After get some understanding on encrypting and authentication on xml on XML web services. Now we getting to know more about the XML signature and also some summarize of XML encrypting and authenticating.
XML Signature Standard
The W3C XML Signature standard provides a specification for creating and using digital signatures in XML. You use XML Signature to provide authentication when transmitting documents. You can use XML Signature with any content, including XML data. You can sign just a portion of a document, in the same way that you can encrypt just part of it.
Authenticating XML documents is difficult, however, because their structure may change even when the data in them does not. Most digital signature methods treat the structure of a document as significant when generating the unique value, or message digest, that can be used to validate the document’s authenticity To address this, the W3C uses XML Canonicalization. This specification defines how to generate a canonical form of an XML document. This is a highly formalized version of the XML document. Two XML documents that differ textually as a result of comments, empty tags, or line breaks for example, but have the same logical structure will produce identical canonical documents.
The basic structure of a digital signature is as follows, where
? indicates zero or one occurrence and
* indicates zero or more occurrences:
(<Reference URI? >
Signature is the root element, and its
ID attribute is an optional one used to identify the signature. The mandatory
SignedInfo element represents the data that is signed. Then the
CanonicalizationMethod element provides the canonicalization algorithm that has been applied to the signed data. The
Reference element provides a reference to the data object being signed. This element contains the
DigestValue child elements, which describe how the signed data object has been compiled. The
KeyInfo element enables you to obtain the key to validate the signature. Note that, although this element is qualified when used in encryption, it does not need to be qualified when used with digital signatures because it is part of the digital signature namespace.
The following is an example of a signature:
Signature element declares the XML Signature namespace. The
Reference element identifies the W3C XHTML specification as the object that’s being signed in this case. The
DigestMethod element’s Algorithm attribute indicates that the SHA-1 algorithm was used to generate a hash, or message digest of this, the value of which is indicated in
DigestValue. Everything within the
SignedInfo element is canonicalized according to the Canonical XML specification indicated by the
CanonicalizationMethod element. Then the DSA algorithm specified by the Algorithm attribute in
SignatureMethod is used to produce the
SignatureValue, which is the digest of everything in the
KeyInfo specifies what key should be used to validate this signature – in this case, DSA keys. The
Y elements are used only with
DSAKeyValue and specify DSA public key values.
For this signature to be validated, the contents of
SignedInfo must be canonicalized, and then processed with the algorithm specified in
SignatureMethod using the public key supplied by
KeyInfo. If the value this produces matches the one in
SignatureValue, the signature is valid. For the signed data to be validated, its unsigned version is retrieved using the
Reference URI, processed according to
DigestMethod, and compared to the value in
As a summary on Encrypting and authenticating of XML data, XML Encryption enables you to encrypt an entire document, a specific element, or the content of a specific element. It also facilitates the transmission of data between more than two parties and ensures end-to-end security rather than party-to-party security. XML Signature provides authentication when using web services. It enables users to receive data that is signed by the sender and to verify the integrity of the data.
XML Encryption encrypts data using the following elements –
EncryptionMethod. These elements are in the
http://www.w3.org/2001/04/xmlenc# namespace. XML encryption is key-based and can be asymmetric or symmetric.
The W3C XML Signature standard provides a specification for creating and using digital signatures in XML. You can sign just a portion of a document, in the same way that you can encrypt just part of it. XML Signature relies on XML Canonicalization to generate a canonical form of an XML document. This ensures that the data in a document can still be verified even if its structure changes.