XML-DSig Facts

This document provides facts related to XML-DSig for usage in the written part of my diploma thesis.

Content

General

  • XML Digital Signature
  • produced jointly by the W3C and the Internet Engineering Task Force (IETF) [On02]
  • Like XML Encryption, it does not only apply to XML. [On02]
  • As explaining how to digitally sign portions of an XML document, XML Signature also explains how to express the digital signature of any data as XML. As such, it is an "XML-aware digital signature". [On02]
  • PKCS#7 is a means of rendering encrypted data, and signed data, which predates XML Signature and XML Encryption. Rather than using XML, it uses Abstract Syntax Notation number 1 (ASN.1). ASN.1 is a binary format, renowned for its complexity. [On02]
  • The power of XML Signature for Web Services is the ability to selectively sign XML data. [On02]
  • defines procedures for computing and verifying (such) signatures [Sh03]
  • addresses is the canonicalization of XML documents (Canonicalization enables the generation of the identical message digest and thus identical digital signatures for XML documents that are syntactically equivalent but different in appearance due to, for example, a different number of white spaces present in the documents.) [Sh03]
  • The document you sign can be local or even a remote object, as long as those objects can be referenced through a URI (Uniform Resource Identifier) [Sh03]
  • You can sign not only XML data, but also non-XML data [Sh03]
  • signature can be either enveloped or enveloping, which means the signature can be either embedded in a document being signed or reside outside the document [Sh03]
  • allows multiple signing levels for the same content, thus allowing flexible signing semantics. For example, the same content can be semantically signed, cosigned, witnessed, and notarized by different people. [Sh03]

What is XML-DSig?

Article foundFact
Sicherheit [Eckert]
  • Signieren entfernter Datenobjekte via URI oder lokale Datenobjekte
  • Speicherung:
    • getrennt vom signierten Content: detached signature
    • eingebettet in den signierten Content: enveloped signature
    • signierter Contentin Signatur: enveloping signature
XML Security: Implement security layers, Part 2 - Core technologies -- XML encryption and XML signature [Ve03b] XML signature is an extension of already existing digital signature infrastructure. Some objectives and motivations for creating an XML signature are:
  • Structure around the digital signature allows digital signatures to be represented as XML documents
  • Possibility to digitally sign part of the XML, leaving the rest of the document unsigned
  • Possibility to have more than one digital signature sign different parts of the same XML document
  • Need to persist the signatures and not simply use them for document transportation and communication

Signature of digital content is a two-stage process. In the first stage, the digital content is digested and the resulting value is placed in an XML element. In stage two, the digested value is picked and signed. The reason for doing this is simple: Digesting the original content generates a small but unique encrypted value (digest) that takes less time to sign as compared to the original content.

Problems

Article foundFact
XML security : Implement security layers, Part 1 - Basic plumbing technologies [Ve03a] if you digitally sign some XML markup and then try to verify the digital signature after modifying the order of some attributes -- or adding or removing some insignificant whitespace without logically changing the XML -- the verification will fail. To ensure that you get success every time you try to verify the digital signatures of logically equivalent XML -- irrespective of its physical representation -- you must make sure that the XML is in an agreed-upon standard format. That standard is called canonicalization and it is a standard mechanism for serializing XML (@see Normal canonicalization and Exclusive canonicalization)

So which one should you use, normal or exclusive canonicalization? Consider this: With digital signatures, the digitally signed payload may have to be inserted into a different context after it is removed from its original message. If normal canonicalization is used, the payload will include the context of its original message's ancestor elements, and all namespace declarations and attributes in the xmlns namespace. The payload, thus extracted from the original message, may not be inserted faithfully into a different context.

Exclusive canonicalization is required for digital signatures in which the ancestor element's context, attribute, and declaration of the xmlns namespace are excluded, thus making the digitally signed payload portable to different contexts.

XML-Elements

Article foundFact
XML Security: Implement security layers, Part 2 - Core technologies -- XML encryption and XML signature [Ve03b]
<Signature> contains the resulting XML signature

The original content is related to the digital signature based on these XML signature type definitions:
  • Enveloping signature: The <Signature> element includes the element that is digitally signed. The digitally signed element becomes the child of the <Signature> element.
  • Enveloped signature: The <Signature> element becomes a child element of the data being signed. The <Signature> element refers to the signed element by using information in its <Reference> element.
  • Detached signature: The <Signature> element and the signed element are kept separate. The element being signed and the <Signature> element could be siblings in the same document, or the <Signature> element could be in an altogether different document.

the <Signature> element includes information about the following:
  • The method used to canonicalize the digital content
  • The algorithm used to generate the signature for the canonicalized element to be signed
  • Additional information that specifies how to process the element to be signed before it is digested

Structure

Article foundFact
XML signatures: Behind the curtain - Who can be trusted with authentication? [Lo01] 
<Signature>
	<SignedInfo>
		(CanonicalizationMethod)
		(SignatureMethod)
		(<Reference (URI=)? >
			(Transforms)?
			(DigestMethod)
			(DigestValue)
		</Reference>)+
	</SignedInfo>
	(SignatureValue)
	(KeyInfo)?
	(Object)*
</Signature>

Sample

Article foundFact
XML signatures: Behind the curtain - Who can be trusted with authentication? [Lo01] 
<Signature Id="MyFirstSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
	<SignedInfo>
		<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
		<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
		<Reference URI="http://www.w3.org/TR/2000/REC-xhtml1-20000126/">
			<Transforms>
				<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
			</Transforms>
			<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
			<DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue>
		</Reference>
	</SignedInfo>
	<SignatureValue>MC0CFFrVLtRlk=...</SignatureValue>
	<KeyInfo>
		<KeyValue>
			<DSAKeyValue>
				<p>...</p><Q>...</Q><G>...</G><Y>...</Y>
			</DSAKeyValue>
		</KeyValue>
	</KeyInfo>
</Signature>