Digital Signature with Hashing and XML Signature Patterns
Data security has become one of the most important concerns among us, especially for organizations that have valuable information. An important security risk is that information can be modified during its transmission by somebody trying to make us believe something to his convenience. How do we prove that a message came from a specific user? Digital signatures use public-key cryptography to provide message authentication by proving that a message was sent indeed from a specific sender. The sender encrypts the message using his private key to sign it. In this case, the signature has at least the same length as the message. This works but it wastes bandwidth and time. Thus, we need to reduce the length to the message before signing it. This can be done producing a digest through hashing. When the receiver gets the signed message, he verifies the signature by decrypting it using the sender’s public key, thus provingthat the message was encrypted by the sender. Also, digital signatures can provide message integrity by verifying whether a message was modified during its transmission. Digital signature scan also protect the integrity and verify the origin of a digital document, e.g. a certificate, or of programs. Digital signatures provide also non-repudiation, the sender cannot deny having sent the message he signed. In several countries, including the U.S., digital signatures have legal validity.
An emerging use of web services that exchanges XML messages also can be target of attacks. Some security standards have been developed to apply mechanisms that reduce security risks, one of these is, XML Signature. This standard is a joint effort between the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (ITEF). XML Signature define show to digitally sign an entire XML message, part of an XML message, or an external object. XML Signature also includes hashing, but the pattern name follows the name of the standard. Because XML documents can have the same contents but in different layouts, we need to convert the documents into a canonical form before we apply digital signatures. Note that XML Signature solves the same problem as the Digital Signature with Hashing pattern but in a more specialized context. We present here two patterns: XML Signature and Digital Signature with Hashing patterns. The XML Signature pattern, a specialization of the Digital Signature with Hashing, is used to secure XML messages. We assume the reader is a designer intending to use message authentication in her design or a user intending to sign documents; we also assume both types of users have abasic knowledge of cryptography and UML. We provide a solution with sufficient detail so as it can be used as a guideline for design of signature systems and for users of signed documents.
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.