XML Signature (also called XMLDSig, XML-DSig, XML-Sig) defines an XML syntax for digital signatures and is defined in the W3C recommendation XML Signature Syntax and Processing. Functionally, it has much in common with PKCS #7 but is more extensible and geared towards signing XML documents. It is used by various Web technologies such as SOAP, SAML, and others.

XML signatures can be used to sign data–a resource–of any type, typically XML documents, but anything that is accessible via a URL can be signed. An XML signature used to sign a resource outside its containing XML document is called a detached signature; if it is used to sign some part of its containing document, it is called an enveloped signature; if it contains the signed data within itself it is called an enveloping signature.

Structure

An XML Signature consists of a <code>Signature</code> element in the <code><nowiki>http://www.w3.org/2000/09/xmldsig#</nowiki></code> namespace. The basic structure is as follows:

<syntaxhighlight lang="xml">

<Signature>

<SignedInfo>

<CanonicalizationMethod />

<SignatureMethod />

  • <code>DigestMethod</code> specifies the hash algorithm before applying the hash.
  • <code>DigestValue</code> contains the Base64 encoded result of applying the hash algorithm to the transformed resource(s) defined in the <code>Reference</code> element attributes.
  • The <code>SignatureValue</code> element contains the Base64 encoded signature result - the signature generated with the parameters specified in the <code>SignatureMethod</code> element - of the <code>SignedInfo</code> element after applying the algorithm specified by the <code>CanonicalizationMethod</code>.
  • <code>KeyInfo</code> element optionally allows the signer to provide recipients with the key that validates the signature, usually in the form of one or more X.509 digital certificates. The relying party must identify the key from context if <code>KeyInfo</code> is not present.
  • The <code>Object</code> element (optional) contains the signed data if this is an enveloping signature.

Validation and security considerations

When validating an XML Signature, a procedure called Core Validation is followed.

  1. Reference Validation: Each <code>Reference</code>'s digest is verified by retrieving the corresponding resource and applying any transforms and then the specified digest method to it. The result is compared to the recorded <code>DigestValue</code>; if they do not match, validation fails.
  2. Signature Validation: The <code>SignedInfo</code> element is serialized using the canonicalization method specified in <code>CanonicalizationMethod</code>, the key data is retrieved using <code>KeyInfo</code> or by other means, and the signature is verified using the method specified in <code>SignatureMethod</code>.

This procedure establishes whether the resources were really signed by the alleged party. However, because of the extensibility of the canonicalization and transform methods, the verifying party must also make sure that what was actually signed or digested is really what was present in the original data, in other words, that the algorithms used there can be trusted not to change the meaning of the signed data.

Because the signed document's structure can be tampered with leading to "signature wrapping" attacks, the validation process should also cover XML document structure. Signed element and signature element should be selected using absolute XPath expression, not <code>getElementByName</code> methods. and at the suitability of XML canonicalization in particular as a front end to signing and encrypting XML data due to its complexity, inherent processing requirement, and poor performance characteristics. The argument is that performing XML canonicalization causes excessive latency that is simply too much to overcome for transactional, performance sensitive SOA applications.

These issues are being addressed in the XML Security Working Group.

Without proper policy and implementation the use of XML Dsig in SOAP and WS-Security can lead to vulnerabilities, such as XML signature wrapping.

Applications

An example of applications of XML Signatures:

  • Digital signing of XBRL annual reports by auditors in the Netherlands. A PKIoverheid X.509 certificate, approved by the , is required. The electronic signature is legally binding. The SBR Assurance standard is part of the Dutch Standard Business Reporting program.

See also

  • Canonical XML
  • XML Encryption
  • XAdES, extensions to XML-DSig for use with advanced electronic signature
  • Cryptographic Message Syntax

References