XML Digital Signatures

1
XML Digital Signatures

• Paul Flynn
• 12 Oct 05

2
Overview

• Basics
• Enveloping Signature
• Enveloped Signature
• Detached Signature
• Signature Parts
• APIs Sample
• References

3
Basics

• XML Signatures can be applied to any type of
  data. XML or binary
• Resulting signature is in XML
• W3C Recommendation 12 February 2002

4
Enveloped Signature - The signature is placed as
an element of the signed document
5
Enveloping Signature - The document is placed
inside of the signature as a block element
6
Detached Signature - The signature signs some
external document. This is what to use for binary
docs
7
Parts of a signature
8
CanonicalizationMethod Defines the algorithm
used to canonicalize the SignedInfo element
These are the same lta foo'yes' boo"no"/gt lta
boo"no" foo"yes" gtlt/agt
9
SignatureMethod Defines the signature algorithm
used to generate the signature
10
Reference identifies the data to be
digested. indicates the root Any valid URI can
be used Can have more than 1 Reference
11
Transforms Defines the preprocessing
transformations to use before digesting
12
DigestMethod Defines the digest method to use
13
DigestValue The actual digested value of the
reference
14
SignatureValue The actual BASE64 signature of
the SignedInfo
15
KeyInfo Optional info about the key needed to
validate the signature
16
Java API
17
(No Transcript)
18
References

• Java WSDP
• http//java.sun.com/webservices/docs/1.6/xmldsig/i
  ndex.html
• W3C XML-Signature Syntax
• http//www.w3.org/TR/xmldsig-core/
• An Introduction to XML Digital Signatures
• http//www.xml.com/pub/a/2001/08/08/xmldsig.html
• MSDN Understanding XML Digital Signature
• http//msdn.microsoft.com/library/default.asp?url
  /library/en-us/dnwebsrv/html/underxmldigsig.asp