XML Signature

2,436 views
2,239 views

Published on

XML Signature

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,436
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
83
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

XML Signature

  1. 1. XML Signature Prabath Siriwardena Director, Security Architecture
  2. 2. XML Security • Integrity and non-repudiation  XML Signature by W3C  http://www.w3.org/TR/xmldsig-core/ • Confidentiality of XML documents  XML Encryption by W3C  http://www.w3.org/TR/xmlenc-core/
  3. 3. XML-Signature • A joint standard by IETF and W3C for digitally signing all of an XML document, part of an XML document or even an external object. • XML Signature applies to any resource addressable by an URI – including non-xml content. • First security standard to reach recommendation status • WS-Security, XKMS, SAML all depend on XML Signature
  4. 4. XML-Signature • Multiple XML Signatures can be able to exist over the static content of a web resource.
  5. 5. XML-Signature <Signature xmlns=“…../2000/09/xmldsig#”> <SignedInfo /> <SignatureValue /> <KeyInfo /> <Object /> </Signature>
  6. 6. QUESTION 1 What do we actually sign with an XML Signature ?
  7. 7. XML-Signature - Types – – – Enveloping Signature Enveloped Signature Detached Signature
  8. 8. XML-Signature - Enveloping - Wraps item that is being signed within the <Signature> element - <Reference> element points to an element within the <Signature> element Signature
  9. 9. XML-Signature - Enveloping <Signature> <SignedInfo> <Reference URI=“#101” /> </SignedInfo> <SignatureValue>…. </SignatureValue> <KeyInfo>…. </KeyInfo> <Object> <SignedItem id=“101”> …….. </SignedItem> </Object> <Signature> Signature
  10. 10. XML-Signature - Enveloping <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></ds:SignatureMethod> <ds:Reference URI="#TheFirstObject"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>ipbs0UyafkdRIcfIo9zyZLce+CE=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>BSChZzMdH1kHVbKL+EyNorZXcEZ9ekL+cf/VW8ejhItfZoXOZQVNnw==</ds:SignatureValue> <ds:KeyInfo> ... </ds:KeyInfo> <ds:Object Id="TheFirstObject"> <InsideObject>A text in a box</InsideObject> </ds:Object> </ds:Signature> Signature
  11. 11. XML-Signature - Enveloped - <Reference> element points to a parent element outside the <Signature> element Signature Signed XML Content
  12. 12. XML-Signature - Enveloped <SignedItem id=“101”> <SignedElement1>Text</SignedElement1> <Signature> <SignedInfo> <Reference URI=“#101” /> </SignedInfo> <SignatureValue>…. </SignatureValue> <KeyInfo>…. </KeyInfo> <Signature> </SignedItem> Signature
  13. 13. XML-Signature - Enveloped <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1" xmlns:foo="http://example.org/#foo">Some simple text <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></SignatureMethod> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform> <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> <DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</DigestValue> </Reference> </SignedInfo> <SignatureValue>QNoLqAc0KYDmomJA3LvXhCf6vpuN/wh9R4y42QylvJCko9gRDhpHAA==</SignatureValue> <KeyInfo>...</KeyInfo> </Signature> </apache:RootElement> Signature
  14. 14. XML-Signature - Detached - Points to an XML element or binary file out side the <Signature> elements hierarchy - <Reference> element points neither a child nor a parent - Can point to an element within the same document or to another resource completely outside the current XML document. Signature
  15. 15. XML-Signature - Detached Signature Signed XML Content
  16. 16. QUESTION 2 Which signature type is used in WS-Security?
  17. 17. QUESTION 3 Provide a practical example for enveloped signature ? And why it’s needed there ?
  18. 18. XML-Signature <Signature xmlns=“…../2000/09/xmldsig#”> <SignedInfo /> <SignatureValue /> <KeyInfo /> <Object /> </Signature>
  19. 19. XML-Signature - <SignedInfo /> <SignedInfo> <CanonicalizationMethod /> <SignatureMethod /> <Reference URI > <Transforms /> <DigestMethd /> <DigestValue /> </Reference> </SignedInfo>
  20. 20. XML-Signature - <SignedInfo /> <SignedInfo> <CanonicalizationMethod /> <SignatureMethod /> <Reference URI > <Transforms /> <DigestMethd /> <DigestValue /> </Reference> </SignedInfo>
  21. 21. <CanonicalizationMethod /> XML syntax permits a number of options (e.g., which form of empty elements to use, whether to use single or double quotes for attribute values, the order of attributes in a start tag, places where white space is considered insignificant, etc.), it is quite easy to create documents that are physically different and yet logically equivalent.
  22. 22. <CanonicalizationMethod /> The purpose of Canonical XML is to define an algorithm by which a particular physical representation of an XML document can be reliably and repeatedly reduced to its canonical (simplest) form. When the same algorithm is applied to physically different representations to produce their canonical forms, documents can be compared at this logical level.
  23. 23. <CanonicalizationMethod /> • Canonical XML (or Inclusive XML Canonicalization)(XMLC14N) • Exclusive XML Canonicalization(EXCC14N)
  24. 24. <CanonicalizationMethod /> The Canonical XML is used for XML where the context doesn't change while the Exclusive XML was designed for canonicalization where the context might change.
  25. 25. XML-Signature (Example) <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1" xmlns:foo="http://example.org/#foo">Some simple text <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></SignatureMethod> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform> <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> <DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</DigestValue> </Reference> </SignedInfo> <SignatureValue>QNoLqAc0KYDmomJA3LvXhCf6vpuN/wh9R4y42QylvJCko9gRDhpHAA==</SignatureValue> <KeyInfo>...</KeyInfo> </Signature> </apache:RootElement> Signature
  26. 26. QUESTION 4 How about JSON ? Can there be multiple physical representations of the same logical JSON document ?
  27. 27. QUESTION 5 What are the differences between Inclusive Canonicalization and Exclusive Canonicalization.
  28. 28. XML-Signature - <SignedInfo /> <SignedInfo> <CanonicalizationMethod /> <SignatureMethod /> <Reference URI > <Transforms /> <DigestMethd /> <DigestValue /> </Reference> </SignedInfo>
  29. 29. <SignatureMethod /> The SignatureMethod is the algorithm that is used to convert the canonicalized SignedInfo into the SignatureValue.
  30. 30. <SignatureMethod /> - http://www.w3.org/2000/09/xmldsig#dsa-sha1 - http://www.w3.org/2000/09/xmldsig#rsa-sha1 - http://www.w3.org/2000/09/xmldsig#hmacsha1
  31. 31. QUESTION 6 What are the differences between RSA and DSA ?
  32. 32. QUESTION 7 Would HMAC-SHA1 provide both the integrity of a message and the non-repudiation ?
  33. 33. XML-Signature (Example) <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1" xmlns:foo="http://example.org/#foo">Some simple text <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></SignatureMethod> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform> <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> <DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</DigestValue> </Reference> </SignedInfo> <SignatureValue>QNoLqAc0KYDmomJA3LvXhCf6vpuN/wh9R4y42QylvJCko9gRDhpHAA==</SignatureValue> <KeyInfo>...</KeyInfo> </Signature> </apache:RootElement> Signature
  34. 34. XML-Signature - <SignedInfo /> <SignedInfo> <CanonicalizationMethod /> <SignatureMethod /> <Reference URI > <Transforms /> <DigestMethd /> <DigestValue /> </Reference> </SignedInfo>
  35. 35. <Reference/> Points to the elements which are being signed. Any element inside the same XML document starts from “#”.
  36. 36. XML-Signature (Example-1) <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></ds:SignatureMethod> <ds:Reference URI="#TheFirstObject"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod> <ds:DigestValue>ipbs0UyafkdRIcfIo9zyZLce+CE=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>BSChZzMdH1kHVbKL+EyNorZXcEZ9ekL+cf/VW8ejhItfZoXOZQVNnw==</ds:SignatureValue> <ds:KeyInfo> ... </ds:KeyInfo> <ds:Object Id="TheFirstObject"> <InsideObject>A text in a box</InsideObject> </ds:Object> </ds:Signature> Signature
  37. 37. XML-Signature (Example-2) <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1" xmlns:foo="http://example.org/#foo">Some simple text <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></SignatureMethod> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform> <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod> <DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</DigestValue> </Reference> </SignedInfo> <SignatureValue>QNoLqAc0KYDmomJA3LvXhCf6vpuN/wh9R4y42QylvJCko9gRDhpHAA==</SignatureValue> <KeyInfo>...</KeyInfo> </Signature> </apache:RootElement> Signature
  38. 38. QUESTION 8 How do we reference an XML element in an external XML document ?
  39. 39. XML-Signature - <Reference/> <SignedInfo> <CanonicalizationMethod /> <SignatureMethod /> <Reference URI > <Transforms /> <DigestMethd /> <DigestValue /> </Reference> </SignedInfo>
  40. 40. <Transforms/> - <Transforms/> receive the results of dereferencing the <Reference URI=“”> and alter the result in some way. - A simple <Transform> can be an Xpath statement that causes the signature to apply only to a part of an XML document. - Multiple transforms can appear under a <Reference> working in a pipe-line fashion. - <Transform Algorithm=“” />
  41. 41. QUESTION 9 What is the difference between CanonicalizationMethod and the Transforms ?
  42. 42. <Transforms/> XML Signature spec defines five Transforms 1. Canonicalization 2. Base-64 3. XPath Filtering 4. Enveloped Signature Transform 5. XSLT Transform
  43. 43. <Transforms/> Canonicalization - Normalize the XML, so that regardless of physical inconsistencies, two logically equivalent XML documents will become physically bit to bit to equivalent. <Order> <Items> <Order> <Items> <item number=100></item> <item number=101></item> </Items> </Order> <item number=100/> <item number=101/> </Items> </Order>
  44. 44. <Transforms/> Base-64 - Maps binary data into text - http://www.w3.org/2000/09/xmldsig#base64
  45. 45. <Transforms/> XPath Filtering - Commonly used when we want to sign just a fragment of an XML document. - http://www.w3.org/TR/1999/REC-xpath-19991116
  46. 46. <Transforms/> Enveloped Signature Transform - Commonly used in Enveloped Signatures where the parent element is to be signed. - Need to remove the Signature element from the element being signed before validation. http://www.w3.org/2000/09/xmldsig#enveloped-signature
  47. 47. QUESTION 10 Provide an example for Enveloped Signature Transformation and explain why its needed?
  48. 48. <Transforms/> XSLT Transform - A good practice is to sign what actually the signer sees. - Used to sign XML documents when an XSL is involved. - http://www.w3.org/TR/1999/REC-xslt-19991116
  49. 49. XML-Signature - <Reference/> <SignedInfo> <CanonicalizationMethod /> <SignatureMethod /> <Reference URI > <Transforms /> <DigestMethd /> <DigestValue /> </Reference> </SignedInfo>
  50. 50. <DigestMethod/> - Algorithm to calculate the digest of the element/resource pointed by the <Reference URI=“”> - <DigestMethod Algorithm=http://www.w3.org/2000/09/xmldsig#sha 1 />
  51. 51. QUESTION 11 Explain two digest methods with similarities and differences.
  52. 52. <DigestValue/> - Contains Base-64 encoded value of the digest <DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</Dige stValue>
  53. 53. QUESTION 12 Why do we have to base64 encode the digest value ?
  54. 54. XML-Signature <Signature xmlns=“…../2000/09/xmldsig#”> <SignedInfo /> <SignatureValue /> <KeyInfo /> <Object /> </Signature>
  55. 55. <SignatureValue/> The Base-64 resulting value of encrypting the digest of the <SignedInfo/> element.
  56. 56. QUESTION 13 Where do we specify the digest method to create the digest of the SignedInfo ?
  57. 57. XML-Signature <Signature xmlns=“…../2000/09/xmldsig#”> <SignedInfo /> <SignatureValue /> <KeyInfo /> <Object /> </Signature>
  58. 58. <KeyInfo> This is an optional element in the XML Signature, if no KeyInfo – it is expected that we what the validation key is.
  59. 59. <KeyInfo> <KeyInfo> <KeyName /> <KeyValue /> <RetrievalMethod /> <X509Data /> <PGPData /> <SPKIData /> </KeyInfo>
  60. 60. <KeyName/> A unique name to identify the associated key.
  61. 61. <KeyInfo> <KeyInfo> <KeyName /> <KeyValue /> <RetrievalMethod /> <X509Data /> <PGPData /> <SPKIData /> </KeyInfo>
  62. 62. <KeyValue/> Actual key it self embedded in XML.
  63. 63. <KeyInfo> <KeyInfo> <KeyName /> <KeyValue /> <RetrievalMethod /> <X509Data /> <PGPData /> <SPKIData /> </KeyInfo>
  64. 64. <RetrievalMethod/> - Used to reference a key that is stored in a separate location. - If multiple signatures use the same key, we can keep the KeyInfo structure in a standalone element with a unique ID and refer to using <RetrievalMethod/> of each <Signature> - Either or both the ds:KeyName and RetrievalMethod could be used to identify the same key. <KeyInfo> <RetrievalMethod URI='#EK' "/> <KeyName>Sally Doe</KeyName> <KeyInfo>
  65. 65. <KeyInfo> <KeyInfo> <KeyName /> <KeyValue /> <RetrievalMethod /> <X509Data /> <PGPData /> <SPKIData /> </KeyInfo>
  66. 66. <X509Data/> - Provides either an identifier to look to look up an X509 certificate or the X509 certificate it self. - A certificate chain can also be contained in X509Data
  67. 67. <KeyInfo> <KeyInfo> <KeyName /> <KeyValue /> <RetrievalMethod /> <X509Data /> <PGPData /> <SPKIData /> </KeyInfo>
  68. 68. <PGPData/> Can point to the PGP key or can contain the key it self.
  69. 69. <KeyInfo> <KeyInfo> <KeyName /> <KeyValue /> <RetrievalMethod /> <X509Data /> <PGPData /> <SPKIData /> </KeyInfo>
  70. 70. <SPKIData/> Similar to PGPData point to the key or contains key it self.
  71. 71. XML-Signature <Signature xmlns=“…../2000/09/xmldsig#”> <SignedInfo /> <SignatureValue /> <KeyInfo /> <Object /> </Signature>
  72. 72. <Object/> - Can put anything you want. - Typically includes one of the following three 1. XML fragment or a base-64 encoded binary object – Enveloping Signature 2. A <Manifest> element 3. A <SignatureProperties> element
  73. 73. <Manifest/> <Object> <Manifest Id=“101”> <Reference>…. </Reference> <Reference> …. </Reference> </Manifest> </Object>
  74. 74. <Manifest/> - Contains a list of references - <Reference> elements inside <SignedInfo> element must be validated in order to accept the signature a valid one. - To validate or not to validate <Reference> elements inside <Manifest> element is up to the developer decide. - Developers get more granular control over which <Reference> mater and which does not.
  75. 75. <Manifest/> <SignedInfo> <Reference URI=“101” Type=“"http://www.w3.org/2000/09/xmldsig#Man ifest"”> …… </Reference> </SignedInfo>
  76. 76. <SignatureProperties/> Provides a place to put name/value information about the signature it self. <Object> <SignatureProperties> <SignatureProperty Id=“101” Target=“#100”> <timestamp xmlns=“”> <date>….</date> <time>….</time> </timestamp> </SignatureProperty> </SignatureProperties> </Object>
  77. 77. <SignatureProperties/> <Signature Id=“100”> <SignedInfo> <Reference URI=“101” Type=“" http://www.w3.org/2000/09/xmldsig#SignatureProperties "”> …… </Reference> </SignedInfo> </Signature>
  78. 78. XML-Signature Building Process - Reference Generation - Signature Generation
  79. 79. XML-Signature Ref. Generation 1. Obtain the resource specified by the <Reference URI=“” > 2. Apply Transforms 3. Calculate the digest for the final output from the Transform algorithm, using the <DigestMethod> 4. Create the <Reference> element including all it’s sub elements by populating the <DigestValue> 5. Perform the above actions to all the <Reference> elements found inside <SignedInfo>
  80. 80. XML-Signature Sig. Generation 1. Create the <SignedInfo> element 2. Canonicalize <SignedInfo> element using the algorithm specified under <CanonicalizationMethod> 3. Create a hash for the out put of the canonicalization using the <SignatureMethod> specified. 4. Create the <SignatureValue> with the <SignatureMethod> specified, against the canonicalized, hashed <SignedInfo> 5. Build the complete <Signature> element
  81. 81. XML-Signature Validation Process - Reference Validation - Signature Validation
  82. 82. XML-Signature Ref. Validation 1. Canonicalize the <SignedInfo> element based on the <CanonicalizationMethod> element. 2. For each <Reference> element do the following 3. Get the resource pointed out by the <Reference> 4. Apply Transforms 5. Create a hash using the <DigestMethod> 6. Find the DigestValue and compare it with the DigestValue returned.
  83. 83. XML-Signature Sig. Validation 1. Obtain the key used to sign the message 2. Create a hash of the canonicalized <SignedInfo> 3. Using the verification key decrypt the <SignatureValue> 4. Compare the value from 3 with value from 2.
  84. 84. lean . enterprise . middleware

×