XML Encryption and Authentication - PowerPoint PPT Presentation

About This Presentation
Title:

XML Encryption and Authentication

Description:

Protection of data from being accessed by unauthorized parties. Existing Tools/Technologies ... Encrypt the data and prepend any appropriate initialization vector (IV) ... – PowerPoint PPT presentation

Number of Views:113
Avg rating:3.0/5.0
Slides: 43
Provided by: cdata9
Category:

less

Transcript and Presenter's Notes

Title: XML Encryption and Authentication


1
XML EncryptionandAuthentication
  • March 30, 2006
  • Robert Richards

2
Digital Signatures and Encryption
  • Canonicalization
  • A standard form of data
  • Digital Signatures
  • Provides proof of identity and authenticity which
    the sender cannot deny.
  • Encryption
  • Protection of data from being accessed by
    unauthorized parties.

3
Existing Tools/Technologies
  • Secure Sockets Layer (SSL)
  • Transport Layer Security (TLS)
  • Pretty Good Privacy (PGP)
  • GNU Privacy Guard (GnuPG)
  • OpenPGP
  • S/MIME
  • x.509

4
XML Security Standards
  • Canonical XML
  • http//www.w3.org/TR/xml-c14n/
  • Exclusive XML Canonicalization
  • http//www.w3.org/TR/xml-exc-c14n/
  • XML Signature
  • http//www.w3.org/TR/xmldsig-core/
  • XML Encryption
  • http//www.w3.org/TR/xmlenc-core/
  • XML Key Management
  • http//www.w3.org/TR/xkms2/

5
Transmitting Data Over SSL/TLS
6
Encrypted Document using GPG
  • -----BEGIN PGP MESSAGE-----
  • Version GnuPG v1.2.4 (GNU/Linux)
  • hQEOA0vM7Sf46MPAEAP/ajYbYuhRB7E8tbg1HpG0g3Ez1io/mn
    5amGlPJcsjR0T2
  • VrWGcJZjriUCqTEeRbAKMcvtI/RRLdhE0f9xGtFpmKTBFfYPQ/
    Jh0Nhzdjcfaz
  • scY9vkWvIRopvYnxXnso6OXHoNBGDcYNcCing/I7Vl/Mr6fgG
    4wwqGbhYVKwAD
  • /A/9Vwq6K6HcHpA2BdCbXfC2lwFgxEQmTolSK47PNM3kNb6X6U
    DTsB2rCJcVHG1O
  • 7VmNhRlZfM00q79C9MelmTb4dSbr9BXImFBvKXbIImCEOAzok
    j0rC9ntTnSFsJr
  • XcxjS/SyJ9TjEOfs44LHCEjXCs10jsS7nW44dabOMy/0sByAa
    sUfuRnUOAafoEw
  • 7PraKOgPolCS8EkHik1Zt3KsjPWBcDRHCWRBTtzJPqAcEMX0o
    L3DX2AiAnl5QUz
  • M1pCv4eG5tE4u2tkPmywG2jrJSQH7sa2/5zwonaMSH5F/N3rH
    k8LAswqEJkl/j
  • BJOUBcH8A/sG9hOH3DOHixMTDkOVb3tYXASGUVqmR9AQU3/14
    Oc8wMGw6GXb
  • MxuNs6gtZIdF2dRiluEXvR41ytRR08HIwhi0VTRtF1gFoqLWK
    3J7De8Bbqejx9D
  • YvQKr4xgKGkrSdTQyBldvoVdRJ/7ZFLVdQyrVJlFABeli87QkW
    fMtO8exr7raEvp
  • Jhac1qWC87xpDZHfv0yatSKYt8NxvwoXx9Kk1jx046sBQC
    jO26P/feplHOB
  • mvEm/p1m
  • 6HEC
  • -----END PGP MESSAGE-----

7
Benefits of XML Security Standards
  • XML is a structured format
  • Allows for secure storage of documents
  • Leverages existing technologies
  • Provides granularity

8
XML Canonicalization
  • A standard serialization of an XML document or
    XPath node set

ltdata a"1" b"2" c"3"/gt ltdata b"2" c"3"
a"1"/gt ltdata c"3" a"1" b"2"gtlt/datagt ltdata
c"3" a"1" b"2"gtlt/datagt ltdata
a"1" b"2" c"3"gtlt/datagt
9
Canonical XML (C14N)
  • The document is encoded in UTF-8
  • Line breaks normalized to xA (linefeed) on
    input, before parsing
  • The XML declaration and DTD are removed
  • Empty elements are converted to start-end tag
    pairs
  • Whitespace outside of the document element and
    within start and end tags is normalized
  • Attribute value delimiters are set to double
    quotes
  • Superfluous namespace declarations are removed
    from each element
  • Lexicographic order is imposed on the namespace
    declarations and attributes of each element

10
Canonical XML Example 1
lt?xml version"1.0" encoding"UTF-8"?gt lt?xml-style
sheet href"doc.xsl" type"text/xsl" ?gt lt!--
Comment --gt ltdocgt lte1 aattr'out'
battr'sorted' attr2'all' attr"I'm"
xmlnsb'http//www.ietf.org' xmlnsa"http//www.
w3.org" xmlns"http//example.org"/gt lte2
xmlns"" xmlnsa"http//www.w3.org"gt lte3
xmlns"" xmlnsa"http//www.w3.org"/gt
lt/e2gt lt/docgt
Canonical Form of Document (uncommented)
lt?xml-stylesheet href"doc.xsl" type"text/xsl"
?gt ltdocgt lte1 xmlns"http//example.org"
xmlnsa"http//www.w3.org" xmlnsb"http//www.ie
tf.org" attr"I'm" attr2"all" battr"sorted"
aattr"out"gtlt/e1gt lte2 xmlnsa"http//www.w3.o
rg"gt lte3gtlt/e3gt lt/e2gt lt/docgt
11
Canonical XML Example 1
lt?xml version"1.0" encoding"UTF-8"?gt lt?xml-style
sheet href"doc.xsl" type"text/xsl" ?gt lt!--
Comment --gt ltdocgt lte1 aattr'out'
battr'sorted' attr2'all' attr"I'm"
xmlnsb'http//www.ietf.org' xmlnsa"http//www.
w3.org" xmlns"http//example.org"/gt lte2
xmlns"" xmlnsa"http//www.w3.org"gt lte3
xmlns"" xmlnsa"http//www.w3.org"/gt
lt/e2gt lt/docgt
Canonical Form of Document (uncommented)
lt?xml-stylesheet href"doc.xsl" type"text/xsl"
?gt ltdocgt lte1 xmlns"http//example.org"
xmlnsa"http//www.w3.org" xmlnsb"http//www.ie
tf.org" attr"I'm" attr2"all" battr"sorted"
aattr"out"gtlt/e1gt lte2 xmlnsa"http//www.w3.o
rg"gt lte3gtlt/e3gt lt/e2gt lt/docgt
12
Canonical XML Example 1
lt?xml version"1.0" encoding"UTF-8"?gt lt?xml-style
sheet href"doc.xsl" type"text/xsl" ?gt lt!--
Comment --gt ltdocgt lte1 aattr'out'
battr'sorted' attr2'all' attr"I'm"
xmlnsb'http//www.ietf.org' xmlnsa"http//www.
w3.org" xmlns"http//example.org"/gt lte2
xmlns"" xmlnsa"http//www.w3.org"gt lte3
xmlns"" xmlnsa"http//www.w3.org"/gt
lt/e2gt lt/docgt
Canonical Form of Document (uncommented)
lt?xml-stylesheet href"doc.xsl" type"text/xsl"
?gt ltdocgt lte1 xmlns"http//example.org"
xmlnsa"http//www.w3.org" xmlnsb"http//www.ie
tf.org" attr"I'm" attr2"all" battr"sorted"
aattr"out"gtlt/e1gt lte2 xmlnsa"http//www.w3.o
rg"gt lte3gtlt/e3gt lt/e2gt lt/docgt
13
Canonical XML Example 1
lt?xml version"1.0" encoding"UTF-8"?gt lt?xml-style
sheet href"doc.xsl" type"text/xsl" ?gt lt!--
Comment --gt ltdocgt lte1 aattr'out'
battr'sorted' attr2'all' attr"I'm"
xmlnsb'http//www.ietf.org' xmlnsa"http//www.
w3.org" xmlns"http//example.org"/gt lte2
xmlns"" xmlnsa"http//www.w3.org"gt lte3
xmlns"" xmlnsa"http//www.w3.org"/gt
lt/e2gt lt/docgt
Canonical Form of Document (uncommented)
lt?xml-stylesheet href"doc.xsl" type"text/xsl"
?gt ltdocgt lte1 xmlns"http//example.org"
xmlnsa"http//www.w3.org" xmlnsb"http//www.ie
tf.org" attr"I'm" attr2"all" battr"sorted"
aattr"out"gtlt/e1gt lte2 xmlnsa"http//www.w3.o
rg"gt lte3gtlt/e3gt lt/e2gt lt/docgt
14
Canonical XML Example 2
lt?xml version"1.0" encoding"UTF-8"?gt ltdoc
xmlnsd"http//www.example.org/d"
xmlnsc"http//www.example.org/c"gt lte1
aattr"out" battr"sorted" attr2"all"
attr"I'm" xmlnsb"http//www.ietf.org"
xmlnsa"http//www.w3.org"
xmlns"http//example.org"/gt ltde2 xmlns""
xmlnsa"http//www.w3.org"gt lte3 xmlns""
xmlnsa"http//www.w3.org"/gt lt/de2gt lt/docgt
Canonical Form of Nodeset (uncommented) (//.
//_at_ //namespace)ancestor-or-selfde2
ltde2 xmlnsa"http//www.w3.org"
xmlnsc"http//www.example.org/c"
xmlnsd"http//www.example.org/d"gt
lte3gtlt/e3gt lt/de2gt
15
Canonical XML Example 2
lt?xml version"1.0" encoding"UTF-8"?gt ltdoc
xmlnsd"http//www.example.org/d"
xmlnsc"http//www.example.org/c"gt lte1
aattr"out" battr"sorted" attr2"all"
attr"I'm" xmlnsb"http//www.ietf.org"
xmlnsa"http//www.w3.org"
xmlns"http//example.org"/gt ltde2 xmlns""
xmlnsa"http//www.w3.org"gt lte3 xmlns""
xmlnsa"http//www.w3.org"/gt lt/de2gt lt/docgt
Canonical Form of Nodeset (uncommented) (//.
//_at_ //namespace)ancestor-or-selfde2
ltde2 xmlnsa"http//www.w3.org"
xmlnsc"http//www.example.org/c"
xmlnsd"http//www.example.org/d"gt
lte3gtlt/e3gt lt/de2gt
16
Canonical XML Example 2
lt?xml version"1.0" encoding"UTF-8"?gt ltdoc
xmlnsd"http//www.example.org/d"
xmlnsc"http//www.example.org/c"gt lte1
aattr"out" battr"sorted" attr2"all"
attr"I'm" xmlnsb"http//www.ietf.org"
xmlnsa"http//www.w3.org"
xmlns"http//example.org"/gt ltde2 xmlns""
xmlnsa"http//www.w3.org"gt lte3 xmlns""
xmlnsa"http//www.w3.org"/gt lt/de2gt lt/docgt
Canonical Form of Nodeset (uncommented) (//.
//_at_ //namespace)ancestor-or-selfde2
ltde2 xmlnsa"http//www.w3.org"
xmlnsc"http//www.example.org/c"
xmlnsd"http//www.example.org/d"gt
lte3gtlt/e3gt lt/de2gt
17
Problem with Re-Enveloping
  • ltde2 xmlnsd"http//www.example.org/d"gtcontentlt/
    de2gt
  • lt!-- Document wrapped within ns0e1 element --gt
  • ltns0e1 xmlnsns0"www.example.org/ns0"gt
  • ltde2 xmlnsd"http//www.example.org/d"gtconten
    tlt/de2gt
  • lt/ns0e1gt
  • lt!-- Canonical Form --gt
  • ltde2 xmlnsd"http//www.example.org/d"
  • xmlnsns0"www.example.org/ns0"gtcontentlt
    /de2gt
  • lt!-- Document wrapped within ns1e1 element --gt
  • ltns1e1 xmlnsns0"www.example.org/ns1"gt
  • ltde2 xmlnsd"http//www.example.org/d"gtconten
    tlt/de2gt
  • lt/ns1e1gt
  • lt!-- Canonical Form --gt
  • ltde2 xmlnsd"http//www.example.org/d"
  • xmlnsns1"www.example.org/ns1"gtcontentlt
    /de2gt

18
Exclusive XML Canonicalization
  • Follows the same rules as Canonical XML, except
  • Attributes in the xml namespace are not imported
    into orphan nodes
  • Namespaces not specially told to be added are
    only added on the starting element for which they
    are visible and not currently in scope within the
    output.

19
Re-Enveloping using Exclusive
  • ltde2 xmlnsd"http//www.example.org/d"gtcontentlt/
    de2gt
  • lt!-- Document wrapped within ns0e1 element --gt
  • ltns0e1 xmlnsns0"www.example.org/ns0"gt
  • ltde2 xmlnsd"http//www.example.org/d"gtconten
    tlt/de2gt
  • lt/ns0e1gt
  • lt!-- Canonical Form --gt
  • ltde2 xmlnsd"http//www.example.org/d"gtcontentlt/
    de2gt
  • lt!-- Document wrapped within ns1e1 element --gt
  • ltns1e1 xmlnsns0"www.example.org/ns1"gt
  • ltde2 xmlnsd"http//www.example.org/d"gtconten
    tlt/de2gt
  • lt/ns1e1gt
  • lt!-- Canonical Form --gt
  • ltde2 xmlnsd"http//www.example.org/d"gtcontentlt/
    de2gt

20
Exclusive Canonical XML Example
lt?xml version"1.0" encoding"UTF-8"?gt ltdoc
xmlnsd"http//www.example.org/d"
xmlnsc"http//www.example.org/c"gt lte1
aattr"out" battr"sorted" attr2"all"
attr"I'm" xmlnsb"http//www.ietf.org"
xmlnsa"http//www.w3.org"
xmlns"http//example.org"/gt ltde2 xmlns""
xmlnsa"http//www.w3.org"gt lte3 xmlns""
xmlnsa"http//www.w3.org"/gt lt/de2gt lt/docgt
Exclusive Canonical Form of Nodeset
(uncommented) (//. //_at_ //namespace)ancest
or-or-selfde2
ltde2 xmlnsd"http//www.example.org/d"gt
lte3gtlt/e3gt lt/de2gt
21
XML Digital Signature (XMLDSIG)
  • Insure that a message has not been altered or
    tampered with. (integrity)
  • Protection against attacks that alter a message
    but maintain integrity. (message authentication)
  • Provide a means for message auditing so that
    messages may not be repudiated. (signer
    authenticity)

22
XML Signature Types of Signatures
  • Enveloping Signature
  • Data lives within the XML Signature structure
  • Good for signing data being packaged within an
    XML payload
  • Enveloped Signature
  • Data lives outside of and contains the XML
    Signature structure
  • Good for signing an entire XML document
  • Detached Signature
  • Data lives outside and DOES NOT contain the XML
    Signature structure
  • Data may reside at a remote location addressable
    by URI

23
Enveloping Signature
  • lt?xml version"1.0"?gt
  • ltSignature xmlns"http//www.w3.org/2000/09/xmldsi
    g"gt
  • ltSignedInfogt
  • ltCanonicalizationMethod
  • Algorithm"http//www.w3.org/TR/
    2001/REC-xml-c14n-20010315"/gt
  • ltSignatureMethod
  • Algorithm"http//www.w3.org/2000
    /09/xmldsighmac-sha1"/gt
  • ltReference URI"myobj"gt
  • ltDigestMethod Algorithm"http//www.w3.org/2
    000/09/xmldsigsha1"/gt
  • ltDigestValuegtC2g9BLcGyGPCVKuF2byR1Ym6pElt/D
    igestValuegt
  • lt/Referencegt
  • lt/SignedInfogt
  • ltSignatureValuegtR/XEOHDvR/jbmmpiuH4ZcRqC6clt/S
    ignatureValuegt
  • ltObject Id"myobj"gtHello World!lt/Objectgt
  • lt/Signaturegt

24
Enveloped Signature
  • lt?xml version"1.0"?gt
  • ltEnvelopegt
  • ltDatagtcontentlt/Datagt
  • ltSignature xmlns"http//www.w3.org/2000/09/xmldsi
    g"gt
  • ltSignedInfogt
  • ltCanonicalizationMethod
  • Algorithm"http//www
    .w3.org/2001/10/xml-exc-c14n"/gt
  • ltSignatureMethod
  • Algorithm"http//www.
    w3.org/2000/09/xmldsighmac-sha1"/gt
  • ltReferencegt
  • ltTransformsgt
  • ltTransform
  • Algorithm"http//www.w3.org/2000/09
    /xmldsigenveloped-signature"/gt
  • lt/Transformsgt
  • ltDigestMethod Algorithm"http//www.w3.org/2
    000/09/xmldsigsha1"/gt
  • ltDigestValuegtMMMkB0ZPp82XrUvJMFqDIEuXy0olt/D
    igestValuegt
  • lt/Referencegt
  • lt/SignedInfogt
  • ltSignatureValuegtmVPvfcVSXi9elKLIcSCAzD4Jbklt/Si
    gnatureValuegt

25
Detached Signature
  • lt?xml version"1.0"?gt
  • ltSignature xmlns"http//www.w3.org/2000/09/xmldsi
    g"gt
  • ltSignedInfogt
  • ltCanonicalizationMethod
  • Algorithm"http//www.w3.org/
    2001/10/xml-exc-c14n"/gt
  • ltSignatureMethod
  • Algorithm"http//www.w3.org/
    2000/09/xmldsighmac-sha1"/gt
  • ltReference URI"http//www.ctindustries.net/te
    xt.txt"gt
  • ltDigestMethod Algorithm"http//www.w3.org/2
    000/09/xmldsigsha1"/gt
  • ltDigestValuegtoLZZOWcLwsAQ9NXWoLPk5FkPuSslt/D
    igestValuegt
  • lt/Referencegt
  • lt/SignedInfogt
  • ltSignatureValuegtO9ykpFMXmkddzJ3CySrpzHBUW/Qlt/Sign
    atureValuegt
  • lt/Signaturegt

26
XML Signature Example
Hello World!
Resulting Enveloping Signature
  • lt?xml version"1.0"?gt
  • ltSignature xmlns"http//www.w3.org/2000/09/xmldsi
    g"gt
  • ltSignedInfogt
  • ltCanonicalizationMethod
  • Algorithm"http//www.w3.org/TR/
    2001/REC-xml-c14n-20010315"/gt
  • ltSignatureMethod
  • Algorithm"http//www.w3.org/2000
    /09/xmldsighmac-sha1"/gt
  • ltReference URI"myobj"gt
  • ltDigestMethod Algorithm"http//www.w3.org/2
    000/09/xmldsigsha1"/gt
  • ltDigestValuegtC2g9BLcGyGPCVKuF2byR1Ym6pElt/D
    igestValuegt
  • lt/Referencegt
  • lt/SignedInfogt
  • ltSignatureValuegtR/XEOHDvR/jbmmpiuH4ZcRqC6clt/S
    ignatureValuegt
  • ltObject Id"myobj"gtHello World!lt/Objectgt
  • lt/Signaturegt

27
XML Signature Generation
  1. Apply any transforms to the data
  2. Calculate the digest value
  3. Create the Reference Element
  4. Create SignedInfo element with SignatureMethod,
    CanonicalizationMethod and Reference elements
  5. Canonicalize the SignedInfo element
  6. Calculate the SignatureValue over the
    canonicalized SignedInfo based the
    SignatureMethod
  7. Assemble the Signature element

28
XML Signature Validation
  • Obtain the verification keying information.
  • Apply the CanonicalizationMethod to the
    SignedInfo element.
  • Verify the SignatureValue using the canonical
    form of the SignatureMethod.
  • For each Reference element within SignedInfo
  • Obtain the data to be digested.
  • Digest the data using the DigestMethod within its
    Referece element.
  • Compare the computed value to that of the
    un-encoded value from the DigestValue element.

29
XML Encryption (XMLENC)
  • Encrypted data is maintained.
  • All information needed to decrypt a document is
    contained within the document.
  • Session can be secured on the document level and
    shared between multiple parties.
  • Sensitive data is easily interchanged between
    applications.

30
XML Encryption Example
ltpaymentgt ltorder_numbergt1001lt/order_numbergt
ltcustomergtJoe Smithlt/customergt ltcreditcardgt
ltnumbergt4111 1111 1111 1111lt/numbergt
ltexpiration_monthgt01lt/expiration_monthgt
ltexpiration_yeargt2007lt/expiration_yeargt
ltccv2gt123lt/ccv2gt lt/creditcardgt lt/paymentgt
31
XML Encryption ExampleElement with Shared Secret
Key
lt?xml version"1.0"?gt ltpaymentgt
ltorder_numbergt1001lt/order_numbergt
ltcustomergtJoe Smithlt/customergt ltEncryptedData
xmlns"http//www.w3.org/2001/04/xmlenc"
Type"http//www.w3.org/2001/
04/xmlencElement"gt ltEncryptionMethod
Algorithm"http//www.w3.org/200
1/04/xmlenctripledes-cbc"/gt ltCipherDatagt
ltCipherValuegtC5X1I65RCXlt/CipherValuegt
lt/CipherDatagt lt/EncryptedDatagt lt/paymentgt
32
XML Encryption ExampleElement Content with
Shared Secret Key
lt?xml version"1.0"?gt ltpaymentgt
ltorder_numbergt1001lt/order_numbergt
ltcustomergtJoe Smithlt/customergt
ltcreditcardgtltEncryptedData
xmlns"http//www.w3.org/2001/04/xmlenc"
Type"http//www.w3.org
/2001/04/xmlencContent"gt
ltEncryptionMethod
Algorithm"http//www.w3.org/2001/04/xmlenctriple
des-cbc"/gt ltCipherDatagt
ltCipherValuegtC5X1I65RCXlt/CipherValuegt
lt/CipherDatagt lt/EncryptedDatagtlt/creditcardgt lt/p
aymentgt
33
XML Encryption ExampleArbitrary Data with Shared
Secret Key
lt?xml version'1.0'?gt ltEncryptedData
xmlns'http//www.w3.org/2001/04/xmlenc'
xmlnsds'http//www.w3.org/2000/09/xmldsig
' MimeType'text/xml'gt
ltCipherDatagt ltCipherValuegt...C5X1I65RCX...lt/Ci
pherValuegt lt/CipherDatagt lt/EncryptedDatagt
34
XML Encryption ExampleUnsupported
lt?xml version"1.0"?gt ltpaymentgt
ltorder_numbergt1001lt/order_numbergt
ltcustomergtJoe Smithlt/customergt ltEncryptedData
xmlns"http//www.w3.org/2001/04/xmlenc"
Type"http//www.w3.org/2001/
04/xmlencElement"gt ltEncryptionMethod
Algorithm"http//www.w3.org/20
01/04/xmlenctripledes-cbc"/gt ltKeyInfo
xmlns"http//www.w3.org/2000/09/xmldsig"gt
ltKeyNamegtmcryptivlt/KeyNamegt
ltKeyValuegtw1Uy6MvHZNYlt/KeyValuegt
lt/KeyInfogt ltCipherDatagt
ltCipherValuegtF541I65RCXlt/CipherValuegt
lt/CipherDatagt lt/EncryptedDatagt lt/paymentgt
35
XML Encryption Encrypting
  • Select the algorithm (and parameters) to use in
    encrypting the item.
  • Obtain the key and create dsKeyInfo if necessary
  • Encrypt the data and prepend any appropriate
    initialization vector (IV).
  • Build CipherData element
  • If to be stored within CipherValue element, then
    encrypted data is base64 encoded.
  • If encrypted data is external, then create
    CipherReference with URI and any transforms.
  • Build EncryptedData or EncryptedKey structure

36
XML Encryption Decrypting
  • Determine encryption algorithm and parameters.
  • Obtain the decryption key information.
  • Obtain the data to decrypt.
  • If CipherData has a CipherValue child then
    base-64 decode its contents.
  • If CipherData has a CipherReference child,
    retrieve the data and apply any Transforms.
  • Depending upon algorithm and parameters, strip
    any IV from the data to use for decryption.
  • Decrypt the cipher data with the encryption
    algorithm, parameters, and keying material.

37
Signing and Encrypting
  • Sign and then Encrypt
  • Provides signature protection
  • Allows for encryption algorithm to be changed
    without affecting signature
  • Incurs additional overhead as you must decrypt
    before you can verify
  • Encrypt and then Sign
  • Immediately know if data has been tampered with
  • Document can no longer be shared with other
    parties without revealing decryption key
  • Sender identity is revealed

38
XML Signature in WS-Security
  • ltenvEnvelope xmlnsenv"http//www.w3.org/2001/12
    /soap-envelope"gt
  • ltenvHeadergt
  • ltwsseSecurity xmlnswsse"http//schemas.xm
    lsoap.org/ws/2002/04/secext"gt
  • ltdsigSignature xmlnsdsig"http//www.w3
    .org/2000/09/xmldsig"gt
  • ltdsigSignedInfogt
  • ltdsigCanonicalizationMethod
  • Algorithm"http//www.w3.
    org/2001/10/xml-exc-c14n"/gt
  • ltdsigSignatureMethod
  • Algorithm"http//www.w3.
    org/2000/09/xmldsigrsa-sha1"/gt
  • ltdsigReference URI""gt
  • ltdsigTransformsgt
    lt/dsigTransformsgt
  • ltDigestMethod Algorithm
    "http//www.w3.org/2001/04/xmldsig-moremd5"/gt
  • ltDigestValuegtqZkNkcGgWq6PiVxeFDCb
    Jlt/DigestValuegt
  • lt/dsigReferencegt
  • lt/dsigSignedInfogt
  • ltdsigSignatureValuegtltdsigSignatureVa
    luegt
  • ltdsigKeyInfogt...lt/dsigKeyInfogt
  • lt/dsigSignaturegt
  • lt/wsseSecuritygt

39
XML Encryption in WS-Security
  • ltenvEnvelope
  • xmlnsenv"http//www.w3.org/2001/12/soap-en
    velope"
  • xmlnsxenc"http//www.w3.org/2001/04/xmlenc
    "gt
  • ltenvHeadergt
  • ltwsseSecurity
  • xmlnswsse"http//schemas.xml
    soap.org/ws/2002/04/secext"gt
  • ltxencReferenceListgt
  • ltxencDataReference
    URI"encryptedID"/gt
  • lt/xencReferenceListgt
  • lt/wsseSecuritygt
  • lt/envHeadergt
  • ltenvBodygt
  • ltxencEncryptedData Id"encryptedID"gt
  • ltxencCipherDatagt
  • ltxencCipherValuegt...lt/xencCipherValu
    egt
  • lt/xencCipherDatagt
  • lt/xencEncryptedDatagt
  • lt/envBodygt
  • lt/envEnvelopegt

40
Questions?
41
XML Signature using Digital Certificate
  • ltEnvelope xmlns"urnenvelope"gt
  • ltDatagt
  • Hello, World!
  • lt/Datagt
  • ltSignature xmlns"http//www.w3.org/2000/09/xmldsi
    g"gt
  • ltSignedInfogt
  • ltCanonicalizationMethod Algorithm"http//www.w3.o
    rg/2001/10/xml-exc-c14n"/gt
  • ltSignatureMethod Algorithm"http//www.w3.org/2000
    /09/xmldsigrsa-sha1"/gt
  • ltReferencegt
  • ltTransformsgt
  • ltTransform Algorithm"http//www.w3.org/2000/09/xm
    ldsigenveloped-signature"/gt
  • lt/Transformsgt
  • ltDigestMethod Algorithm"http//www.w3.org/2000/09
    /xmldsigsha1"/gt
  • ltDigestValuegtHjY8ilZAIEM2tBbPn5mYO1ieIX4lt/DigestV
    aluegt
  • lt/Referencegt
  • lt/SignedInfogt
  • ltSignatureValuegtSIaj/6KY3C . . .lt/SignatureValuegt
  • ltKeyInfogt
  • ltX509Datagt

42
XML Encryption w/ Digital Certificate
  • ltEncryptedData xmlns"http//www.w3.org/2001/04/xm
    lenc"
  • Type"http//www.w3.org
    /2001/04/xmlencElement"gt
  • ltEncryptionMethod
  • Algorithm"http//www.w3.org/2001/04/xml
    enctripledes-cbc"/gt
  • ltKeyInfo xmlns"http//www.w3.org/2000/09/xmldsig
    "gt
  • ltEncryptedKey xmlns"http//www.w3.org/2001/04/xm
    lenc"gt
  • ltEncryptionMethod Algorithm"http//www.w3.org/
    2001/04/xmlencrsa-oaep-mgf1p"/gt
  • ltKeyInfo xmlns"http//www.w3.org/2000/09/xmlds
    ig"gt
  • ltKeyNamegtrsakey.pemlt/KeyNamegt
  • lt/KeyInfogt
  • ltCipherDatagt
  • ltCipherValuegtIPiEu9NvEsGyvV . .
    .lt/CipherValuegt
  • lt/CipherDatagt
  • lt/EncryptedKeygt
  • lt/KeyInfogt
  • ltCipherDatagt
  • ltCipherValuegtxrfPSABEI8 . . .lt/CipherValuegt
  • lt/CipherDatagt
  • lt/EncryptedDatagt
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "XML Encryption and Authentication" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!