Thursday, April 2, 2015

What is XML Signature? (16 of 285 tech notes for 2015)

XML Signature or Digital Signature:

  • Provides end 2 end message integrity - gurantee
  • authentication information about msg originator

To handle SSL shortcomings the XML Signature is used.

XML Signature:

  • “hash” the message - 
    • arbitrary stream of bytes and converts it to a single fixed-size value known as a digest.
    • A digest is a one-way process: it’s “computationally infeasible” to recreate a message from the hash
    • or to find two different messages which produce the same digest value.
    • common hash mechanism is SHA1, the Secure Hash Algorithm
    • (read more in the link below)

——————————–

  • To hash the message - we need a shared secret key which should be difficult to guess
    • use Kerberos
    • when 2 entities want to communicate
    • a central authority distributes “tickets” that contain a temporary session key 
  • Or use public-key cryptography
    • private key, known only to the holder
    • public key, accessible to anyone who wants to communicate with the key holder
    • anything encrypted with the private key can only be decrypted with the public key, and vice versa 
    • (read more about RSA in the link below)

——————————– 

  • I want to send message M
  • generate a digest, H(M)


  • signature  - encrypt the digest with my private key, {H(M)}private-key
  • you receive the message, M and the signature
  • you generate the digest, H’(M)


  • decrypt the signature using my public key getting the H(M)
  • If H(M)and H’(M) are the same, then we know that M is the same  



References:

MSDN - http://bit.ly/1Hnqek1