|
|
Table of Contents | [top] |
|
|
Overview | [top] |
|
|
About XML Signature | [top] |
Enveloped Signature
There are three types (Detached, Enveloping and Enveloped Signature) of XML signatures.
We use the Enveloped Signature within SIG_rdf project.
- Detached Signature
The signature is over content external to the Signature element, and can be identified via a URI or transform. Consequently, the signature is "detached" from the content it signs. This definition typically applies to separate data objects, but it also includes the instance where the Signature and data object reside within the same XML document but are sibling elements.
- Enveloping Signature
The signature is over content found within an Object element of the signature itself. The Object (or its content) is identified via a Reference (via a URI fragment identifier or transform).
- Enveloped Signature
The signature is over the XML content that contains the signature as an element. The content provides the root XML document element. Obviously, enveloped signatures must take care not to include their own value in the calculation of the SignatureValue.
|
|
<Signature > | Root element of a XML Signature |
<SignedInfo> | The structure of SignedInfo includes the canonicalization algorithm, a signature algorithm , and one or more references. |
<CanonicalizationMethod> | Required element that specifies the canonicalization algorithm applied to the SignedInfo element prior to performing signature calculations. |
<SignatureMethod> | The algorithm used for signature generation and validation. |
<Reference> | Digest algorithm and digest value, and optionally an identifier of the object being signed, the type of the object, and/or a list of transforms to be applied prior to digesting. |
<Transforms> | Ordered list of Transform elements; these describe how the signer obtained the data object that was digested. The output of each Transform serves as input to the next Transform. |
<DigestMethod> | The digest algorithm to be applied to the signed object. |
<DigestValue> | The encoded value of the digest. |
<SignatureValue> | The actual value of the digital signature; it is always encoded using base64. |
<KeyInfo> | Information on public key used by verifying xml signature document. |
<X509Data> | Identifiers of keys or X509 certificates (or certificates' identifiers or a revocation list). |
<X509Certificate> | Base64-encoded X509v3 certificate. |
|
Timestamp Property
|
<Object Id="signatureProperties"> | Root element of a SignatureProperty |
<SignatureProperties > | Group of a SignatureProperty |
<SignatureProperty > | SignatureProperty |
<TimeStamp> | TimeStamp [2] |
|
[1] XML-Signature Syntax and Processing, http://www.w3.org/TR/xmldsig-core/
[2] W3C, Date and Time Formats, http://www.w3.org/TR/NOTE-datetime
|
|
|
SIG_rdf sign: XML Sign Tool for SIG_rdf | [top] |
WinSign Multi File version 1.0 for MS-Windows XP
|
WinSign Multi File version 2.0 for MS-Windows XP
- About WinSign
WinSign is a XML digital signature (Enveloped Signature form) tool which supports:
- XML digital signature by X509v3 certificate
- Batch processing intended for plural files
All files in unsigned XML (Download) folder are signed and outputed to signed XML (Upload) folder.
- CRL (Certificate Revocation List) Online Validation
- English and Japanese character sets
- Signature Specification
DigestMethod: SHA-1 [3],
SignatureMethod: RSA-SHA1 [4],
CanonicalizationMethod: C14N XML canonicalization transform without comments [5],
Transform: Enveloped Signature [6]
- Timestamp Property (V2.0)
- License
- Requirements
- Installation
- Install "Microsoft .NET Framework Version 2.0 Redistributable Package (x86)" [1].
- Copy all the distribution files to an arbitrary directory.
- Edit the INI file (xsig.ini) to reflect the configuration of installed directories.
JVNRSS_SIGN
[PATH] | | |
Bin=C:\winsign\bin\ | ... | Folder to store Application file |
Download=C:\winsign\download\ | ... | Folder to store Raw XML files |
Upload=C:\winsign\upload\ | ... | Folder to store Signed XML files |
Crl=C:\winsign\crl\ | ... | Folder to which the CRL file is downloaded |
[LANGUAGE] | | |
Language=J | ... | Language mode of WinSign E: English J: Japanese |
|
- Usage
- Store XML files in unsigned XML (Download) folder.
- Execute "winxsig.exe".
- Select a certificate from the list.
Note: Certificate Management function in Windows is used.
- Click the button "Sign".
Note: To execute CRL Online Validation,check the option "CRL Online Validation".
- XML signature files (added .sig extension) are outputed in signed XML (Upload) folder.
- Download
JVNRSS SIG_rdf sign [ jvnrss_sigrdf_sign_2.0.zip (rev20061224) ] [ README (rev20061224) ]
- WinSign Multi File version 2.0 for MS-Windows XP
- CmdSign Multi File version 2.0 for MS-Windows XP
MD5 = 14 D9 E5 C7 A8 41 BB 9F 86 DF D0 FE CB DA 3A FD
SHA1 = FC20 B3F4 A611 93C1 6A56 6407 2275 F86D DDE3 5AF0
RMD160 = 606D 10DA 4D0D 674D 88B8 84F4 8F22 4D0D 010F 1894
SHA256 = 2C560876 89DABDB2 D21ED2F6 56CF00A7
247F6312 36CF158D 4FA03C10 AE7567DA
SHA384 = AEBD1BC9 64E7EF7B BC646EBC 9B2D151E
E914AF53 7BA9F638 DB747D5A E265A1B0
666DE8F2 8847ED50 CDB15785 E6C19819
SHA512 = 16E904B1 93490591 3BA09D3F 15126DE8
E9EFFBB6 F3283197 6859CF21 2284C7CF
C444E5E2 947AE084 A4342903 84620BD6
5FCC9BE8 2BED597E A4E4B23E B65BA84B
- Note
WinSign is a tool developed by Microsoft Visual Studio 2005 Ver8.0 (C#) and Microsoft .NET Framework Ver2.0.
When manipulating the Signed XML Document, a part of Signed XML file character codes might be converted by specification of the XML Document Object Model (DOM)[2] .
|
Ready to Sign
| Completed Sign
|
|
|
|
[1] Microsoft .NET Framework Version 2.0 Redistributable Package (x86), http://www.microsoft.com/downloads/details.aspx? FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=en
[2] Entity References are Expanded and Not Preserved, http://msdn2.microsoft.com/en-us/library/bk9tc7f9.aspx
[3] http://www.w3.org/2000/09/xmldsig#sha1
[4] http://www.w3.org/2000/09/xmldsig#rsa-sha1
[5] http://www.w3.org/TR/2001/REC-xml-c14n-20010315
[6] http://www.w3.org/2000/09/xmldsig#enveloped-signature
|
|
|
SIG_rdf verify: XML Verify Tool for SIG_rdf | [top] |
WinVerify Single File version 1.0 for MS-Windows XP
- About WinVerify
WinVerify is a XML digital signature verification tool (Enveloped Signature form) which supports:
- Verification of XML digital signature by X509v3 certificate
- Check X509v3 certificate expiration date
- Verification of X509v3 public key certificate chain
- CRL (Certificate Revocation List) Online Validation
- English and Japanese character sets
- Signature Specification
DigestMethod: SHA-1 [2],
SignatureMethod: RSA-SHA1 [3],
CanonicalizationMethod: C14N XML canonicalization transform without comments [4],
Transform: Enveloped Signature [5]
- License
- Requirements
- Installation
- Install "Microsoft .NET Framework Version 2.0 Redistributable Package (x86)" [1].
- Copy all the distribution files to an arbitrary directory.
- Edit the INI file (xverif.ini) to reflect the configuration of installed directories.
JVNRSS_VERIFY
[PATH] | | |
Bin=C:\winverify\bin\ | ... | Folder to store Application file |
Crl=C:\winverify\crl\ | ... | Folder to which the CRL file is downloaded |
[LANGUAGE] | | |
Language=J | ... | Language mode of WinVerify E: English J: Japanese |
|
- Usage
- Execute "xverif.exe".
- Click the button "Browse". Select the file to be verified use the Common File Open Dialog.
- Click the button "Verify".
Note: To execute CRL Online Validation,check the option "CRL Online Validation".
- Download
JVNRSS SIG_rdf verify [ jvnrss_sigrdf_verify_1.0.zip (rev20061212) ] [ README (rev20061212) ]
- WinVerify Sigle File version 1.0 for MS-Windows XP
- WinVerify Multi File version 1.0 for MS-Windows XP
- CmdVerify Multi File version 1.0 for MS-Windows XP
MD5 = DC AE 79 EA C8 E7 9E F8 A5 B3 1F 58 4C 8A CC ED
SHA1 = C1C2 8D45 D759 91ED 8F0E A44F 8413 38A7 B13A 9560
RMD160 = D02C AED2 C33F B6BD A251 A089 664F 07FD 575D 2594
SHA256 = E51D9E78 33D21F95 23DD0802 9E8FF981
38C0DF53 8DFE1226 9F452216 50C57237
SHA384 = 267346E0 CD4EBBD5 343FE47E C8FC65E3
79E988DF B0237700 01ED77D5 F377F09B
B22CED8F 2B054B9C 584737AE 6E3C56F5
SHA512 = 39528A2C 51876037 94B69530 07F3A02A
47033EFE FC1EC07F F23C74F9 0FEA33A0
55F9B49E EA7F4987 5AF3E661 A50ABB58
A137201F 4DF7B88B AD736A24 A5096FC8
|
Completed Verification
|
|
|
[1] Microsoft .NET Framework Version 2.0 Redistributable Package (x86), http://www.microsoft.com/downloads/details.aspx? FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=en
[2] http://www.w3.org/2000/09/xmldsig#sha1
[3] http://www.w3.org/2000/09/xmldsig#rsa-sha1
[4] http://www.w3.org/TR/2001/REC-xml-c14n-20010315
[5] http://www.w3.org/2000/09/xmldsig#enveloped-signature
|
|
|
Revisions | [top] |
- Published (index.01.html).: 2006-06-29T10:22:18+00:00
- XML Verify Tool for SIG_rdf (Ver1.0 rev20060904) released.: 2006-09-22T05:05+00:00
- XML Sign Tool for SIG_rdf (Ver1.0 rev20060904) released.: 2006-09-23T00:10+00:00
- "parameter.xml with Enveloped Signature" added.: 2006-10-14T16:56+00:00
- "Overview, About XML Signature" updated.: 2006-12-03T00:31+00:00
- XML Verify Tool for SIG_rdf (Ver1.0 rev20061212) released.: 2006-12-12T03:17+00:00
- XML Sign Tool for SIG_rdf (Ver1.0 rev20061212) released.: 2006-12-12T03:17+00:00
- Updated (index.02.html).: 2007-01-01T10:12+00:00
- XML Sign Tool for SIG_rdf (Ver2.0 rev20061224) released.: 2007-01-01T10:12+00:00
|
|
|
|
|