2. XML Security
• Integrity and non-repudiation
XML Signature by W3C
http://www.w3.org/TR/xmldsig-core/
• Confidentiality of XML documents
XML Encryption by W3C
http://www.w3.org/TR/xmlenc-core/
3. XML-Signature
• A joint standard by IETF and W3C for digitally
signing all of an XML document, part of an XML
document or even an external object.
• XML Signature applies to any resource
addressable by an URI – including non-xml
content.
• First security standard to reach recommendation
status
• WS-Security, XKMS, SAML all depend on XML
Signature
8. XML-Signature - Enveloping
- Wraps item that is being signed within the
<Signature> element
- <Reference> element points to an element
within the <Signature> element
Signature
14. XML-Signature - Detached
- Points to an XML element or binary file out
side the <Signature> elements hierarchy
- <Reference> element points neither a child nor
a parent
- Can point to an element within the same
document or to another resource completely
outside the current XML document.
Signature
21. <CanonicalizationMethod />
XML syntax permits a number of options
(e.g., which form of empty elements to
use, whether to use single or double quotes for
attribute values, the order of attributes in a start
tag, places where white space is considered
insignificant, etc.), it is quite easy to create
documents that are physically different and yet
logically equivalent.
22. <CanonicalizationMethod />
The purpose of Canonical XML is to define an
algorithm by which a particular physical
representation of an XML document can be
reliably and repeatedly reduced to its canonical
(simplest) form. When the same algorithm is
applied to physically different representations to
produce their canonical forms, documents can be
compared at this logical level.
24. <CanonicalizationMethod />
The Canonical XML is used for XML where
the context doesn't change while the
Exclusive XML was designed for
canonicalization where the context might
change.
40. <Transforms/>
- <Transforms/> receive the results of
dereferencing the <Reference URI=“”> and
alter the result in some way.
- A simple <Transform> can be an Xpath
statement that causes the signature to apply
only to a part of an XML document.
- Multiple transforms can appear under a
<Reference> working in a pipe-line fashion.
- <Transform Algorithm=“” />
41. QUESTION 9
What is the difference between
CanonicalizationMethod and the Transforms ?
43. <Transforms/>
Canonicalization
- Normalize the XML, so that regardless of
physical inconsistencies, two logically
equivalent XML documents will become
physically bit to bit to equivalent.
<Order>
<Items>
<Order>
<Items>
<item number=100></item>
<item number=101></item>
</Items>
</Order>
<item number=100/>
<item number=101/>
</Items>
</Order>
46. <Transforms/>
Enveloped Signature Transform
- Commonly used in Enveloped Signatures where the parent
element is to be signed.
- Need to remove the Signature element from the element
being signed before validation.
http://www.w3.org/2000/09/xmldsig#enveloped-signature
47. QUESTION 10
Provide an example for Enveloped Signature
Transformation and explain why its needed?
48. <Transforms/>
XSLT Transform
- A good practice is to sign what actually the signer sees.
- Used to sign XML documents when an XSL is involved.
- http://www.w3.org/TR/1999/REC-xslt-19991116
50. <DigestMethod/>
- Algorithm to calculate the digest of the
element/resource pointed by the <Reference URI=“”>
- <DigestMethod
Algorithm=http://www.w3.org/2000/09/xmldsig#sha
1 />
64. <RetrievalMethod/>
- Used to reference a key that is stored in a separate location.
- If multiple signatures use the same key, we can keep the
KeyInfo structure in a standalone element with a unique ID
and refer to using <RetrievalMethod/> of each <Signature>
- Either or both the ds:KeyName and RetrievalMethod could be
used to identify the same key.
<KeyInfo>
<RetrievalMethod URI='#EK' "/>
<KeyName>Sally Doe</KeyName>
<KeyInfo>
66. <X509Data/>
- Provides either an identifier to look to look up
an X509 certificate or the X509 certificate it
self.
- A certificate chain can also be contained in
X509Data
72. <Object/>
- Can put anything you want.
- Typically includes one of the following three
1. XML fragment or a base-64 encoded binary
object – Enveloping Signature
2. A <Manifest> element
3. A <SignatureProperties> element
74. <Manifest/>
- Contains a list of references
- <Reference> elements inside <SignedInfo> element
must be validated in order to accept the signature a
valid one.
- To validate or not to validate <Reference> elements
inside <Manifest> element is up to the developer
decide.
- Developers get more granular control over which
<Reference> mater and which does not.
76. <SignatureProperties/>
Provides a place to put name/value information
about the signature it self.
<Object>
<SignatureProperties>
<SignatureProperty Id=“101” Target=“#100”>
<timestamp xmlns=“”>
<date>….</date>
<time>….</time>
</timestamp>
</SignatureProperty>
</SignatureProperties>
</Object>
79. XML-Signature Ref. Generation
1. Obtain the resource specified by the <Reference
URI=“” >
2. Apply Transforms
3. Calculate the digest for the final output from the
Transform algorithm, using the <DigestMethod>
4. Create the <Reference> element including all it’s sub
elements by populating the <DigestValue>
5. Perform the above actions to all the <Reference>
elements found inside <SignedInfo>
80. XML-Signature Sig. Generation
1. Create the <SignedInfo> element
2. Canonicalize <SignedInfo> element using the
algorithm specified under <CanonicalizationMethod>
3. Create a hash for the out put of the canonicalization
using the <SignatureMethod> specified.
4. Create the <SignatureValue> with the
<SignatureMethod> specified, against the
canonicalized, hashed <SignedInfo>
5. Build the complete <Signature> element
82. XML-Signature Ref. Validation
1. Canonicalize the <SignedInfo> element based
on the <CanonicalizationMethod> element.
2. For each <Reference> element do the following
3. Get the resource pointed out by the
<Reference>
4. Apply Transforms
5. Create a hash using the <DigestMethod>
6. Find the DigestValue and compare it with the
DigestValue returned.
83. XML-Signature Sig. Validation
1. Obtain the key used to sign the message
2. Create a hash of the canonicalized <SignedInfo>
3. Using the verification key decrypt the
<SignatureValue>
4. Compare the value from 3 with value from 2.