Purpose of KeyInfo in XML signature

こ雲淡風輕ζ 提交于 2020-07-10 07:31:48

问题


I am reading about XML signature from w3 page

As per my understanding, to Sign an XML:

  1. Create a Canonical XML of the XML Data to be signed.
  2. Create a hash (digest) of the Canonicalised XML Data using an algorithm mentioned in <DigestMethod/>. Hash will go inside <DigestValue>
  3. Encrypt above has using algorithm mentioned in <SignatureMethod/>. This algorithm will take Sender's private key as an input. Signature will go inside <SignatureValue>

To Verify (at receiver's end):

  1. Use the public key of the sender on the content of <SignatureValue> to get the hash.
  2. Calculate the hash of data (xPath/referece to data can be found in <Reference>) using algorithm <DigestMethod>
  3. Check if this has matches with hash in <DigestValue>

My Questions:

  1. Is my understanding correct?
  2. What is the role of <KeyInfo> in verifying signature given that sender's public key is sufficient for verifying?

回答1:


As per my understanding, to Sign an XML:

  1. Create a Canonical XML of the XML Data to be signed.

  2. Create a hash (digest) of the Canonicalised XML Data using an algorithm mentioned in . Hash will go inside

  3. Encrypt above has using algorithm mentioned in . This algorithm will take Sender's private key as an input. Signature will go inside

It is not correct, see 3.1.2 Signature Generation section of the link you pointed.

The <SignatureValue> is calculated over the canonicalized content of a <SignedInfo> node, which includes the <SignatureMethod>, <CanonicalizationMethod>, and the References. The <Reference> element contains the <DigestMethod> and the <DigestValue>

The document is not encrypted, it is signed with the private key. It involves a similar cryptographic operation, but the padding mechanism is different. See https://crypto.stackexchange.com/questions/15997/is-rsa-encryption-with-a-private-key-the-same-as-signature-generation

What is the role of <KeyInfo> in verifying signature given that sender's public key is sufficient for verifying?

It contains the signing certificate corresponding to the private key used to sign the document.

The verifying party could verify the signature using signer's public key without extracting it from <KeyInfo> element, but it implies that the receiver has stored the public keys of each signer. The verifying party usually have a trusted list of Certificate Authority and checks that the signing certificate has been issued by one of these Authorities.

Note that a reference to <KeyInfo> is also included in the <SignedInfo> section, to know exactly which certificate signed the document (a public key can be included in several certificates)




回答2:


What is the role of <KeyInfo> in verifying signature given that sender's public key is sufficient for verifying?

The key has to be somewhere, right? And that's the place. It will contain the key to use for verifying the signature. As stated in the specification it is possible to skip the <KeyInfo> element:

If KeyInfo is omitted, the recipient is expected to be able to identify the key based on application context.

So when the <KeyInfo> is missing the application/user has to get the key from somewhere else.



来源:https://stackoverflow.com/questions/50188629/purpose-of-keyinfo-in-xml-signature

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!