W3C Logo

Author: Joseph Reagle

Audience:  WWW10, W3C AC, XML Europe 2001

Question: The status/design of XML Signatures and Encryption

References:

Cryptography Introduction

Hash (fingerprint, digest): evenly and randomly maps variable length data into a smaller fixed size such that it's "one-way" (hard to find a data object for a given hash result) and "collision-free" (hard to find two data objects with the same hash result).

Secret Key Cryptography (symmetric): the key used for processing is kept as a secret.

Public Key Cryptography (asymmetric): a private/public key pair (inverse of each other) are used to sign (via the private key) and encrypt (via the public key).

Signature: a private key is applied to some data (or its hash)

Encryption: One often uses a public key (easy to obtain) to send a symmetric key (efficient) for a "session" of communication.

XML Security Introduction

XML Security Scenario

  1. FatBrain creates a form that will be filled in by a Alice and sent on to EasyPay.
  2. FatBrain signs all of the form except for shipping address and credit card information, which is filled in by Alice.
  3. Alice fills in the form, encrypts the payment authorization element in a key shared with EasyPay, and returns it to FatBrain.
  4. FatBrain processes the form and confirms the integrity of the order (the book title and price) and passes the encrypted credit card info to EasyPay.

This protocol is faulty, but it demonstrates the use of selective signing and encryption.

dsig:Status

dsig: Design Principles

  1. The specification must describe how to use XML syntax to represent a signature over digital content (and XML content in particular).
  2. XML-signatures are generated from a hash over a list of references and the digest value of the references' content.
  3. The meaning of a signature is simple:  The XML-signature syntax associates the content of resources listed with a key via a strong one-way transformation.

dsig:Syntax

<Signature> 
  <SignedInfo>
    <CanonicalizationMethod/>?
    <SignatureMethod/>
    <Reference (URI=)? >
      <Transforms/>?
      <DigestMethod/>
      <DigestValue/>
    </Reference>+
  </SignedInfo>
  <SignatureValue/> 
 <KeyInfo/>?
 <Object/>*
</Signature>

dsig:Features

dsig:KeyInfo

dsig:Algorithms

[s04]   <SignatureMethod Algorithm="http://www.w3.org/2000/02/xmldsig#dsa"/>

Type Algorithm Requirements Algorithm URI
Digest SHA1 REQUIRED http://www.w3.org/2000/09/xmldsig#sha1
Encoding Base64 REQUIRED http://www.w3.org/2000/09/xmldsig#base64 
MAC HMAC-SHA1 REQUIRED http://www.w3.org/2000/09/xmldsig#hmac-sha1
Signature DSAwithSHA1
(DSS)
REQUIRED http://www.w3.org/2000/09/xmldsig#dsa
Canonicalization Canonical XML REQUIRED http://www.w3.org/TR/2000/WD-xml-c14n-20000907
Others XPath RECOMMENDED http://www.w3.org/TR/1999/REC-xpath-19991116

xenc:Status

xenc: Design Goals

  1. Describe how to use XML to represent a digitally encrypted Web resources including XML, and portions thereof. Presently limited to elements (not attribute values).
  2. Provide for the separation of encryption information from encrypted data, and support reference mechanisms for addressing encryption information from encrypted data sections and vice versa.
  3. Provide for super-encryption (capable of encrypting XML with portions already encrypted)
  4. Provide for the secure communication of a session key for subsequent (efficient) communication.

xenc:Example

In the encrypted version of an XML instance, the <EncryptedData> element will appear in place of an encrypted element or its content.

Before: After Rodents are encrypted
<Animals>
<Cat/>
 <Rodents>
  <Rabbit/>
  <Mouse/>
 </Rodents>
 <Dog/>
<Animals>
<Animals>
<Cat/>
 <EncryptedData xmlns="">
   <CipherData>M3MXCV...
   </CipherData>
 </EncryptedData>
<Dog/>
<Animals>

xenc:Syntax

<EncryptedData Id="" Type="">
  <EncryptionMethod/>?
  <ds:KeyInfo>?
   <enc:EncryptedKey/>?
   ...
  </ds:KeyInfo>?
  <CipherData URI="">iamscrambled</CipherData>
</EncryptedData>

xenc:Features

xenc:Algorithms

Type Algorithm Requirements
Block Encryption AES/3DES REQUIRED
Key Transport AES-RSA-OEAP
3DES-RSA-v1.5
REQUIRED
MAC AES/3DES with SHA1 OPTIONAL
Signature XML Signature OPTIONAL
Canonicalization Canonical XML OPTIONAL
Compression et al n/a

xenc:Issues