/2001/04/xmlenc#aes192-cbc
Optional ARCFOUR http://www.w3.org/2001/04/xmldsig-more#arcfour
Optional AES- 192 Key Wrap http://www.w3.org/2001/04/xmlenc#kw-aes192

Table 17-6. Signature Algorithms
Implementation (XMLDSIG Only) Name URI
Required DSAwithSHA1 http://www.w3.org/2000/09/xmldsig#dsa-sha1
Required HMAC- SHA1 http://www.w3.org/2000/09/xmldsig#hmac-sha1
Recommended RSAwithSHA1 http://www.w3.org/2000/09/xmldsig#rsa-sha1
Optional HMAC- MD5 http://www.w3.org/2001/04/xmldsig-more#hmac-md5
Optional HMAC- SHA256 http://www.w3.org/2001/04/xmldsig-more#hmac-sha256
Optional HMAC- SHA384 http://www.w3.org/2001/04/xmldsig-more#hmac-sha384
Optional HMAC- SHA512 http://www.w3.org/2001/04/xmldsig-more#hmac-sha512
Optional HMAC- RIPEMD160 http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160
Optional RSAwithSHA256 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
Optional RSAwithSHA384 http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
Optional RSAwithSHA512 http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
Optional RSAwithRIPEMD160 http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160
Not Recommended RSAwithMD5 http://www.w3.org/2001/04/xmldsig-more#rsa-md5

17.2.6 Transform

Transform algorithms appear in a Transforms element, which in turn is the child of a Reference, RetrievalMethod, or CipherReference element. These algorithms take one implicit input, which can be either an XPath node-set or an octet sequence. This input comes from the previous Transform, if one exists. Otherwise, it consists of the data to which the Reference, RetrievalMethod, or CipherReference ancestor of the Transform refers. See Chapter 10 for more information on the Transforms data pipeline model. Table 17-7 lists Transform algorithms, other than canonicalization algorithms.


You can also use all CanonicalizationMethod algorithms described in Section 17.2.1 as Transform algorithms.

Table 17-7. Transform Algorithms
Implementation Name URI

XMLDSIG: Required


Enveloped Signature http://www.w3.org/2000/09/xmldsig#enveloped-signature

XMLDSIG: Required

XMLENC: Required

Base64 http://www.w3.org/2000/09/xmldsig#base64

XMLDSIG: Recommended

XMLENC: Recommended

XPath http://www.w3.org/TR/1999/REC-xpath-19991116

XMLDSIG: Recommended


Decryption Transform http://www.w3.org/2001/04/decrypt#

XMLDSIG: Optional

XMLENC: Optional

XSLT http://www.w3.org/TR/1999/REC-xslt-19991116

XMLDSIG: Recommended[1]

XMLENC: Optional

XPointer http://www.w3.org/2001/04/xmldsig-more/xptr

XMLDSIG: Experimental

XMLENC: Experimental

Schema http://www.w3.org/TR/2001/REC-xmlschema-1-20010502/

[1] This Recommended status applies only to a very limited number of XPointer facilities. The rest of XPointer is Optional. ( See Chapter 10. )

Secure XML(c) The New Syntax for Signatures and Encryption
Secure XML: The New Syntax for Signatures and Encryption
ISBN: 0201756056
EAN: 2147483647
Year: 2005
Pages: 186

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net