XML Signature or Digital Signature:
- Provides end 2 end message integrity - gurantee
- authentication information about msg originator
To handle SSL shortcomings the XML Signature is used.
XML Signature:
- “hash” the message -
- arbitrary stream of bytes and converts it to a single fixed-size value known as a digest.
- A digest is a one-way process: it’s “computationally infeasible” to recreate a message from the hash
- or to find two different messages which produce the same digest value.
- common hash mechanism is SHA1, the Secure Hash Algorithm
- (read more in the link below)
——————————–
- To hash the message - we need a shared secret key which should be difficult to guess
- use Kerberos
- when 2 entities want to communicate
- a central authority distributes “tickets” that contain a temporary session key
- Or use public-key cryptography
- private key, known only to the holder
- public key, accessible to anyone who wants to communicate with the key holder
- anything encrypted with the private key can only be decrypted with the public key, and vice versa
- (read more about RSA in the link below)
——————————–
- I want to send message M
- generate a digest, H(M)
- signature - encrypt the digest with my private key, {H(M)}private-key
- you receive the message, M and the signature
- you generate the digest, H’(M)
- decrypt the signature using my public key getting the H(M)
- If H(M)and H’(M) are the same, then we know that M is the same
References:
MSDN - http://bit.ly/1Hnqek1
1 comment:
Nice.
AWS Training in Hyderabad
Best AWS Training in Hyderabad
Post a Comment