WS – Security Policy Prabath Siriwardena Director, Security Architecture.
XML Signature Prabath Siriwardena Director, Security Architecture.
-
Upload
edward-banks -
Category
Documents
-
view
220 -
download
0
Transcript of XML Signature Prabath Siriwardena Director, Security Architecture.
XML Security• Integrity and non-repudiation
XML Signature by W3C http://www.w3.org/TR/xmldsig-core/
• Confidentiality of XML documents XML Encryption by W3C http://www.w3.org/TR/xmlenc-core/
XML-Signature
• A joint standard by IETF and W3C for digitally signing all of an XML document, part of an XML document or even an external object.
• XML Signature applies to any resource addressable by an URI – including non-xml content.
• First security standard to reach recommendation status
• WS-Security, XKMS, SAML all depend on XML Signature
XML-Signature
• Multiple XML Signatures can be able to exist over the static content of a web resource.
XML-Signature
<Signature xmlns=“…../2000/09/xmldsig#”>
<SignedInfo /> <SignatureValue /> <KeyInfo /> <Object /> </Signature>
XML-Signature - Enveloping
- Wraps item that is being signed within the <Signature> element
- <Reference> element points to an element within the <Signature> element
Signature
XML-Signature - Enveloping<Signature> <SignedInfo> <Reference URI=“#101” /> </SignedInfo> <SignatureValue>…. </SignatureValue> <KeyInfo>…. </KeyInfo> <Object> <SignedItem id=“101”> …….. </SignedItem> </Object><Signature>
Signature
XML-Signature - Enveloping
Signature
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></ds:SignatureMethod><ds:Reference URI="#TheFirstObject">
<ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></ds:Transform>
</ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>ipbs0UyafkdRIcfIo9zyZLce+CE=</ds:DigestValue>
</ds:Reference></ds:SignedInfo><ds:SignatureValue>BSChZzMdH1kHVbKL+EyNorZXcEZ9ekL+cf/VW8ejhItfZoXOZQVNnw==</ds:SignatureValue><ds:KeyInfo> ... </ds:KeyInfo><ds:Object Id="TheFirstObject">
<InsideObject>A text in a box</InsideObject></ds:Object>
</ds:Signature>
XML-Signature - Enveloped
- <Reference> element points to a parent element outside the <Signature> element
Signed XML Content
Signature
XML-Signature - Enveloped<SignedItem id=“101”><SignedElement1>Text</SignedElement1><Signature> <SignedInfo> <Reference URI=“#101” /> </SignedInfo> <SignatureValue>…. </SignatureValue> <KeyInfo>…. </KeyInfo><Signature></SignedItem>
Signature
XML-Signature - Enveloped
Signature
<apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1" xmlns:foo="http://example.org/#foo">Some simple text <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></SignatureMethod><Reference URI="">
<Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></Transform>
</Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</DigestValue>
</Reference></SignedInfo><SignatureValue>QNoLqAc0KYDmomJA3LvXhCf6vpuN/wh9R4y42QylvJCko9gRDhpHAA==</SignatureValue><KeyInfo>...</KeyInfo>
</Signature></apache:RootElement>
XML-Signature - Detached
- Points to an XML element or binary file out side the <Signature> elements hierarchy
- <Reference> element points neither a child nor a parent
- Can point to an element within the same document or to another resource completely outside the current XML document.
Signature
XML-Signature
<Signature xmlns=“…../2000/09/xmldsig#”>
<SignedInfo /> <SignatureValue /> <KeyInfo /> <Object /> </Signature>
XML-Signature - <SignedInfo /><SignedInfo> <CanonicalizationMethod /> <SignatureMethod /> <Reference URI > <Transforms /> <DigestMethd /> <DigestValue /> </Reference></SignedInfo>
XML-Signature - <SignedInfo /><SignedInfo> <CanonicalizationMethod /> <SignatureMethod /> <Reference URI > <Transforms /> <DigestMethd /> <DigestValue /> </Reference></SignedInfo>
<CanonicalizationMethod />
XML syntax permits a number of options (e.g., which form of empty elements to use, whether
to use single or double quotes for attribute values, the order of attributes in a start tag,
places where white space is considered insignificant, etc.), it is quite easy to create
documents that are physically different and yet logically equivalent.
<CanonicalizationMethod />
The purpose of Canonical XML is to define an algorithm by which a particular physical
representation of an XML document can be reliably and repeatedly reduced to its canonical
(simplest) form. When the same algorithm is applied to physically different representations to produce their canonical forms, documents can be
compared at this logical level.
<CanonicalizationMethod />
• Canonical XML (or Inclusive XML Canonicalization)(XMLC14N)
• Exclusive XML Canonicalization(EXCC14N)
<CanonicalizationMethod />
The Canonical XML is used for XML where the context doesn't change while the
Exclusive XML was designed for canonicalization where the context might
change.
XML-Signature (Example)
Signature
<apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1" xmlns:foo="http://example.org/#foo">Some simple text <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></SignatureMethod><Reference URI="">
<Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></Transform>
</Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</DigestValue>
</Reference></SignedInfo><SignatureValue>QNoLqAc0KYDmomJA3LvXhCf6vpuN/wh9R4y42QylvJCko9gRDhpHAA==</SignatureValue><KeyInfo>...</KeyInfo>
</Signature></apache:RootElement>
QUESTION 4
How about JSON ? Can there be multiple physical representations of the same logical
JSON document ?
QUESTION 5
What are the differences between Inclusive Canonicalization and Exclusive Canonicalization.
XML-Signature - <SignedInfo /><SignedInfo> <CanonicalizationMethod /> <SignatureMethod /> <Reference URI > <Transforms /> <DigestMethd /> <DigestValue /> </Reference></SignedInfo>
<SignatureMethod />
The SignatureMethod is the algorithm that is used to convert the canonicalized SignedInfo
into the SignatureValue.
<SignatureMethod />
- http://www.w3.org/2000/09/xmldsig#dsa-sha1
- http://www.w3.org/2000/09/xmldsig#rsa-sha1
- http://www.w3.org/2000/09/xmldsig#hmac-sha1
XML-Signature (Example)
Signature
<apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1" xmlns:foo="http://example.org/#foo">Some simple text <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></SignatureMethod><Reference URI="">
<Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></Transform>
</Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</DigestValue>
</Reference></SignedInfo><SignatureValue>QNoLqAc0KYDmomJA3LvXhCf6vpuN/wh9R4y42QylvJCko9gRDhpHAA==</SignatureValue><KeyInfo>...</KeyInfo>
</Signature></apache:RootElement>
XML-Signature - <SignedInfo /><SignedInfo> <CanonicalizationMethod /> <SignatureMethod /> <Reference URI > <Transforms /> <DigestMethd /> <DigestValue /> </Reference></SignedInfo>
<Reference/>
Points to the elements which are being signed. Any element inside the same XML document
starts from “#”.
XML-Signature (Example-1)
Signature
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></ds:SignatureMethod><ds:Reference URI="#TheFirstObject">
<ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></ds:Transform>
</ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>ipbs0UyafkdRIcfIo9zyZLce+CE=</ds:DigestValue>
</ds:Reference></ds:SignedInfo><ds:SignatureValue>BSChZzMdH1kHVbKL+EyNorZXcEZ9ekL+cf/VW8ejhItfZoXOZQVNnw==</ds:SignatureValue><ds:KeyInfo> ... </ds:KeyInfo><ds:Object Id="TheFirstObject">
<InsideObject>A text in a box</InsideObject></ds:Object>
</ds:Signature>
XML-Signature (Example-2)
Signature
<apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1" xmlns:foo="http://example.org/#foo">Some simple text <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></SignatureMethod><Reference URI="">
<Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></Transform>
</Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</DigestValue>
</Reference></SignedInfo><SignatureValue>QNoLqAc0KYDmomJA3LvXhCf6vpuN/wh9R4y42QylvJCko9gRDhpHAA==</SignatureValue><KeyInfo>...</KeyInfo>
</Signature></apache:RootElement>
XML-Signature - <Reference/><SignedInfo> <CanonicalizationMethod /> <SignatureMethod /> <Reference URI > <Transforms /> <DigestMethd /> <DigestValue /> </Reference></SignedInfo>
<Transforms/>- <Transforms/> receive the results of
dereferencing the <Reference URI=“”> and alter the result in some way.
- A simple <Transform> can be an Xpath statement that causes the signature to apply only to a part of an XML document.
- Multiple transforms can appear under a <Reference> working in a pipe-line fashion.
- <Transform Algorithm=“” />
XML Signature spec defines five Transforms
1. Canonicalization
2. Base-64
3. XPath Filtering
4. Enveloped Signature Transform
5. XSLT Transform
<Transforms/>
- Normalize the XML, so that regardless of physical inconsistencies, two logically equivalent XML documents will become physically bit to bit to equivalent.
Canonicalization
<Order><Items>
<item number=100></item><item number=101></item>
</Items></Order>
<Order><Items>
<item number=100/><item number=101/>
</Items></Order>
<Transforms/>
- Commonly used when we want to sign just a fragment of an XML document.
- http://www.w3.org/TR/1999/REC-xpath-19991116
XPath Filtering
<Transforms/>
- Commonly used in Enveloped Signatures where the parent element is to be signed.
- Need to remove the Signature element from the element being signed before validation.
http://www.w3.org/2000/09/xmldsig#enveloped-signature
Enveloped Signature Transform
<Transforms/>
- A good practice is to sign what actually the signer sees.- Used to sign XML documents when an XSL is involved. - http://www.w3.org/TR/1999/REC-xslt-19991116
XSLT Transform
<Transforms/>
XML-Signature - <Reference/><SignedInfo> <CanonicalizationMethod /> <SignatureMethod /> <Reference URI > <Transforms /> <DigestMethd /> <DigestValue /> </Reference></SignedInfo>
<DigestMethod/>
- Algorithm to calculate the digest of the element/resource pointed by the <Reference URI=“”>
- <DigestMethod Algorithm=http://www.w3.org/2000/09/xmldsig#sha1 />
<DigestValue/>
- Contains Base-64 encoded value of the digest
<DigestValue>f+pDsT3LzyKV9Sg6rdK5bBrQlbo=</DigestValue>
XML-Signature
<Signature xmlns=“…../2000/09/xmldsig#”>
<SignedInfo /> <SignatureValue /> <KeyInfo /> <Object /> </Signature>
<SignatureValue/>
The Base-64 resulting value of encrypting the digest of the <SignedInfo/> element.
XML-Signature
<Signature xmlns=“…../2000/09/xmldsig#”>
<SignedInfo /> <SignatureValue /> <KeyInfo /> <Object /> </Signature>
<KeyInfo>
This is an optional element in the XML Signature, if no KeyInfo – it is expected that we what the
validation key is.
<KeyInfo>
<KeyInfo> <KeyName />
<KeyValue /> <RetrievalMethod /> <X509Data /> <PGPData /> <SPKIData />
</KeyInfo>
<KeyInfo>
<KeyInfo> <KeyName />
<KeyValue /> <RetrievalMethod /> <X509Data /> <PGPData /> <SPKIData />
</KeyInfo>
<KeyInfo>
<KeyInfo> <KeyName />
<KeyValue /> <RetrievalMethod /> <X509Data /> <PGPData /> <SPKIData />
</KeyInfo>
<RetrievalMethod/>- Used to reference a key that is stored in a separate location.
- If multiple signatures use the same key, we can keep the KeyInfo structure in a standalone element with a unique ID and refer to using <RetrievalMethod/> of each <Signature>
- Either or both the ds:KeyName and RetrievalMethod could be used to identify the same key.
<KeyInfo>
<RetrievalMethod URI='#EK' "/>
<KeyName>Sally Doe</KeyName>
<KeyInfo>
<KeyInfo>
<KeyInfo> <KeyName />
<KeyValue /> <RetrievalMethod /> <X509Data /> <PGPData /> <SPKIData />
</KeyInfo>
<X509Data/>
- Provides either an identifier to look to look up an X509 certificate or the X509 certificate it self.
- A certificate chain can also be contained in X509Data
<KeyInfo>
<KeyInfo> <KeyName />
<KeyValue /> <RetrievalMethod /> <X509Data /> <PGPData /> <SPKIData />
</KeyInfo>
<KeyInfo>
<KeyInfo> <KeyName />
<KeyValue /> <RetrievalMethod /> <X509Data /> <PGPData /> <SPKIData />
</KeyInfo>
XML-Signature
<Signature xmlns=“…../2000/09/xmldsig#”>
<SignedInfo /> <SignatureValue /> <KeyInfo /> <Object /> </Signature>
<Object/>
- Can put anything you want.
- Typically includes one of the following three
1. XML fragment or a base-64 encoded binary object – Enveloping Signature
2. A <Manifest> element
3. A <SignatureProperties> element
<Manifest/>
<Object>
<Manifest Id=“101”>
<Reference>…. </Reference>
<Reference> …. </Reference>
</Manifest>
</Object>
<Manifest/>
- Contains a list of references
- <Reference> elements inside <SignedInfo> element must be validated in order to accept the signature a valid one.
- To validate or not to validate <Reference> elements inside <Manifest> element is up to the developer decide.
- Developers get more granular control over which <Reference> mater and which does not.
<Manifest/>
<SignedInfo>
<Reference URI=“101”
Type=“"http://www.w3.org/2000/09/xmldsig#Manifest"”>
……
</Reference>
</SignedInfo>
<SignatureProperties/>Provides a place to put name/value information about the signature it self.<Object>
<SignatureProperties>
<SignatureProperty Id=“101” Target=“#100”>
<timestamp xmlns=“”>
<date>….</date>
<time>….</time>
</timestamp>
</SignatureProperty>
</SignatureProperties>
</Object>
<Signature Id=“100”>
<SignedInfo>
<Reference URI=“101”
Type=“" http://www.w3.org/2000/09/xmldsig#SignatureProperties "”>
……
</Reference>
</SignedInfo>
</Signature>
<SignatureProperties/>
XML-Signature Ref. Generation1. Obtain the resource specified by the <Reference
URI=“” >2. Apply Transforms3. Calculate the digest for the final output from the
Transform algorithm, using the <DigestMethod>4. Create the <Reference> element including all it’s sub
elements by populating the <DigestValue>5. Perform the above actions to all the <Reference>
elements found inside <SignedInfo>
XML-Signature Sig. Generation1. Create the <SignedInfo> element 2. Canonicalize <SignedInfo> element using the
algorithm specified under <CanonicalizationMethod>3. Create a hash for the out put of the canonicalization
using the <SignatureMethod> specified.4. Create the <SignatureValue> with the
<SignatureMethod> specified, against the canonicalized, hashed <SignedInfo>
5. Build the complete <Signature> element
XML-Signature Ref. Validation1. Canonicalize the <SignedInfo> element based
on the <CanonicalizationMethod> element.2. For each <Reference> element do the following3. Get the resource pointed out by the
<Reference>4. Apply Transforms5. Create a hash using the <DigestMethod>6. Find the DigestValue and compare it with the
DigestValue returned.
XML-Signature Sig. Validation1. Obtain the key used to sign the message
2. Create a hash of the canonicalized <SignedInfo>3. Using the verification key decrypt the
<SignatureValue>4. Compare the value from 3 with value from 2.