Presentation on theme: "An Overview of XML Digital Signatures Xuemei Wu. Introduction XML Digital Signatures are digital signatures designed for use in XML transactions. An XML."— Presentation transcript:
Introduction XML Digital Signatures are digital signatures designed for use in XML transactions. An XML Signature may be applied to the content of one or more resources. Three different types XML Signatures: (a) enveloped (b) enveloping (c) detached signatures
Introduction (cont.) XML Signature can be used to sign only portions of a XML message. The use of XML Digital Signatures involves two parts: (a) XML Digital Signatures creation (b) XML Digital Signatures verification.
Basic Structure ( ( )? )+ ( )? ( )* element is the root element element is the information that you signed is the algorithm which used to canonicalize the is the algorithm which used to convert the into the includes the digest method and resulting digest value is an optional ordered list of processing steps is the algorithm applied to the data to obtain the indicates the public key includes data objects
Basic Structure (cont.) Enveloped Format … Detached Format … Enveloping Format …
Basic Structure (Example) 1lCKQWfJg9712sP9o9ekL6o7Mg 8= RTYE1EF2wv7H6YaLC1XoM 7qMnU55rMRSYouXKsnL1zDdR2R58WN6 XiZPW4exvrq56OuVFHNdJWbtgcuXAkW5 wg== pLdP0GGla/imcV1JZve+J881NtZvH D0gcGmkAIdYlM33bHopEhKC7c+rIDSceL x0As+WKaVAcxIJVsfZCtpERP== BQCB this test message to be signed is enveloped within the XML signature this test message to be signed is part of the document that envelops the XML signature
Basic Structure (Sign a portion of the resource) 1C3KWAjgF9712sQ9o9ekL6o7oP8= PEOR1EF2wv7H6YaLC1XoM 7qMnU55rMRSYouXKsnL1zDdR2R58WN6 XiZQW4exvrq56OuFGHNdJWbtgcuXAkCR 5g== opEQ0GGla/imcV1JZve+J881NtZvD H0gcGmkAIdYlM33bHopEhKC7c+rIFJceLx 0As+WKaVAcxIJVsfZCtpPRY== POBA
XML Signatures Application XML Signatures Creation XML Signatures Verification
XML Signature Creation Identifying the resources to be signed Computing the digest of each resource Signing the document
XML Signature Creation (cont.) Adding key information - Public key info be put into the element. - The step is optional. Constructing the signature element - Put all the pieces together.
XML Signature Verification Verifying the digital signature of the element - Calculate the digest of the element. - Unsign the element with public key. - Compare the two values above. Computing the digests of the references - Recalculate the digests of the references in the element - compare them with the digest values specified in.
Summary XML Signature is powerful and flexible (a) Three basic formats (b) Any combination of the three basic formats (c) Ability to sign multiple resources (d) Ability to sign a portion or portions of a resource XML Signature is straightforward to understand and implement References W3C XML-Signature Syntax and Processing http://www.w3.org/TR/xmldsig-core http://www.w3.org/TR/2002/REC-xmldsig-core-20020212