18.4 Signature Algorithms

Signature algorithm identifiers appear as the Algorithm attribute of SignatureMethod elements, as shown in Figure 18-3. They take two implicit parameters: their keying material and the octet stream output by CanonicalizationMethod. MAC and signature algorithms are syntactically identical, but a signature implies public key cryptography.

18.4.1 DSA

 DSA Identifier:     http://www.w3.org/2000/09/xmldsig#dsa-sha1 

The DSA algorithm [DSS] is mandatory to implement for XML Digital Signature applications. It takes no explicit parameters. An example of a DSA SignatureMethod element follows:

 <SignatureMethod   Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> 

The output of the DSA algorithm is a pair of integers usually referred by the pair (r, s). The signature value consists of the base-64 encoding of the concatenation of two octet streams for the values r and s. Integer-to-octet steam conversion must be performed according to the I2OSP operation defined in the PKCS#1 specification [RFC 2437] with an "L" parameter equal to 20. For example, the SignatureValue element for a DSA signature (r, s) with values specified in hexadecimal as

 r = 8BAC1AB6 6410435C B7181F95 B16AB97C 92B341C0 s = 41E2345F 1F56DF24 58F426D1 55B4BA2D B6DCD8C8 

from the example in Appendix 5 of the DSS standard would be

 <SignatureValue>     i6watmQQQ1y3GB+VsWq5fJKzQcBB4jRfH1bfJFj0JtFVtLotttzYyA== </SignatureValue> 

18.4.2 RSA-SHA1

 RSA-SHA1 Identifier:     http://www.w3.org/2000/09/xmldsig#rsa-sha1 

RSA-SHA1 refers to the RSASSA-PKCS1-v1_5 encoding/padding algorithm [RFC 2437] used with the SHA-1 algorithm (see Section 18.1.2). It is recommended that this algorithm be implemented in XML Digital Signature applications. The RSA algorithm takes no explicit parameters. An example of an RSA SignatureMethod element follows:

 <SignatureMethod   Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 

The SignatureValue content for an RSA signature is the base-64 [RFC 2045] encoding of the octet string computed as per [RFC 2437, Section 8.1.1: signature generation operation for the RSASSA-PKCS1-v1_5 signature scheme]. The EMSA-PKCS1-V1_5-ENCODE function [RFC 2437, Section 9.2.1] specifies that the value input to the signature function must contain a prepended algorithm object identifier for the hash function. However, the availability of an ASN.1 parser and recognition of OIDs are not required of a signature verifier. The PKCS#1 v1.5 representation appears as follows:


Note that the padded ASN.1 will have the following form:


Here "|" is concatenation; "01", "FF", and "00" are the fixed x01, xFF, and x00 octets, respectively; "message digest" is the SHA1 digest of the data; and "prefix" is the ASN.1 BER SHA1 algorithm designator prefix required in PKCS#1 [RFC 2437], that is,

 hex 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 

This prefix makes it easier to use standard cryptographic libraries. The xFF octet must be repeated the maximum number of times such that the quantity being encrypted is one octet shorter than the RSA modulus.

The resulting base-64 string is the value of the child text node of the SignatureValue element:

 <SignatureValue>IWijxQjUrcXBYoCei4QxjWo9Kg8D3p9tlWoT4      t0/gyTE96639In0FZFY2/rvP+/bMJ01EArmKZsR5VW3rwoPxw= </SignatureValue> 

18.4.3 Additional RSA Variations

 Additional RSA Identifiers:     http://www.w3.org/2001/04/xmldsig-more#rsa-md5     http://www.w3.org/2001/04/xmldsig-more#rsa-sha256     http://www.w3.org/2001/04/xmldsig-more#rsa-sha512     http://www.w3.org/2001/04/xmldsig-more#rsa-ripems160 

These algorithms all use the same encoding/padding method as RSA-SHA1 but with different message digest functions and a different prefix to indicate the different message digest function. The prefix to use for MD5 follows:

 MD5 Prefix     hex 30 20 30 0C 06 08 2A 86 48 86 F7 0D 02 05 05 00 04 10 


Recent cryptographic advances have indicated some signs of weakness in MD5. While these frailties do not affect its use with HMAC, use of RSA-MD5 is not recommended.

Secure XML(c) The New Syntax for Signatures and Encryption
Secure XML: The New Syntax for Signatures and Encryption
ISBN: 0201756056
EAN: 2147483647
Year: 2005
Pages: 186

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net