W3C Logo

Author: Joseph Reagle

Audience:  WWW2002

Question: The status/design of XML Signatures, Encryption, and Key Management

References:

Cryptography Introduction

Hash (fingerprint, digest): evenly and randomly maps variable length data into a smaller fixed size such that it's "one-way" (hard to find a data object for a given hash result) and "collision-free" (hard to find two data objects with the same hash result).

Secret Key Cryptography (symmetric): the key used for processing is kept as a secret between the parties.

Public Key Cryptography (asymmetric): a private/public key pair (inverse of each other) are used to sign (via the private key) and encrypt (via the public key).

Signature: a private key is applied to some data (or its hash)

Encryption: One often uses a public key (easy to obtain) to send a symmetric key (efficient) for a "session" of communication.

Key Management: How to obtain the real key of the person with whom you want to communicate. This typically involves chains of signatures on a key that must be checked/validated.

XML Security Introduction*

XML Security Scenario*

  1. BookStore creates a form that will be filled in by a Alice and sent on to EasyPay.
  2. BookStore signs all of the form except for shipping address and credit card information, which is filled in by Alice.
  3. Alice fills in the form, encrypts the payment authorization element in a key shared with EasyPay, and returns it to BookStore.
  4. BookStore processes the form and confirms the integrity of the order (the book title and price) and passes the encrypted credit card info to EasyPay.

This protocol is faulty, but it demonstrates the use of selective signing and encryption.


dsig:Status*

dsig:Design Principles

  1. The specification must describe how to use XML syntax to represent a signature over digital content (and XML content in particular).
  2. XML-signatures are generated from a hash over a list of references and the digest value of the references' content.
  3. The meaning of a signature is simple:  The XML-signature syntax associates the content of resources listed with a key via a strong one-way transformation.

dsig:Syntax*

<Signature> 
  <SignedInfo>
    <CanonicalizationMethod/>?
    <SignatureMethod/>
    <Reference (URI=)? >
      <Transforms/>?
      <DigestMethod/>
      <DigestValue/>
    </Reference>+
  </SignedInfo>
  <SignatureValue/> 
 <KeyInfo/>?
 <Object/>*
</Signature>

dsig:Features*

dsig:KeyInfo

dsig:Algorithms

[s04]   <SignatureMethod Algorithm="http://www.w3.org/2000/02/xmldsig#dsa"/>

Type Algorithm Requirements Algorithm URI
Digest SHA1 REQUIRED http://www.w3.org/2000/09/xmldsig#sha1
Encoding Base64 REQUIRED http://www.w3.org/2000/09/xmldsig#base64
MAC HMAC-SHA1 REQUIRED http://www.w3.org/2000/09/xmldsig#hmac-sha1
Signature DSAwithSHA1
(DSS)
REQUIRED http://www.w3.org/2000/09/xmldsig#dsa
Canonicalization Canonical XML REQUIRED http://www.w3.org/TR/2000/WD-xml-c14n-20000907
Others XPath RECOMMENDED http://www.w3.org/TR/1999/REC-xpath-19991116

xenc:Status*

xenc:Design Goals*

  1. Describe how to use XML to represent a digitally encrypted Web resources including XML, and portions thereof. Presently limited to elements and content (not attribute values).
  2. Provide for the separation of encryption information from encrypted data, and support reference mechanisms for addressing encryption information from encrypted data sections and vice versa.
  3. Provide for super-encryption (capable of encrypting XML with portions already encrypted)
  4. Provide for the secure communication of a session key for subsequent (efficient) communication.

xenc:Example*

In the encrypted version of an XML instance, the <EncryptedData> element will appear in place of an encrypted element or its content.

Before: After Rodents are encrypted
<Animals>
<Cat/>
 <Rodents>
  <Beaver/>
  <Mouse/>
 </Rodents>
 <Dog/>
<Animals>
<Animals>
<Cat/>
 <EncryptedData xmlns="">
   <CipherData>M3MXCV...
   </CipherData>
 </EncryptedData>
<Dog/>
<Animals>

xenc:Syntax*

<EncryptedData Id="" Type="">
  <EncryptionMethod/>?
  <ds:KeyInfo>?
   <enc:EncryptedKey/>?
   ...
  </ds:KeyInfo>?
  <CipherData URI="">iamscrambled</CipherData>
</EncryptedData>

xenc:Features*

xenc:Algorithms

 
Type Algorithm Requirements
Block Encryption AES/3DES REQUIRED
Key Transport AES-RSA-OEAP
3DES-RSA-v1.5
REQUIRED
MAC AES/3DES with SHA1 OPTIONAL
Signature XML Signature OPTIONAL
(Exclusive) Canonicalization Canonical XML OPTIONAL
Compression et al n/a

xkms:Introduction*

Neither XML Signature nor Encryption specify how to obtain trustworhty keys.

There's a body of existing (non-XML) standards and infrastucture to satisfy this requirement.

XKMS provides a Web/XML based interface to existing infrastructure for XML based applications.

xkms:Example Request*

<?xml version="1.0" encoding="utf-8"?>
<LocateRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
      xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" 
      Service="http://test.xmltrustcenter.org/XKMS"
      xmlns="http://www.w3.org/2002/03/xkms#">
  <RespondWith>KeyValue</RespondWith>
  <QueryKeyBinding>
    <KeyUsage>Encryption</KeyUsage>
    <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@bobcorp.test" />
  </QueryKeyBinding>
</LocateRequest>

xkms:Status*