Author: Joseph Reagle
Audience: WWW9 W3C Track
Question: Overview of XML DSig
References:
Joseph M. Reagle
Jr.
<reagle@w3.org>
IETF/W3C XML
Signature Co-Chair
W3C/LCS/MIT
<Signature> <SignedInfo> (CanonicalizationMethod)? (SignatureMethod) <Reference (URI=)? > (Transforms)? (DigestMethod) (DigestValue) </Reference>)+ </SignedInfo> (SignatureValue) (KeyInfo)? (Object)* </Signature>
[s01] <Signature Id="MyFirstSignature" xmlns="http://www.w3.org/2000/02/xmldsig#"> [s02] <SignedInfo> [s03] <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2000/WD-xml-c14n-20000119"/> [s04] <SignatureMethod Algorithm="http://www.w3.org/2000/02/xmldsig#dsa"/> [s05] <Reference URI="http://www.w3.org/TR/2000/REC-xhtml1-20000126/"> [s06] <Transforms> [s07] <Transform Algorithm="http://www.w3.org/2000/02/xmldsig#c14n"/> [s08] </Transforms> [s09] <DigestMethod Algorithm="http://www.w3.org/2000/02/xmldsig#sha1"/> [s10] <DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue> [s11] </Reference> [s12] </SignedInfo> [s13] <SignatureValue>MC0CFFrVLtRlk=...</SignatureValue> ... [s17] </Signature>
[s14] <KeyInfo>
[s15a] <KeyValue>
[s15b] <DSAKeyValue>
[s15c]
<P>...</P><Q>...</Q><G>...</G><Y>...</Y>
[s15d] </DSAKeyValue>
[s15e] </KeyValue>
[s16] </KeyInfo>
[p00] <Signature Id="MySecondSignature" ...> [p01] <SignedInfo> ... [p02] <Reference URI="http://www.w3.org/TR/xml-stylesheet/">... [p03] <Reference URI=" #AMadeUpTimeStamp " [p04] Type="http://www.w3.org/2000/02/xmldsig#SignatureProperty">... [p08] </SignedInfo> [p09] ... [p10] <Object> [p11] <SignatureProperties Id="AMadeUpTimeStamp"> [p12] <SignatureProperty Target=" #MySecondSignature "> [p13] <timestamp xmlns="http://www.ietf.org/rfcXXXX.txt"> [p14] <date>19990908</date> [p15] <time>14:34:34:34</time> [p16] </timestamp> [p17] </SignatureProperty> [p18] </SignatureProperties> [p19] </Object> [p20]</Signature>
[s04] <SignatureMethod Algorithm="http://www.w3.org/2000/02/xmldsig#dsa"/>
Type | Algorithm | Requirements | Algorithm URI |
Digest | SHA1 | REQUIRED | http://www.w3.org/2000/02/xmldsig#sha1 |
Encoding | Base64 | REQUIRED | http://www.w3.org/2000/02/xmldsig#base64 |
MAC | HMAC-SHA1 | REQUIRED | http://www.w3.org/2000/02/xmldsig#hmac-sha1 |
Signature | DSAwithSHA1 (DSS) |
REQUIRED | http://www.w3.org/2000/02/xmldsig#dsa |
Canonicalization | XML- Canonicalization |
REQUIRED | http://www.w3.org/TR/1999/WD-xml-c14n-19991115 |
Others | XPath | RECOMMENDED | http://www.w3.org/TR/1999/REC-xpath-19991116 |