Downloads Tutorial Mac OS X
Infomosaic products are not available to new customers after 08/29/2008. Read White Papers, Case Studies and Articles
Existing customers may contact support for any technical questions as long as their annual maintenance contract is active. The license management site will remain active until 12/31/08. Please download all your licenses before that.
Google
Web
infomosaic.net






XML Digital Signature

XML Signature is the specific syntax used to represent a digital signature over any arbitrary digital content. XML Signatures can be applied to any digital content (data object), such as XML, an HTML page, binary-encoded data such as a GIF, XML-encoded data, and a specific section of an XML file. 

XML Signature Types

There are 3 types of XML Signatures:

  1. Enveloped
  2. Enveloping
  3. Detached

Enveloped Signature

An enveloped signature is a signature of a document, where the XML signature will itself be embedded within the signed document.

Enveloping Signature

An enveloping signature is a signature where the signed data is actually embedded within the XML signature structure.

Detached Signature

A detached signature is a signature where the signed entities and signature are separate from each other.

 

Creating XML Signature

The following steps show how to create and verify an XML Signature:

Determine the resources to be signed.

http://www.infomosaic.com

#idref1 — references the element with an identifier of "idref1" located in the same XML instance as the Signature. This element might be a child element of the Signature's top element, an ancestor element of the Signature element, or located on another branch of the XML instance.

Calculate the digest of each resource.

<Reference URI="http://www.infomosaic.net/XMLSign/CxdsigAnnouncement.htm">
.....some code not shown ...
<DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue>
</Reference>

<Reference URI="http://www.w3.org/TR/2000/WD-xmldsig-core-20000228/signature-example.xml">
... some code not shown ...
<DigestValue>UrXLDLBIta6skoV5/A8Q38GEw44=</DigestValue>
</Reference>

In XML Signatures, each reference is specified by a <Reference> element and its digest is placed in a <DigestValue> child element.

Collect the <Reference> elements (with their associated digests) within a <SignedInfo> element.

<SignedInfo Id="foobar">
... some code not shown ...
<Reference URI="http://www.infomosaic.net/XMLSign/CxdsigAnnouncement.htm">
... some code not shown ...
<DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue>
< /Reference>

<Reference URI="http://www.w3.org/TR/2000/WD-xmldsig-core-20000228/signature-example.xml">
<DigestValue>UrXLDLBIta6skoV5/A8Q38GEw44=</DigestValue>
< /Reference>

<SignedInfo>


Calculate the digest of the <SignedInfo> element, sign the digest and put the signature value in a <SignatureValue> element.

<SignatureValue>

MC0CFFrVLtRlkMc3Daon4BqqnkhCOTFEALE =

</SignatureValue>

If keying information is to be included, place it in a <KeyInfo> element.

<KeyInfo> 

<X509Data>

<X509SubjectName Encoding="base64">

<!-- Subject Name: C: CA , O: 40pki , CN: Alice Alice -->

QzogQ0EgLCBPOiA0MHBraSAsIENOOiBBbGljZSBBbGljZSA=

</X509SubjectName>

<X509Certificate Encoding="base64">

MIID5jCCA0+gA...lVN

</X509Certificate>

</X509Data>

</KeyInfo>


Place the <SignedInfo>, <SignatureValue>, and <KeyInfo> elements into a <Signature> element. The <Signature> element is the XML Signature.

<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
<Reference URI="http://merlin.org/xmldsig/xml-stylesheet.b64">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
OsH9A1jTNLmEldLmsPLlog6Gdw4YV8SiqD96GwYLAfMBqbk5o3waOg==
</SignatureValue>
<KeyInfo>
<KeyValue>
<DSAKeyValue>
<P>
imup6lmki4rAmUstKb/xdBRMWNtQ+pDN97ZnLA9X3lKbkEHtYFyjQ3uActgVSJ75
iVRuKxz4Cb5RzVm25EaKmKq8rif1MtBIi6jjDJxmIdNaEKG9zVTf9giJx1N9I0t3
oh1fAVZDSrzKzJGQ2WvDfIfFHdJMtB3C0VKGmLZR7Xk=
</P>
<Q>
xDve3j7sEnh4rIzM5gK+5/gxxFU=
</Q>
<G>
NLugAf6IZJxo3BCOi5yrGEVwtlEzXcnndXhd0Tz38CnQKc4SEupm4PyP5TmLvK64
TDfOD7sno/W5oI1KZdimfW2c4r/6waNzZSvicMOWhLYY621Nn6njBc8VNwoxWpzC
XhKm70b8+D4YZMn/eU5DN8dvhTv/bNK21FfJqjp033U=
</G>
<Y>
W7dOmH/vWqocVCiqaxj6soxVXfR8XpMdY2Zv4Amjr3n81geyOLb6IZ+l7MUbdp85
29DQzuoVTthVpB9X4JKCprZIzifOTM1PFflTBzjx7egJwJWAIVdWyiIPjke6Va+w
uV2n4Rl/cgCvrXK5cTov5C/Bpaf6o+qrrDGFBLLZTF4=
</Y>
</DSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>


Verifying XML Signature

Verify the signature of the <SignedInfo> element. In other words, re-calculate the digest of the <SignedInfo> element and use the public verification key to verify that the value of the <SignatureValue> element is correct for the digest of the <SignedInfo> element.

If the last step passes, re-calculate the digests of the references contained within the <SignedInfo> element and compare them to the digest values expressed in each <Reference> element's corresponding <DigestValue> element.


 

 

All contents are Copyright © 2000--2008 Infomosaic Corporation. All rights reserved.
Page last updated on Friday, August 29, 2008

Success Stories
Google
Web
infomosaic.net