xml signature prabath siriwardena director, security architecture

XML Signature

Prabath SiriwardenaDirector, Security Architecture

XML Security• Integrity and non-repudiation

XML Signature by W3C http://www.w3.org/TR/xmldsig-core/

• Confidentiality of XML documents XML Encryption by W3C http://www.w3.org/TR/xmlenc-core/

http://www.w3.org/TR/xmldsig-core/

XML-Signature

• A joint standard by IETF and W3C for digitally signing all of an XML document, part of an XML document or even an external object.

• XML Signature applies to any resource addressable by an URI – including non-xml content.

• First security standard to reach recommendation status

• WS-Security, XKMS, SAML all depend on XML Signature

XML-Signature

• Multiple XML Signatures can be able to exist over the static content of a web resource.

XML-Signature

<Signature xmlns=“…../2000/09/xmldsig#”>

<SignedInfo /> <SignatureValue /> <KeyInfo /> <Object /> </Signature>

QUESTION 1

What do we actually sign with an XML Signature ?

XML-Signature - Types

– Enveloping Signature– Enveloped Signature– Detached Signature

XML-Signature - Enveloping

- Wraps item that is being signed within the <Signature> element

- <Reference> element points to an element within the <Signature> element

Signature

XML-Signature - Enveloping<Signature> <SignedInfo> <Reference URI=“#101” /> </SignedInfo> <SignatureValue>…. </SignatureValue> <KeyInfo>…. </KeyInfo> <Object> <SignedItem id=“101”> …….. </SignedItem> </Object><Signature>

Signature

XML-Signature - Enveloping

Signature

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo>

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></ds:SignatureMethod><ds:Reference URI="#TheFirstObject">

<ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></ds:Transform>

</ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>ipbs0UyafkdRIcfIo9zyZLce+CE=</ds:DigestValue>

</ds:Reference></ds:SignedInfo><ds:SignatureValue>BSChZzMdH1kHVbKL+EyNorZXcEZ9ekL+cf/VW8ejhItfZoXOZQVNnw==</ds:SignatureValue><ds:KeyInfo> ... </ds:KeyInfo><ds:Object Id="TheFirstObject">

<InsideObject>A text in a box</InsideObject></ds:Object>

</ds:Signature>

XML-Signature - Enveloped

- <Reference> element points to a parent element outside the <Signature> element

Signed XML Content

Signature

XML-Signature - Enveloped<SignedItem id=“101”><SignedElement1>Text</SignedElement1><Signature> <SignedInfo> <Reference URI=“#101” /> </SignedInfo> <SignatureValue>…. </SignatureValue> <KeyInfo>…. </KeyInfo><Signature></SignedItem>

Signature

XML-Signature - Enveloped

Signature

<apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1" xmlns:foo="http://example.org/#foo">Some simple text <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>

<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></SignatureMethod><Reference URI="">

<Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></Transform>

</Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</DigestValue>

</Reference></SignedInfo><SignatureValue>QNoLqAc0KYDmomJA3LvXhCf6vpuN/wh9R4y42QylvJCko9gRDhpHAA==</SignatureValue><KeyInfo>...</KeyInfo>

</Signature></apache:RootElement>

XML-Signature - Detached

- Points to an XML element or binary file out side the <Signature> elements hierarchy

- <Reference> element points neither a child nor a parent

- Can point to an element within the same document or to another resource completely outside the current XML document.

Signature

XML-Signature - Detached

Signed XML Content

Signature

QUESTION 2

Which signature type is used in WS-Security?

QUESTION 3

Provide a practical example for enveloped signature ? And why it’s needed there ?

XML-Signature



XML-Signature - <SignedInfo /><SignedInfo> <CanonicalizationMethod /> <SignatureMethod /> <Reference URI > <Transforms /> <DigestMethd /> <DigestValue /> </Reference></SignedInfo>

<CanonicalizationMethod />

XML syntax permits a number of options (e.g., which form of empty elements to use, whether

to use single or double quotes for attribute values, the order of attributes in a start tag,

places where white space is considered insignificant, etc.), it is quite easy to create

documents that are physically different and yet logically equivalent.


The purpose of Canonical XML is to define an algorithm by which a particular physical

representation of an XML document can be reliably and repeatedly reduced to its canonical

(simplest) form. When the same algorithm is applied to physically different representations to produce their canonical forms, documents can be

compared at this logical level.


• Canonical XML (or Inclusive XML Canonicalization)(XMLC14N)

• Exclusive XML Canonicalization(EXCC14N)


The Canonical XML is used for XML where the context doesn't change while the

Exclusive XML was designed for canonicalization where the context might

change.

XML-Signature (Example)

Signature







QUESTION 4

How about JSON ? Can there be multiple physical representations of the same logical

JSON document ?

QUESTION 5

What are the differences between Inclusive Canonicalization and Exclusive Canonicalization.

<SignatureMethod />

The SignatureMethod is the algorithm that is used to convert the canonicalized SignedInfo

into the SignatureValue.

<SignatureMethod />

- http://www.w3.org/2000/09/xmldsig#dsa-sha1

- http://www.w3.org/2000/09/xmldsig#rsa-sha1

- http://www.w3.org/2000/09/xmldsig#hmac-sha1

QUESTION 6

What are the differences between RSA and DSA ?

QUESTION 7

Would HMAC-SHA1 provide both the integrity of a message and the non-repudiation ?

XML-Signature (Example)

Signature







<Reference/>

Points to the elements which are being signed. Any element inside the same XML document

starts from “#”.

XML-Signature (Example-1)

Signature

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo>

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></ds:SignatureMethod><ds:Reference URI="#TheFirstObject">

<ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></ds:Transform>

</ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>ipbs0UyafkdRIcfIo9zyZLce+CE=</ds:DigestValue>

</ds:Reference></ds:SignedInfo><ds:SignatureValue>BSChZzMdH1kHVbKL+EyNorZXcEZ9ekL+cf/VW8ejhItfZoXOZQVNnw==</ds:SignatureValue><ds:KeyInfo> ... </ds:KeyInfo><ds:Object Id="TheFirstObject">

<InsideObject>A text in a box</InsideObject></ds:Object>

</ds:Signature>

XML-Signature (Example-2)

Signature







QUESTION 8

How do we reference an XML element in an external XML document ?

XML-Signature - <Reference/><SignedInfo> <CanonicalizationMethod /> <SignatureMethod /> <Reference URI > <Transforms /> <DigestMethd /> <DigestValue /> </Reference></SignedInfo>

<Transforms/>- <Transforms/> receive the results of

dereferencing the <Reference URI=“”> and alter the result in some way.

- A simple <Transform> can be an Xpath statement that causes the signature to apply only to a part of an XML document.

- Multiple transforms can appear under a <Reference> working in a pipe-line fashion.

- <Transform Algorithm=“” />

QUESTION 9

What is the difference between CanonicalizationMethod and the Transforms ?

XML Signature spec defines five Transforms

1. Canonicalization

2. Base-64

3. XPath Filtering

4. Enveloped Signature Transform

5. XSLT Transform

<Transforms/>

- Normalize the XML, so that regardless of physical inconsistencies, two logically equivalent XML documents will become physically bit to bit to equivalent.

Canonicalization

<Order><Items>

<item number=100></item><item number=101></item>

</Items></Order>

<Order><Items>

<item number=100/><item number=101/>

</Items></Order>

<Transforms/>

- Maps binary data into text- http://www.w3.org/2000/09/xmldsig#base64

Base-64

<Transforms/>

- Commonly used when we want to sign just a fragment of an XML document.

- http://www.w3.org/TR/1999/REC-xpath-19991116

XPath Filtering

<Transforms/>

- Commonly used in Enveloped Signatures where the parent element is to be signed.

- Need to remove the Signature element from the element being signed before validation.

http://www.w3.org/2000/09/xmldsig#enveloped-signature

Enveloped Signature Transform

<Transforms/>

QUESTION 10

Provide an example for Enveloped Signature Transformation and explain why its needed?

- A good practice is to sign what actually the signer sees.- Used to sign XML documents when an XSL is involved. - http://www.w3.org/TR/1999/REC-xslt-19991116

XSLT Transform

<Transforms/>

XML-Signature - <Reference/><SignedInfo> <CanonicalizationMethod /> <SignatureMethod /> <Reference URI > <Transforms /> <DigestMethd /> <DigestValue /> </Reference></SignedInfo>

<DigestMethod/>

- Algorithm to calculate the digest of the element/resource pointed by the <Reference URI=“”>

- <DigestMethod Algorithm=http://www.w3.org/2000/09/xmldsig#sha1 />

QUESTION 11

Explain two digest methods with similarities and differences.

<DigestValue/>

- Contains Base-64 encoded value of the digest

<DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</DigestValue>

QUESTION 12

Why do we have to base64 encode the digest value ?

XML-Signature



<SignatureValue/>

The Base-64 resulting value of encrypting the digest of the <SignedInfo/> element.

QUESTION 13

Where do we specify the digest method to create the digest of the SignedInfo ?

XML-Signature



<KeyInfo>

This is an optional element in the XML Signature, if no KeyInfo – it is expected that we what the

validation key is.

<KeyName/>

A unique name to identify the associated key.

<KeyValue/>

Actual key it self embedded in XML.

<RetrievalMethod/>- Used to reference a key that is stored in a separate location.

- If multiple signatures use the same key, we can keep the KeyInfo structure in a standalone element with a unique ID and refer to using <RetrievalMethod/> of each <Signature>

- Either or both the ds:KeyName and RetrievalMethod could be used to identify the same key.

<KeyInfo>

<RetrievalMethod URI='#EK' "/>

<KeyName>Sally Doe</KeyName>

<KeyInfo>

<X509Data/>

- Provides either an identifier to look to look up an X509 certificate or the X509 certificate it self.

- A certificate chain can also be contained in X509Data

<PGPData/>

Can point to the PGP key or can contain the key it self.

<SPKIData/>

Similar to PGPData point to the key or contains key it self.

XML-Signature



<Object/>

- Can put anything you want.

- Typically includes one of the following three

1. XML fragment or a base-64 encoded binary object – Enveloping Signature

2. A <Manifest> element

3. A <SignatureProperties> element

<Manifest/>

- Contains a list of references

- <Reference> elements inside <SignedInfo> element must be validated in order to accept the signature a valid one.

- To validate or not to validate <Reference> elements inside <Manifest> element is up to the developer decide.

- Developers get more granular control over which <Reference> mater and which does not.

<SignatureProperties/>Provides a place to put name/value information about the signature it self.<Object>

<SignatureProperties>

<SignatureProperty Id=“101” Target=“#100”>

<timestamp xmlns=“”>

<date>….</date>

<time>….</time>

</timestamp>

</SignatureProperty>

</SignatureProperties>

</Object>

XML-Signature Building Process

- Reference Generation- Signature Generation

XML-Signature Ref. Generation1. Obtain the resource specified by the <Reference

URI=“” >2. Apply Transforms3. Calculate the digest for the final output from the

Transform algorithm, using the <DigestMethod>4. Create the <Reference> element including all it’s sub

elements by populating the <DigestValue>5. Perform the above actions to all the <Reference>

elements found inside <SignedInfo>

XML-Signature Sig. Generation1. Create the <SignedInfo> element 2. Canonicalize <SignedInfo> element using the

algorithm specified under <CanonicalizationMethod>3. Create a hash for the out put of the canonicalization

using the <SignatureMethod> specified.4. Create the <SignatureValue> with the

<SignatureMethod> specified, against the canonicalized, hashed <SignedInfo>

5. Build the complete <Signature> element

XML-Signature Validation Process

- Reference Validation- Signature Validation

XML-Signature Ref. Validation1. Canonicalize the <SignedInfo> element based

on the <CanonicalizationMethod> element.2. For each <Reference> element do the following3. Get the resource pointed out by the

<Reference>4. Apply Transforms5. Create a hash using the <DigestMethod>6. Find the DigestValue and compare it with the

DigestValue returned.

XML-Signature Sig. Validation1. Obtain the key used to sign the message

2. Create a hash of the canonicalized <SignedInfo>3. Using the verification key decrypt the

<SignatureValue>4. Compare the value from 3 with value from 2.

lean . enterprise . middleware

xml signature prabath siriwardena director, security architecture

Documents

xml element

xml syntax

current xml document

purpose of canonical

nonxml content

xml documentsxml encryption

signature type

xmlsignaturea joint