Geeks With Blogs
Pradeep Loganathan Distributed

XML signature and XML encryption are used to ensure the integrity & confidentiality of SOAP messages and are the basic pillars of WS-security.

 

A XML signature is a method of associating a Key to data using XML to represent the signature. XML signatures can be applied to any digital content. Once a XML document is signed any attempts to modify the contents of the XML document will result in failure of the verification.

A simple XML signature contains the following

  1. A reference to what is being signed
  2. The signature
  3. The Key used to verify the signature
  4. An optional object to represent miscellaneous items.

 

The structure of an XML signature is as below

 

   

        (CanonicalizationMethod)

        (SignatureMethod)

        (

            (Transforms)?

            (DigestMethod)

            (DigestValue)

        )+

   

    (SignatureValue)

    (KeyInfo)?

    (Object)*

 

There are three types of XML signatures based on the reference that is being signed namely

  1. Enveloping Signature
  2. Enveloped Signature
  3. Detached signature

 

An enveloping signature wraps the item that is being signed within it. An enveloped signature references to the parent element and a detached signature references an element outside signature elements hierarchy.

 

The process of generating a XML signature is as follows

  1. Reference Generation
    1. Calculate the digest value of the signed object.
    2. Create the reference element, the URI, the digest method used and the digest value.
  2. Signature generation
    1. Create the signedinfo element with the signature method, canonicalization method and the references.
    2. Canonicalize and calculate the signature value over signedinfo
    3. Construct the signature element including signedinfo and signature value
Posted on Wednesday, August 2, 2006 6:24 AM | Back to top

Copyright © Pradeep Loganathan | Powered by: GeeksWithBlogs.net