XML Signature (also called ''XMLDSig'', ''XML-DSig'', ''XML-Sig'') defines an
XML
Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable ...
syntax for
digital signatures
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very high confidence that the message was created b ...
and is defined in the
W3C recommendation
The World Wide Web Consortium (W3C) is the main international standards organization for the World Wide Web. Founded in 1994 and led by Tim Berners-Lee, the consortium is made up of member organizations that maintain full-time staff working t ...
br>XML Signature Syntax and Processing Functionally, it has much in common with PKCS #7 but is more extensible and geared towards signing XML documents. It is used by various Web technologies such as
SOAP
Soap is a salt of a fatty acid used in a variety of cleansing and lubricating products. In a domestic setting, soaps are surfactants usually used for washing, bathing, and other types of housekeeping. In industrial settings, soaps are use ...
,
SAML
Security Assertion Markup Language (SAML, pronounced ''SAM-el'', ) is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based ...
, and others.
XML signatures can be used to sign data–a resource–of any type, typically XML documents, but anything that is accessible via a URL can be signed. An XML signature used to sign a resource outside its containing XML document is called a detached signature; if it is used to sign some part of its containing document, it is called an enveloped signature; if it contains the signed data within itself it is called an enveloping signature.
Structure
An XML Signature consists of a Signature element in the http://www.w3.org/2000/09/xmldsig# namespace. The basic structure is as follows:
etc.
* The SignedInfo element contains or references the signed data and specifies what algorithms are used.
** The SignatureMethod and CanonicalizationMethod elements are used by the SignatureValue element and are included in SignedInfo to protect them from tampering.
** One or more Reference elements specify the resource being signed by URI reference and any transformations to be applied to the resource prior to signing.
*** Transforms contains the transformations applied to the resource prior to signing. A transformation can be a XPath-expression that selects a defined subset of the document tree.
*** DigestMethod specifies the hash algorithm before applying the hash.
*** DigestValue contains the
Base64
In computer programming, Base64 is a group of binary-to-text encoding schemes that represent binary data (more specifically, a sequence of 8-bit bytes) in sequences of 24 bits that can be represented by four 6-bit Base64 digits.
Common to all bina ...
encoded result of applying the hash algorithm to the transformed resource(s) defined in the Reference element attributes.
* The SignatureValue element contains the
Base64
In computer programming, Base64 is a group of binary-to-text encoding schemes that represent binary data (more specifically, a sequence of 8-bit bytes) in sequences of 24 bits that can be represented by four 6-bit Base64 digits.
Common to all bina ...
encoded signature result - the signature generated with the parameters specified in the SignatureMethod element - of the SignedInfo element after applying the algorithm specified by the CanonicalizationMethod.
* KeyInfo element optionally allows the signer to provide recipients with the key that validates the signature, usually in the form of one or more
X.509
In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secu ...
digital certificates. The relying party must identify the key from context if KeyInfo is not present.
* The Object element (optional) contains the signed data if this is an ''enveloping signature''.
Validation and security considerations
When validating an XML Signature, a procedure called Core Validation is followed.
# Reference Validation: Each Reference's digest is verified by retrieving the corresponding resource and applying any transforms and then the specified digest method to it. The result is compared to the recorded DigestValue; if they do not match, validation fails.
# Signature Validation: The SignedInfo element is serialized using the canonicalization method specified in CanonicalizationMethod, the key data is retrieved using KeyInfo or by other means, and the signature is verified using the method specified in SignatureMethod.
This procedure establishes whether the resources were really signed by the alleged party. However, because of the extensibility of the canonicalization and transform methods, the verifying party must also make sure that what was actually signed or digested is really what was present in the original data, in other words, that the algorithms used there can be trusted not to change the meaning of the signed data.
Because the signed document's structure can be tampered with leading to "signature wrapping" attacks, the validation process should also cover XML document structure. Signed element and signature element should be selected using absolute
XPath
XPath (XML Path Language) is an expression language designed to support the query or transformation of XML documents. It was defined by the World Wide Web Consortium (W3C) and can be used to compute values (e.g., strings, numbers, or Boolean v ...
expression, not getElementByName methods.
XML canonicalization
The creation of XML Signatures is substantially more complex than the creation of an ordinary digital signature because a given XML Document (an "
Infoset
XML Information Set (XML Infoset) is a W3C specification describing an abstract data model of an XML document in terms of a set of ''information items''. The definitions in the XML Information Set specification are meant to be used in ''other'' sp ...
", in common usage among XML developers) may have more than one legal serialized representation. For example, whitespace inside an XML Element is not syntactically significant, so that <Elem > is syntactically identical to <Elem>.
Since the digital signature ensures data integrity, a single-byte difference would cause the signature to vary. Moreover, if an XML document is transferred from computer to computer, the line terminator may be changed from CR to LF to CR LF, etc. A program that digests and validates an XML document may later render the XML document in a different way, e.g. adding excess space between attribute definitions with an element definition, or using relative (vs. absolute) URLs, or by reordering namespace definitions. Canonical XML is especially important when an XML Signature refers to a remote document, which may be rendered in time-varying ways by an errant remote server.
To avoid these problems and guarantee that logically-identical XML documents give identical digital signatures, an XML
canonicalization
In computer science, canonicalization (sometimes standardization or normalization) is a process for converting data that has more than one possible representation into a "standard", "normal", or canonical form. This can be done to compare diff ...
transform (frequently abbreviated C14n) is employed when signing XML documents (for signing the SignedInfo, a canonicalization is mandatory). These algorithms guarantee that semantically-identical documents produce exactly identical serialized representations.
Another complication arises because of the way that the default canonicalization algorithm handles namespace declarations; frequently a signed XML document needs to be embedded in another document; in this case the original canonicalization algorithm will not yield the same result as if the document is treated alone. For this reason, the so-called ''Exclusive Canonicalization'', which serializes
XML namespace
XML namespaces are used for providing uniquely named elements and attributes in an XML document. They are defined in a W3C recommendation. An XML instance may contain element or attribute names from more than one XML vocabulary. If each vocabular ...
declarations independently of the surrounding XML, was created.
Benefits
XML Signature is more flexible than other forms of digital signatures such as
Pretty Good Privacy
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partition ...
and
Cryptographic Message Syntax The Cryptographic Message Syntax (CMS) is the IETF's standard for cryptographically protected messages. It can be used by cryptographic schemes and protocols to digitally sign, digest, authenticate or encrypt any form of digital data.
CMS is base ...
, because it does not operate on
binary data
Binary data is data whose unit can take on only two possible states. These are often labelled as 0 and 1 in accordance with the binary numeral system and Boolean algebra.
Binary data occurs in many different technical and scientific fields, wher ...
, but on the
XML Infoset
XML Information Set (XML Infoset) is a W3C specification describing an abstract data model of an XML document in terms of a set of ''information items''. The definitions in the XML Information Set specification are meant to be used in ''other'' sp ...
, allowing to work on subsets of the data (this is also possible with binary data in non-standard ways, for example encoding blocks of binary data in base64 ASCII), having various ways to bind the signature and signed information, and perform transformations. Another core concept is canonicalization, that is to sign only the "essence", eliminating meaningless differences like whitespace and line endings.
Issues
There are criticisms directed at the architecture of XML security in general, and at the suitability of XML canonicalization in particular as a front end to signing and encrypting XML data due to its complexity, inherent processing requirement, and poor performance characteristics. The argument is that performing XML canonicalization causes excessive latency that is simply too much to overcome for transactional, performance sensitive SOA applications.
These issues are being addressed in th XML Security Working Group
Without proper policy and implementation the use of XML Dsig in SOAP and WS-Security can lead to vulnerabilities, such as XML signature wrapping.
Applications
An example of applications of XML Signatures:
* Digital signing of
XBRL
XBRL (eXtensible Business Reporting Language) is a freely available and global framework for exchanging business information. XBRL allows the expression of semantic meaning commonly required in business reporting. The language is XML-based an ...
annual report
An annual report is a comprehensive report on a company's activities throughout the preceding year. Annual reports are intended to give shareholders and other interested people information about the company's activities and financial performance. ...
s by
auditor
An auditor is a person or a firm appointed by a company to execute an audit.Practical Auditing, Kul Narsingh Shrestha, 2012, Nabin Prakashan, Nepal To act as an auditor, a person should be certified by the regulatory authority of accounting and au ...
s in the
Netherlands
)
, anthem = ( en, "William of Nassau")
, image_map =
, map_caption =
, subdivision_type = Sovereign state
, subdivision_name = Kingdom of the Netherlands
, established_title = Before independence
, established_date = Spanish Netherl ...
. A
PKIoverheid
PKIoverheid is the public key infrastructure (PKI) from the Dutch government
The politics of the Netherlands take place within the framework of a parliamentary representative democracy, a constitutional monarchy, and a decentralised unita ...
X.509 certificate, approved by the , is required. The electronic signature is legally binding. The SBR Assurance standardhttps://www.sbr-nl.nl/english/what-is-sbr/assurance/ SBR Assurance, Dutch government, 2018 is part of the Dutch Standard Business Reporting program.
See also
*
Canonical XML Canonical XML is a normal form of XML, intended to allow relatively simple comparison of pairs of XML documents for equivalence; for this purpose, the Canonical XML transformation removes non-meaningful differences between the documents. Any XML do ...
*
XML Encryption XML Encryption, also known as XML-Enc, is a specification, governed by a W3C recommendation, that defines how to encrypt the contents of an XML element.
Although XML Encryption can be used to encrypt any kind of data, it is nonetheless known as "X ...
*
XAdES XAdES (short for XML Advanced Electronic Signatures) is a set of extensions to XML-DSig recommendation making it suitable for advanced electronic signatures. W3C and ETSI maintain and update XAdES together.
Description
While XML-DSig is a gene ...
, extensions to XML-DSig for use with advanced electronic signature
*
Cryptographic Message Syntax The Cryptographic Message Syntax (CMS) is the IETF's standard for cryptographically protected messages. It can be used by cryptographic schemes and protocols to digitally sign, digest, authenticate or encrypt any form of digital data.
CMS is base ...