How to Use XML Security Standards in Real World Aleksey Sanin O’Reilly Open Source Convention July 7 - 11, 2003

How to Use XML Security Standards in Real World

Aleksey Sanin <[email protected]>

O’Reilly Open Source Convention

July 7 - 11, 2003

Wednesday, July 09 20034:30pm -

5:15pm

Aleksey Sanin - How to use XML Security standards in real world

Agenda

• W3C XML Security specifications

• XML Security Library

• Practical XML Security


5:15pm


W3C XML Security Standards

• XML Canonicalization and Exclusive XML Canonicalization (W3C recommendations)http://www.w3.org/TR/xml-c14n/http://www.w3.org/TR/xml-exc-c14n/

• XML Signature (W3C recommendation)http://www.w3.org/TR/xmldsig-core/

• XML Encryption (W3C recommendation)http://www.w3.org/TR/xmlenc-core/

• XML Key Management (W3C working draft)http://www.w3.org/TR/xkms2/


5:15pm


Why Do We Need New Specifications?

• SSL/TLS provides transport level security when Web services need messages level security– Store message for later use– Session keys in SSL/TLS

• Fine grained security for XML documents


5:15pm


XML Canonicalization

• <Test a="aa" b="bb"/>

• <Test b="bb" a="aa"></Test>

• <Test a="aa" b="bb"></Test>


5:15pm


XML Canonicalization (Continue)

• C14N is a serialization of XML document or XPath node set to a binary string.

• There are many C14N algorithms (W3C: C14N, Exclusive C14N).

• Same input data (XML document or XPath node set) and same C14N algorithm produce the same binary string.

• Use Exclusive C14N.


5:15pm


XML Digital Signature Structure

<dsig:Signature ID?>

<dsig:SignedInfo>

<dsig:CanonicalizationMethod Algorithm />

<dsig:SignatureMethod Algorithm />

<dsig:Reference URI? >+

</dsig:SignedInfo>

<dsig:SignatureValue>

<dsig:KeyInfo>?

(<dsig:Object ID?>)*

</dsig:Signature>


5:15pm


XML Digital Signature Structure: Reference element

<dsig:Reference URI? >

(<dsig:Transforms>

(<dsig:Transform Algorithm />)+

</dsig:Transforms>)?

<dsig:DigestMethod Algorithm >

<dsig:DigestValue>

</dsig:Reference>


5:15pm


XML Digital Signature Structure: KeyInfo element<dsig:KeyInfo>

<dsig:KeyName>?

<dsig:KeyValue>?

<dsig:RetrievalMethod>?

<dsig:X509Data>?

<dsig:PGPData>?

<enc:EncryptedKey>?

<enc:AgreementMethod>?

<dsig:KeyName>?

<dsig:RetrievalMethod>?

<*>?

</dsig:KeyInfo>


5:15pm


XML Digital Signature Generation

• Calculate digests other signed data from <dsig:Reference/> element.

• Compose <dsig:SignedInfo/> element.

• Calculate signature other <dsig:SignedInfo/> element and place result in <dsig:SignatureValue/> element.


5:15pm


XML Digital Signature: Enveloped Signature Example<?xml version="1.0" encoding="UTF-8"?>

<Envelope>

<SignedData>Hello, World!</SignedData>

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">

<SignedInfo>

<CanonicalizationMethod Algorithm="http://www.w3.org/…"/>

<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

<Reference URI="">

<Transforms>

<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

</Transforms>

<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<DigestValue>9H/rQr...</DigestValue>

</Reference>

</SignedInfo>

<SignatureValue>Mx4psI...</SignatureValue>

<KeyInfo><KeyName>My-RSA-Key</KeyName></KeyInfo>

</Signature>

</Envelope>


5:15pm


XML Digital Signature: Enveloped Signature Example (Continue)Digested data:<Envelope> <SignedData>Hello, World!</SignedData></Envelope>

Signed data:<SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/…"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>9H/rQr...</DigestValue> </Reference> </SignedInfo>


5:15pm


XML Encryption Structure

<enc:EncryptedData Id? Type? MimeType?>

<enc:EncryptionMethod Algorithm />?

<dsig:KeyInfo>?

<enc:CipherData>

<enc:CipherValue>?

<enc:CipherReference URI?>?

</enc:CipherData>

<enc:EncryptionProperties>?

</enc:EncryptedData>


5:15pm


XML Encryption: Example

<?xml version="1.0" encoding="UTF-8"?>

<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">

<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>

<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><KeyName>My-DES-Key</KeyName>

</KeyInfo>

<CipherData>

<CipherValue>WXlDy...</CipherValue>

</CipherData>

</EncryptedData>


5:15pm


XML Security Toolkits

• XML Security Library (C/C++)http://www.aleksey.com/xmlsec

• Microsoft .NET (C#)http://msdn.microsoft.com/netframework/

• DataPower (Hardware)http://www.datapower.com/products/xs40.html

• Apache XML Security (Java)http://xml.apache.org/security/index.html

• Baltimore Technologies (Java)http://www.baltimore.com/keytools/xml/

• IBM XML Security Suite (Java)http://www.alphaworks.ibm.com/tech/xmlsecuritysuite

• Phaos Technology Corporation (Java)http://phaos.com/products/category/xml.html


5:15pm


XML Security Library

• Open Source (MIT license)

• Based on LibXML2/LibXSLT and your favorite cryptographic library

• Strong standards support• Very fast• Can use practically any cryptographic

library (OpenSSL, GnuTLS, NSS, …)• Portable (Linux, OpenBSD, FreeBSD,

Solaris, Windows, Mac OS X, …)


5:15pm


XML Security Library: Objects

• Transforms

• Keys• Keys Manager• Operation Contexts

– Signature– Encryption– Transforms– Key selection

• Templates


5:15pm


XML Security Library: Templates<?xml version="1.0" encoding="UTF-8"?><Envelope> <SignedData>Hello, World!</SignedData> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/…"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>

</Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue></DigestValue> </Reference> </SignedInfo> <SignatureValue></SignatureValue> <KeyInfo>

<KeyName></KeyName> </KeyInfo> </Signature></Envelope>


5:15pm


XML Security Library: Signing or Encrypting XML Document• Prepare keys manager (the same keys manager can be

shared by multiple operations)

• Create or load "template" and select the start node (<dsig:Signature/> or <enc:EncryptedData/>)

• Create signature (xmlSecDSigCtx) or encryption (xmlSecEncCtx) context object

• Specify signature or encryption key in the template (by name, for example) or in the context object

• Sign or encrypt data and consume the result• Destroy context object


5:15pm


XML Security Library: Signature Exampleint sign_template(xmlDocPtr tmpl, xmlNodePtr startNode,

xmlSecKeyPtr key) {

xmlSecDSigCtxPtr dsigCtx;

/* create signature context w/o keys manager */

dsigCtx = xmlSecDSigCtxCreate(NULL);

if(dsigCtx == NULL) {

fprintf(stderr,"Error: failed to create context.\n");

return(-1);

}

/* set signature key in the context */

dsigCtx->signKey = xmlSecKeyDuplicate(key);

if(dsigCtx->signKey == NULL) {

fprintf(stderr,"Error: failed to duplicate key.\n");

xmlSecDSigCtxDestroy(dsigCtx);

return(-1);

}


5:15pm


XML Security Library: Signature Example (Continue)

/* sign the template */

if(xmlSecDSigCtxSign(dsigCtx, startNode) < 0) {

fprintf(stderr,"Error: signature failed.\n"); xmlSecDSigCtxDestroy(dsigCtx);

return(-1);

}

/* destroy context object */


return(0);

}


5:15pm


XML Security Library: Verifying Signature

• Prepare keys manager (the same keys manager can be shared by multiple operations)

• Load signed document and select the start node (<dsig:Signature/> or <enc:EncryptedData/>)

• Create signature (xmlSecDSigCtx) or encryption (xmlSecEncCtx) context object

• Verify signature or decrypt the data, consume the result

• Destroy context object


5:15pm


XML Security Library: Signature Verification Exampleint verify_document(xmlDocPtr doc, xmlNodePtr startNode,

xmlSecKeysMngrPtr keysMngr) {

xmlSecDSigCtxPtr dsigCtx;

int res;

/* create signature context */

dsigCtx = xmlSecDSigCtxCreate(keysMngr);

if(dsigCtx == NULL) {

fprintf(stderr,"Error: failed to create context.\n");

return(-1);

}

/* Verify signature */

if(xmlSecDSigCtxVerify(dsigCtx, startNode) < 0) {

fprintf(stderr,"Error: verification failed.\n");


return(-1);

}


5:15pm


XML Security Library: Signature Verification Example (Continue)

/* check verification result */

if(dsigCtx->status == xmlSecDSigStatusSucceeded) {

/* signature is valid */

res = 1;

} else {

/* signature is invalid */

res = 0;

}

/* destroy signature context */


return(res);

}


5:15pm


Practical XML Security

• Check what was actually signed– Use pre-digested data– Analyze used transforms

• Limit allowed digest, signature, encryption and transform algorithms

• Limit allowed key sources• Check that data or key source matches

expectation


5:15pm


Documents

How to Use XML Security Standards in Real World Aleksey Sanin O’Reilly Open Source Convention July 7 - 11, 2003