SlideShare a Scribd company logo

Tokenauthenticatie en xml signature in detail

Download as PPTX, PDF
Marc de Graauw
Marc de Graauw
TechnologyNews & Politics
1 of 33
Tokenauthenticatie& XML Signaturein detail
Tokenauthenticatie smartcard met private key Certificaat QURX_ EX990011NL token maken SignedInfo maken RSA / SHA sig maken signedData SignedInfo SignatureValue Bericht maken SOAP bericht
Transformatie XML 2 SignedData Verstrekkings- Lijstquery QURX_IN990111NL_01.xml signedData.xsl signedData QURX_IN990111NL_01_signedData.xml
VerstrekkingsLijstquery
signedData X.509 Strong Authentication message id nonce unieke indentificatie van bericht (if duplicate removal has already taken place) notBefore & notAfter time to live security semantics can expire time to store & check nonce addressedParty replay against other receivers Koppeling met bericht BSN voor patiëntgerelateerde berichten Trigger Event Id versieonafhankelijk, itt. InteractionId
signedData.xml (pretty print)
Token versus bestand
Whitespace eruit signedData QURX_IN990111NL_01_signedData.xml remove- whitespace- between- elements.xsl signedData QURX_IN990111NL_01_signedData.xml
Exclusive Canonicalization signedData QURX_IN990111NL_01_signedData.xml excc14n (Oxygen gebruikt) signedData excc14n signedData_ excc14n.xml
Exclusive Canonicalization
Exclusive Canonicalization Dubbele quotes ipv. enkele Namespace declaraties vóór attributen Namespaces alfabetisch rangschikken Linefeed, geen carriage return of CR/LF Geen Byte Order Mark UTF-8
Signed Info element signedData excc14n signedData_ excc14n.xml bits SignedInfo template SHA1 hash wsu Id 160 bits maken SignedInfo Base64 karakters SignedInfo SignedInfo.xml
SHA: Cryptographic hash Wikipedia: A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value.
SHA SHA1 ... SHA256 1995: SHA-1 NSA 2005: zwaktes in SHA-1 ontdekt 2001: SHA-2 (225, 256, 384, 512) 2008 – 12: SHA-3, open competitie SHA-1 input: message maximum (264 − 1) bits output: 160 bits
Base 64 UTF-8: niet alle octets zijn toegestaan! Ergo: binaire data kunnen niet zomaar in XML / UTF-8 Oplossing: bits -> karakters RFC2045 (MIME) alfabet: [A-Z][a-z][0-9]+/
SHA + Base64 Input (bits) SHA1 (160 bits) 4vBP5K5M5llABaWYzxCrKIdjS2I= Base 64
SignedInfo
RSA with SHA SignedInfo (exc c14n) private key bits SHA1 hash 400 bits RSA 160 bits 408 bits ASN.1 DER formaat Base64 3021300906 052b0e0302 1a05000414 karakters 3031300d06 0960864801 6503040201 05000420 SignatureValue SHA 256 -> 464 bits
Sender Receiver “Hello world” “Hello world” SHA-1 hash: 5llABaWYz xCrKIdjS... Public key: MIICHzCCAY ygAwIBAgI..... OK Private key: shhhh..... RSA sig value: c9fVK7vYAdv s2DRZVtS... RSA sig value: c9fVK7vYAdv s2DRZVtS...
Security Services (X.800) Authentication Authorization Data Confidentiality Data Integrity Non-repudiation
Security services
Key usage
SOAP bericht signedData SignedInfo SignatureValue Certificaat verwijzing QURX_ EX990011NL Header maken Header maken authentication Tokens wss:Security Bericht maken SOAP bericht
SOAP bericht
Transformatie XML 2 SignedData Verstrekkings- Lijstquery QURX_IN990111NL_01.xml signedData.xsl signedData QURX_IN990111NL_01_signedData.xml
Whitespace eruit signedData QURX_IN990111NL_01_signedData.xml remove- whitespace- between- elements.xsl signedData QURX_IN990111NL_01_signedData.xml
Exclusive Canonicalization signedData QURX_IN990111NL_01_signedData.xml excc14n (Oxygen gebruikt) signedData excc14n signedData_ excc14n.xml
Signed Info element signedData excc14n signedData_ excc14n.xml bits SignedInfo template SHA1 hash wsu Id 160 bits maken SignedInfo Base64 karakters SignedInfo SignedInfo.xml
RSA with SHA SignedInfo (exc c14n) private key bits SHA1 hash 400 bits RSA 160 bits 160 bits ASN.1 DER formaat Base64 3021300906 052b0e0302 1a05000414 karakters 3031300d06 0960864801 6503040201 05000420 SignatureValue SHA 256 -> 464 bits
SOAP bericht signedData SignedInfo SignatureValue Certificaat verwijzing QURX_ EX990011NL Header maken Header maken authentication Tokens wss:Security Bericht maken SOAP bericht
Tokenauthenticatie smartcard met private key Certificaat QURX_ EX990011NL token maken SignedInfo maken RSA / SHA sig maken signedData SignedInfo SignatureValue Bericht maken SOAP bericht

Recommended

Apple tree
Apple treeApple tree
Apple treeBehta Mirjany
 
Road map to tap global opportunities feb 2015
Road map to tap global opportunities feb 2015Road map to tap global opportunities feb 2015
Road map to tap global opportunities feb 2015CA George Kurian
 
Project mercury
Project mercuryProject mercury
Project mercurymstcmath
 
Lynx
LynxLynx
LynxAimeeJ
 
Branded Facebook Landing Pages
Branded Facebook Landing PagesBranded Facebook Landing Pages
Branded Facebook Landing Pagesmarcogiordano
 
Informe conclusiones think tank aplicaciones móviles y turismo
Informe conclusiones think tank aplicaciones móviles y turismoInforme conclusiones think tank aplicaciones móviles y turismo
Informe conclusiones think tank aplicaciones móviles y turismoTurismo.as
 
Turismo.as, Winning Tourism Strategist
Turismo.as, Winning Tourism StrategistTurismo.as, Winning Tourism Strategist
Turismo.as, Winning Tourism StrategistTurismo.as
 
Apollo- Megan O'Neil
Apollo- Megan O'NeilApollo- Megan O'Neil
Apollo- Megan O'Neilmstcmath
 

Recommended

Apple tree
Apple treeApple tree
Apple treeBehta Mirjany
 
Road map to tap global opportunities feb 2015
Road map to tap global opportunities feb 2015Road map to tap global opportunities feb 2015
Road map to tap global opportunities feb 2015CA George Kurian
 
Project mercury
Project mercuryProject mercury
Project mercurymstcmath
 
Lynx
LynxLynx
LynxAimeeJ
 
Branded Facebook Landing Pages
Branded Facebook Landing PagesBranded Facebook Landing Pages
Branded Facebook Landing Pagesmarcogiordano
 
Informe conclusiones think tank aplicaciones móviles y turismo
Informe conclusiones think tank aplicaciones móviles y turismoInforme conclusiones think tank aplicaciones móviles y turismo
Informe conclusiones think tank aplicaciones móviles y turismoTurismo.as
 
Turismo.as, Winning Tourism Strategist
Turismo.as, Winning Tourism StrategistTurismo.as, Winning Tourism Strategist
Turismo.as, Winning Tourism StrategistTurismo.as
 
Apollo- Megan O'Neil
Apollo- Megan O'NeilApollo- Megan O'Neil
Apollo- Megan O'Neilmstcmath
 
Elektronische handtekening in de zorg
Elektronische handtekening in de zorgElektronische handtekening in de zorg
Elektronische handtekening in de zorgMarc de Graauw
 
Authentication and signatures overview
Authentication and signatures overviewAuthentication and signatures overview
Authentication and signatures overviewMarc de Graauw
 
Identiteit in de ict
Identiteit in de ictIdentiteit in de ict
Identiteit in de ictMarc de Graauw
 
Reliable messaging
Reliable messagingReliable messaging
Reliable messagingMarc de Graauw
 
Overzicht aorta
Overzicht aortaOverzicht aorta
Overzicht aortaMarc de Graauw
 
Hl7v3 schema issues
Hl7v3 schema issuesHl7v3 schema issues
Hl7v3 schema issuesMarc de Graauw
 
Hl7v3 and web services
Hl7v3 and web servicesHl7v3 and web services
Hl7v3 and web servicesMarc de Graauw
 
XML tekortkomingen en pluspunten
XML tekortkomingen en pluspuntenXML tekortkomingen en pluspunten
XML tekortkomingen en pluspuntenMarc de Graauw
 
Versioning theory
Versioning theoryVersioning theory
Versioning theoryMarc de Graauw
 
Versiecontrole in de keten
Versiecontrole in de ketenVersiecontrole in de keten
Versiecontrole in de ketenMarc de Graauw
 
Unicode
UnicodeUnicode
UnicodeMarc de Graauw
 
Luister niet naar de gebruiker
Luister niet naar de gebruikerLuister niet naar de gebruiker
Luister niet naar de gebruikerMarc de Graauw
 
Overzicht hl7v3
Overzicht hl7v3Overzicht hl7v3
Overzicht hl7v3Marc de Graauw
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

More Related Content

More from Marc de Graauw

Elektronische handtekening in de zorg
Elektronische handtekening in de zorgElektronische handtekening in de zorg
Elektronische handtekening in de zorgMarc de Graauw
 
Authentication and signatures overview
Authentication and signatures overviewAuthentication and signatures overview
Authentication and signatures overviewMarc de Graauw
 
Hl7v3 and web services
Hl7v3 and web servicesHl7v3 and web services
Hl7v3 and web servicesMarc de Graauw
 
XML tekortkomingen en pluspunten
XML tekortkomingen en pluspuntenXML tekortkomingen en pluspunten
XML tekortkomingen en pluspuntenMarc de Graauw
 
Versiecontrole in de keten
Versiecontrole in de ketenVersiecontrole in de keten
Versiecontrole in de ketenMarc de Graauw
 
Luister niet naar de gebruiker
Luister niet naar de gebruikerLuister niet naar de gebruiker
Luister niet naar de gebruikerMarc de Graauw
 

More from Marc de Graauw (13)

Elektronische handtekening in de zorg
Elektronische handtekening in de zorgElektronische handtekening in de zorg
Elektronische handtekening in de zorg
 
Authentication and signatures overview
Authentication and signatures overviewAuthentication and signatures overview
Authentication and signatures overview
 
Identiteit in de ict
Identiteit in de ictIdentiteit in de ict
Identiteit in de ict
 
Reliable messaging
Reliable messagingReliable messaging
Reliable messaging
 
Overzicht aorta
Overzicht aortaOverzicht aorta
Overzicht aorta
 
Hl7v3 schema issues
Hl7v3 schema issuesHl7v3 schema issues
Hl7v3 schema issues
 
Hl7v3 and web services
Hl7v3 and web servicesHl7v3 and web services
Hl7v3 and web services
 
XML tekortkomingen en pluspunten
XML tekortkomingen en pluspuntenXML tekortkomingen en pluspunten
XML tekortkomingen en pluspunten
 
Versioning theory
Versioning theoryVersioning theory
Versioning theory
 
Versiecontrole in de keten
Versiecontrole in de ketenVersiecontrole in de keten
Versiecontrole in de keten
 
Unicode
UnicodeUnicode
Unicode
 
Luister niet naar de gebruiker
Luister niet naar de gebruikerLuister niet naar de gebruiker
Luister niet naar de gebruiker
 
Overzicht hl7v3
Overzicht hl7v3Overzicht hl7v3
Overzicht hl7v3
 

Recently uploaded

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Recently uploaded (20)

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

Tokenauthenticatie en xml signature in detail

  • 2. Tokenauthenticatie smartcard met private key Certificaat QURX_ EX990011NL token maken SignedInfo maken RSA / SHA sig maken signedData SignedInfo SignatureValue Bericht maken SOAP bericht
  • 3. Transformatie XML 2 SignedData Verstrekkings- Lijstquery QURX_IN990111NL_01.xml signedData.xsl signedData QURX_IN990111NL_01_signedData.xml
  • 5. signedData X.509 Strong Authentication message id nonce unieke indentificatie van bericht (if duplicate removal has already taken place) notBefore & notAfter time to live security semantics can expire time to store & check nonce addressedParty replay against other receivers Koppeling met bericht BSN voor patiëntgerelateerde berichten Trigger Event Id versieonafhankelijk, itt. InteractionId
  • 8. Whitespace eruit signedData QURX_IN990111NL_01_signedData.xml remove- whitespace- between- elements.xsl signedData QURX_IN990111NL_01_signedData.xml
  • 9. Exclusive Canonicalization signedData QURX_IN990111NL_01_signedData.xml excc14n (Oxygen gebruikt) signedData excc14n signedData_ excc14n.xml
  • 11. Exclusive Canonicalization Dubbele quotes ipv. enkele Namespace declaraties vóór attributen Namespaces alfabetisch rangschikken Linefeed, geen carriage return of CR/LF Geen Byte Order Mark UTF-8
  • 12. Signed Info element signedData excc14n signedData_ excc14n.xml bits SignedInfo template SHA1 hash wsu Id 160 bits maken SignedInfo Base64 karakters SignedInfo SignedInfo.xml
  • 13. SHA: Cryptographic hash Wikipedia: A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the (cryptographic) hash value, such that an accidental or intentional change to the data will change the hash value.
  • 14. SHA SHA1 ... SHA256 1995: SHA-1 NSA 2005: zwaktes in SHA-1 ontdekt 2001: SHA-2 (225, 256, 384, 512) 2008 – 12: SHA-3, open competitie SHA-1 input: message maximum (264 − 1) bits output: 160 bits
  • 15. Base 64 UTF-8: niet alle octets zijn toegestaan! Ergo: binaire data kunnen niet zomaar in XML / UTF-8 Oplossing: bits -> karakters RFC2045 (MIME) alfabet: [A-Z][a-z][0-9]+/
  • 16. SHA + Base64 Input (bits) SHA1 (160 bits) 4vBP5K5M5llABaWYzxCrKIdjS2I= Base 64
  • 18. RSA with SHA SignedInfo (exc c14n) private key bits SHA1 hash 400 bits RSA 160 bits 408 bits ASN.1 DER formaat Base64 3021300906 052b0e0302 1a05000414 karakters 3031300d06 0960864801 6503040201 05000420 SignatureValue SHA 256 -> 464 bits
  • 19. Sender Receiver “Hello world” “Hello world” SHA-1 hash: 5llABaWYz xCrKIdjS... Public key: MIICHzCCAY ygAwIBAgI..... OK Private key: shhhh..... RSA sig value: c9fVK7vYAdv s2DRZVtS... RSA sig value: c9fVK7vYAdv s2DRZVtS...
  • 20.
  • 21. Security Services (X.800) Authentication Authorization Data Confidentiality Data Integrity Non-repudiation
  • 24. SOAP bericht signedData SignedInfo SignatureValue Certificaat verwijzing QURX_ EX990011NL Header maken Header maken authentication Tokens wss:Security Bericht maken SOAP bericht
  • 26.
  • 27. Transformatie XML 2 SignedData Verstrekkings- Lijstquery QURX_IN990111NL_01.xml signedData.xsl signedData QURX_IN990111NL_01_signedData.xml
  • 28. Whitespace eruit signedData QURX_IN990111NL_01_signedData.xml remove- whitespace- between- elements.xsl signedData QURX_IN990111NL_01_signedData.xml
  • 29. Exclusive Canonicalization signedData QURX_IN990111NL_01_signedData.xml excc14n (Oxygen gebruikt) signedData excc14n signedData_ excc14n.xml
  • 30. Signed Info element signedData excc14n signedData_ excc14n.xml bits SignedInfo template SHA1 hash wsu Id 160 bits maken SignedInfo Base64 karakters SignedInfo SignedInfo.xml
  • 31. RSA with SHA SignedInfo (exc c14n) private key bits SHA1 hash 400 bits RSA 160 bits 160 bits ASN.1 DER formaat Base64 3021300906 052b0e0302 1a05000414 karakters 3031300d06 0960864801 6503040201 05000420 SignatureValue SHA 256 -> 464 bits
  • 32. SOAP bericht signedData SignedInfo SignatureValue Certificaat verwijzing QURX_ EX990011NL Header maken Header maken authentication Tokens wss:Security Bericht maken SOAP bericht
  • 33. Tokenauthenticatie smartcard met private key Certificaat QURX_ EX990011NL token maken SignedInfo maken RSA / SHA sig maken signedData SignedInfo SignatureValue Bericht maken SOAP bericht