Presentation is loading. Please wait.

Presentation is loading. Please wait.

How to Use XML Security Standards in Real World Aleksey Sanin O’Reilly Open Source Convention July 7 - 11, 2003.

Published byDalia Haselton Modified over 9 years ago

Similar presentations

Presentation on theme: "How to Use XML Security Standards in Real World Aleksey Sanin O’Reilly Open Source Convention July 7 - 11, 2003."— Presentation transcript:

1 How to Use XML Security Standards in Real World Aleksey Sanin O’Reilly Open Source Convention July 7 - 11, 2003

2 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world Agenda W3C XML Security specifications XML Security Library Practical XML Security

3 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world W3C XML Security Standards XML Canonicalization and Exclusive XML Canonicalization (W3C recommendations) http://www.w3.org/TR/xml-c14n/ http://www.w3.org/TR/xml-exc-c14n/ XML Signature (W3C recommendation) http://www.w3.org/TR/xmldsig-core/ XML Encryption (W3C recommendation) http://www.w3.org/TR/xmlenc-core/ XML Key Management (W3C working draft) http://www.w3.org/TR/xkms2/

4 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world Why Do We Need New Specifications? SSL/TLS provides transport level security when Web services need messages level security –Store message for later use –Session keys in SSL/TLS Fine grained security for XML documents

5 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Canonicalization

6 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Canonicalization (Continue) C14N is a serialization of XML document or XPath node set to a binary string. There are many C14N algorithms (W3C: C14N, Exclusive C14N). Same input data (XML document or XPath node set) and same C14N algorithm produce the same binary string. Use Exclusive C14N.

7 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Digital Signature Structure + ? ( )*

8 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Digital Signature Structure: Reference element ( ( )+ )?

9 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Digital Signature Structure: KeyInfo element ?

10 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Digital Signature Generation Calculate digests other signed data from element. Compose element. Calculate signature other element and place result in element.

11 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Digital Signature: Enveloped Signature Example Hello, World! 9H/rQr... Mx4psI... My-RSA-Key

12 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Digital Signature: Enveloped Signature Example (Continue) Digested data: Hello, World! Signed data: 9H/rQr...

13 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Encryption Structure ? ? ?

14 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Encryption: Example My-DES-Key WXlDy...

15 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Security Toolkits XML Security Library (C/C++) http://www.aleksey.com/xmlsec Microsoft.NET (C#) http://msdn.microsoft.com/netframework/ DataPower (Hardware) http://www.datapower.com/products/xs40.html Apache XML Security (Java) http://xml.apache.org/security/index.html Baltimore Technologies (Java) http://www.baltimore.com/keytools/xml/ IBM XML Security Suite (Java) http://www.alphaworks.ibm.com/tech/xmlsecuritysuite Phaos Technology Corporation (Java) http://phaos.com/products/category/xml.html

16 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Security Library Open Source (MIT license) Based on LibXML2/LibXSLT and your favorite cryptographic library Strong standards support Very fast Can use practically any cryptographic library (OpenSSL, GnuTLS, NSS, …) Portable (Linux, OpenBSD, FreeBSD, Solaris, Windows, Mac OS X, …)

17 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Security Library: Objects Transforms Keys Keys Manager Operation Contexts –Signature –Encryption –Transforms –Key selection Templates

18 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Security Library: Templates Hello, World!

19 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Security Library: Signing or Encrypting XML Document Prepare keys manager (the same keys manager can be shared by multiple operations) Create or load "template" and select the start node ( or ) Create signature (xmlSecDSigCtx) or encryption (xmlSecEncCtx) context object Specify signature or encryption key in the template (by name, for example) or in the context object Sign or encrypt data and consume the result Destroy context object

20 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Security Library: Signature Example int sign_template(xmlDocPtr tmpl, xmlNodePtr startNode, xmlSecKeyPtr key) { xmlSecDSigCtxPtr dsigCtx; /* create signature context w/o keys manager */ dsigCtx = xmlSecDSigCtxCreate(NULL); if(dsigCtx == NULL) { fprintf(stderr,"Error: failed to create context.\n"); return(-1); } /* set signature key in the context */ dsigCtx->signKey = xmlSecKeyDuplicate(key); if(dsigCtx->signKey == NULL) { fprintf(stderr,"Error: failed to duplicate key.\n"); xmlSecDSigCtxDestroy(dsigCtx); return(-1); }

21 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Security Library: Signature Example (Continue) /* sign the template */ if(xmlSecDSigCtxSign(dsigCtx, startNode) < 0) { fprintf(stderr,"Error: signature failed.\n"); xmlSecDSigCtxDestroy(dsigCtx); return(-1); } /* destroy context object */ xmlSecDSigCtxDestroy(dsigCtx); return(0); }

22 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Security Library: Verifying Signature Prepare keys manager (the same keys manager can be shared by multiple operations) Load signed document and select the start node ( or ) Create signature (xmlSecDSigCtx) or encryption (xmlSecEncCtx) context object Verify signature or decrypt the data, consume the result Destroy context object

23 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Security Library: Signature Verification Example int verify_document(xmlDocPtr doc, xmlNodePtr startNode, xmlSecKeysMngrPtr keysMngr) { xmlSecDSigCtxPtr dsigCtx; int res; /* create signature context */ dsigCtx = xmlSecDSigCtxCreate(keysMngr); if(dsigCtx == NULL) { fprintf(stderr,"Error: failed to create context.\n"); return(-1); } /* Verify signature */ if(xmlSecDSigCtxVerify(dsigCtx, startNode) < 0) { fprintf(stderr,"Error: verification failed.\n"); xmlSecDSigCtxDestroy(dsigCtx); return(-1); }

24 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world XML Security Library: Signature Verification Example (Continue) /* check verification result */ if(dsigCtx->status == xmlSecDSigStatusSucceeded) { /* signature is valid */ res = 1; } else { /* signature is invalid */ res = 0; } /* destroy signature context */ xmlSecDSigCtxDestroy(dsigCtx); return(res); }

25 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world Practical XML Security Check what was actually signed –Use pre-digested data –Analyze used transforms Limit allowed digest, signature, encryption and transform algorithms Limit allowed key sources Check that data or key source matches expectation

26 Wednesday, July 09 2003 4:30pm - 5:15pm Aleksey Sanin - How to use XML Security standards in real world

Download ppt "How to Use XML Security Standards in Real World Aleksey Sanin O’Reilly Open Source Convention July 7 - 11, 2003."

Similar presentations

Cryptography and the Internet Daryl Banttari

Cryptography and the Internet Daryl Banttari
Public Key Infrastructure – tell me in plain English AND THEN deep technical how PKI works Steve Lamb stephlam@microsoft.com http://blogs.technet.com/steve_lamb.

Public Key Infrastructure – tell me in plain English AND THEN deep technical how PKI works Steve Lamb
PKCS-11 Protocol for Enterprise Key Management

PKCS-11 Protocol for Enterprise Key Management
XML Key Management Requirements W3C XML Key Management Working Group Meeting – Dec 9 th, 2001 Frederick Hirsch (Zolera Systems) Mike Just (Entrust)

XML Key Management Requirements W3C XML Key Management Working Group Meeting – Dec 9 th, 2001 Frederick Hirsch (Zolera Systems) Mike Just (Entrust)
Debugging lab 2.

Debugging lab 2.
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Web security: SSL and TLS

Web security: SSL and TLS
1 COMM 1213 H1 COMP 4923 X1 JavaScript 1 (Readings: Ch. 10, 11 Knuckles)

1 COMM 1213 H1 COMP 4923 X1 JavaScript 1 (Readings: Ch. 10, 11 Knuckles)
Network Security: Lab#2 J. H. Wang Apr. 28, 2011.

Network Security: Lab#2 J. H. Wang Apr. 28, 2011.
An Overview of XML Digital Signatures Xuemei Wu. Introduction XML Digital Signatures are digital signatures designed for use in XML transactions. An XML.

An Overview of XML Digital Signatures Xuemei Wu. Introduction XML Digital Signatures are digital signatures designed for use in XML transactions. An XML.
XML Encryption Prabath Siriwardena Director, Security Architecture.

XML Encryption Prabath Siriwardena Director, Security Architecture.
SSL Implementation Guide Onno W. Purbo

SSL Implementation Guide Onno W. Purbo
SOAP Quang Vinh Pham Simon De Baets Université Libre de Bruxelles1.

SOAP Quang Vinh Pham Simon De Baets Université Libre de Bruxelles1.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Software based Acceleration Methods for XML Signature (Or: is there such a method) Youjin Song DongGuk University, Korea Yuliang Zheng University of North.

Software based Acceleration Methods for XML Signature (Or: is there such a method) Youjin Song DongGuk University, Korea Yuliang Zheng University of North.
An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

Similar presentations

Ads by Google