Title: How to Use XML Security Standards in Real World Aleksey Sanin <aleksey@aleksey.Com> O
1How to Use XML Security Standards in Real World
Aleksey Sanin ltaleksey_at_aleksey.Comgt OReilly
Open Source ConventionJuly 7 - 11, 2003
2Agenda
- W3C XML Security specifications
- XML Security Library
- Practical XML Security
3W3C XML Security Standards
- XML Canonicalization and Exclusive XML
Canonicalization (W3C recommendations)http//www.
w3.org/TR/xml-c14n/http//www.w3.org/TR/xml-exc-c
14n/ - XML Signature (W3C recommendation)http//www.w3.o
rg/TR/xmldsig-core/ - XML Encryption (W3C recommendation)http//www.w3.
org/TR/xmlenc-core/ - XML Key Management (W3C working
draft)http//www.w3.org/TR/xkms2/
4Why Do We Need New Specifications?
- SSL/TLS provides transport level security when
Web services need messages level security - Store message for later use
- Session keys in SSL/TLS
- Fine grained security for XML documents
5XML Canonicalization
- ltTest a"aa" b"bb"/gt
- ltTest b"bb" a"aa"gtlt/Testgt
- ltTest a"aa" b"bb"gtlt/Testgt
6XML Canonicalization (Continue)
- C14N is a serialization of XML document or XPath
node set to a binary string. - There are many C14N algorithms (W3C C14N,
Exclusive C14N). - Same input data (XML document or XPath node set)
and same C14N algorithm produce the same binary
string. - Use Exclusive C14N.
7XML Digital Signature Structure
- ltdsigSignature ID?gt
- ltdsigSignedInfogt
- ltdsigCanonicalizationMethod Algorithm /gt
- ltdsigSignatureMethod Algorithm /gt
- ltdsigReference URI? gt
- lt/dsigSignedInfogt
- ltdsigSignatureValuegt
- ltdsigKeyInfogt?
- (ltdsigObject ID?gt)
- lt/dsigSignaturegt
8XML Digital Signature Structure Reference element
- ltdsigReference URI? gt
- (ltdsigTransformsgt
- (ltdsigTransform Algorithm /gt)
- lt/dsigTransformsgt)?
- ltdsigDigestMethod Algorithm gt
- ltdsigDigestValuegt
- lt/dsigReferencegt
9XML Digital Signature Structure KeyInfo element
- ltdsigKeyInfogt
- ltdsigKeyNamegt?
- ltdsigKeyValuegt?
- ltdsigRetrievalMethodgt?
- ltdsigX509Datagt?
- ltdsigPGPDatagt?
- ltencEncryptedKeygt?
- ltencAgreementMethodgt?
- ltdsigKeyNamegt?
- ltdsigRetrievalMethodgt?
- ltgt?
- lt/dsigKeyInfogt
10XML Digital Signature Generation
- Calculate digests other signed data from
ltdsigReference/gt element. - Compose ltdsigSignedInfo/gt element.
- Calculate signature other ltdsigSignedInfo/gt
element and place result in ltdsigSignatureValue/gt
element.
11XML Digital Signature Enveloped Signature Example
- lt?xml version"1.0" encoding"UTF-8"?gt
- ltEnvelopegt
- ltSignedDatagtHello, World!lt/SignedDatagt
- ltSignature xmlns"http//www.w3.org/2000/09/xmld
sig"gt - ltSignedInfogt
- ltCanonicalizationMethod Algorithm"http//ww
w.w3.org/"/gt - ltSignatureMethod Algorithm"http//www.w3.or
g/2000/09/xmldsigrsa-sha1"/gt - ltReference URI""gt
- ltTransformsgt
- ltTransform Algorithm"http//www.w3.org/
2000/09/xmldsigenveloped-signature"/gt - lt/Transformsgt
- ltDigestMethod Algorithm"http//www.w3.org
/2000/09/xmldsigsha1"/gt - ltDigestValuegt9H/rQr...lt/DigestValuegt
- lt/Referencegt
- lt/SignedInfogt
- ltSignatureValuegtMx4psI...lt/SignatureValuegt
- ltKeyInfogtltKeyNamegtMy-RSA-Keylt/KeyNamegtlt/KeyInf
ogt - lt/Signaturegt
- lt/Envelopegt
12XML Digital Signature Enveloped Signature
Example (Continue)
- Digested data
- ltEnvelopegt
- ltSignedDatagtHello, World!lt/SignedDatagt
- lt/Envelopegt
- Signed data
- ltSignedInfogt
- ltCanonicalizationMethod Algorithm"http//ww
w.w3.org/"/gt - ltSignatureMethod Algorithm"http//www.w3.or
g/2000/09/xmldsigrsa-sha1"/gt - ltReference URI""gt
- ltTransformsgt
- ltTransform Algorithm"http//www.w3.org/
2000/09/xmldsigenveloped-signature"/gt - lt/Transformsgt
- ltDigestMethod Algorithm"http//www.w3.org
/2000/09/xmldsigsha1"/gt - ltDigestValuegt9H/rQr...lt/DigestValuegt
- lt/Referencegt
- lt/SignedInfogt
13XML Encryption Structure
- ltencEncryptedData Id? Type? MimeType?gt
- ltencEncryptionMethod Algorithm /gt?
- ltdsigKeyInfogt?
- ltencCipherDatagt
- ltencCipherValuegt?
- ltencCipherReference URI?gt?
- lt/encCipherDatagt
- ltencEncryptionPropertiesgt?
- lt/encEncryptedDatagt
14XML Encryption Example
- lt?xml version"1.0" encoding"UTF-8"?gt
- ltEncryptedData xmlns"http//www.w3.org/2001/04/xm
lenc" Type"http//www.w3.org/2001/04/xmlencElem
ent"gt - ltEncryptionMethod Algorithm"http//www.w3.org
/2001/04/xmlenctripledes-cbc"/gt - ltKeyInfo xmlns"http//www.w3.org/2000/09/xmld
sig"gt ltKeyNamegtMy-DES-Keylt/KeyNamegt - lt/KeyInfogt
- ltCipherDatagt
- ltCipherValuegtWXlDy...lt/CipherValuegt
- lt/CipherDatagt
- lt/EncryptedDatagt
15XML Security Toolkits
- XML Security Library (C/C)http//www.aleksey.co
m/xmlsec - Microsoft .NET (C)http//msdn.microsoft.com/netf
ramework/ - DataPower (Hardware)http//www.datapower.com/prod
ucts/xs40.html - Apache XML Security (Java)http//xml.apache.org/s
ecurity/index.html - Baltimore Technologies (Java)http//www.baltimore
.com/keytools/xml/ - IBM XML Security Suite (Java)http//www.alphawork
s.ibm.com/tech/xmlsecuritysuite - Phaos Technology Corporation (Java)http//phaos.c
om/products/category/xml.html
16XML Security Library
- Open Source (MIT license)
- Based on LibXML2/LibXSLT and your favorite
cryptographic library - Strong standards support
- Very fast
- Can use practically any cryptographic library
(OpenSSL, GnuTLS, NSS, ) - Portable (Linux, OpenBSD, FreeBSD, Solaris,
Windows, Mac OS X, )
17XML Security Library Objects
- Transforms
- Keys
- Keys Manager
- Operation Contexts
- Signature
- Encryption
- Transforms
- Key selection
- Templates
18XML Security Library Templates
- lt?xml version"1.0" encoding"UTF-8"?gt
- ltEnvelopegt
- ltSignedDatagtHello, World!lt/SignedDatagt
- ltSignature xmlns"http//www.w3.org/2000/09/xmld
sig"gt - ltSignedInfogt
- ltCanonicalizationMethod Algorithm"http//ww
w.w3.org/"/gt - ltSignatureMethod Algorithm"http//www.w3.or
g/2000/09/xmldsigrsa-sha1"/gt - ltReference URI""gt
- ltTransformsgt
- ltTransform Algorithm"http//www.w3.org/
2000/09/xmldsigenveloped-signature"/gt
lt/Transformsgt - ltDigestMethod Algorithm"http//www.w3.org
/2000/09/xmldsigsha1"/gt - ltDigestValuegtlt/DigestValuegt
- lt/Referencegt
- lt/SignedInfogt
- ltSignatureValuegtlt/SignatureValuegt
- ltKeyInfogt
- ltKeyNamegtlt/KeyNamegt
- lt/KeyInfogt
- lt/Signaturegt
19XML Security Library Signing or Encrypting XML
Document
- Prepare keys manager (the same keys manager can
be shared by multiple operations) - Create or load "template" and select the start
node (ltdsigSignature/gt or ltencEncryptedData/gt) - Create signature (xmlSecDSigCtx) or encryption
(xmlSecEncCtx) context object - Specify signature or encryption key in the
template (by name, for example) or in the context
object - Sign or encrypt data and consume the result
- Destroy context object
20XML Security Library Signature Example
- int sign_template(xmlDocPtr tmpl, xmlNodePtr
startNode, - xmlSecKeyPtr key)
- xmlSecDSigCtxPtr dsigCtx
- / create signature context w/o keys manager /
- dsigCtx xmlSecDSigCtxCreate(NULL)
- if(dsigCtx NULL)
- fprintf(stderr,"Error failed to create
context.\n") - return(-1)
-
- / set signature key in the context /
- dsigCtx-gtsignKey xmlSecKeyDuplicate(key)
- if(dsigCtx-gtsignKey NULL)
- fprintf(stderr,"Error failed to duplicate
key.\n") - xmlSecDSigCtxDestroy(dsigCtx)
- return(-1)
-
21XML Security Library Signature Example (Continue)
- / sign the template /
- if(xmlSecDSigCtxSign(dsigCtx, startNode) lt 0)
- fprintf(stderr,"Error signature failed.\n")
xmlSecDSigCtxDestroy(dsigCtx) - return(-1)
-
-
- / destroy context object /
- xmlSecDSigCtxDestroy(dsigCtx)
- return(0)
22XML Security Library Verifying Signature
- Prepare keys manager (the same keys manager can
be shared by multiple operations) - Load signed document and select the start node
(ltdsigSignature/gt or ltencEncryptedData/gt) - Create signature (xmlSecDSigCtx) or encryption
(xmlSecEncCtx) context object - Verify signature or decrypt the data, consume the
result - Destroy context object
23XML Security Library Signature Verification
Example
- int verify_document(xmlDocPtr doc, xmlNodePtr
startNode, - xmlSecKeysMngrPtr keysMngr)
- xmlSecDSigCtxPtr dsigCtx
- int res
-
- / create signature context /
- dsigCtx xmlSecDSigCtxCreate(keysMngr)
- if(dsigCtx NULL)
- fprintf(stderr,"Error failed to create
context.\n") - return(-1)
-
- / Verify signature /
- if(xmlSecDSigCtxVerify(dsigCtx, startNode) lt 0)
- fprintf(stderr,"Error verification
failed.\n") - xmlSecDSigCtxDestroy(dsigCtx)
- return(-1)
-
24XML Security Library Signature Verification
Example (Continue)
- / check verification result /
- if(dsigCtx-gtstatus xmlSecDSigStatusSucceeded)
- / signature is valid /
- res 1
- else
- / signature is invalid /
- res 0
-
-
- / destroy signature context /
- xmlSecDSigCtxDestroy(dsigCtx)
- return(res)
25Practical XML Security
- Check what was actually signed
- Use pre-digested data
- Analyze used transforms
- Limit allowed digest, signature, encryption and
transform algorithms - Limit allowed key sources
- Check that data or key source matches expectation
26(No Transcript)