[ Japanese | English ]
JVNRSS
Home
  +main
JVNRSS Activity
  +CVE+
  +CVSS
  +RSS_dir
  +SIG_rdf
  +TRnotes
  +XSL_swf
Specification
  +JVNJS
  +JVNRSS
RSS Extension
  +mod_sec
Tool
  +toolbox
Related Site
IPA/ISEC
JPCERT/CC

in Japanese
JVN
Feasibility Study Site
   Table of Contents[top]

   Overview[top]
SIG_rdf
SIG_rdf (RDF with XML signature) is our project to promote the use of XML signature within the security information exchange. We have the X.509 certification as CN=JVNRSS Research Project and publish the security information with XML enveloped signature in JVNRSS Feasibility Study Site.
Example: SIG_rdf
TRnotes with Enveloped Signature
parameter.xml with Enveloped Signature
CVSS V1.0 Calculator (Ver1.0)
[ Chinese | English | Japanese | Korean | Spanish ]

   About XML Signature[top]
Enveloped Signature
There are three types (Detached, Enveloping and Enveloped Signature) of XML signatures. We use the Enveloped Signature within SIG_rdf project.
  • Detached Signature
    The signature is over content external to the Signature element, and can be identified via a URI or transform. Consequently, the signature is "detached" from the content it signs. This definition typically applies to separate data objects, but it also includes the instance where the Signature and data object reside within the same XML document but are sibling elements.
  • Enveloping Signature
    The signature is over content found within an Object element of the signature itself. The Object (or its content) is identified via a Reference (via a URI fragment identifier or transform).
  • Enveloped Signature
    The signature is over the XML content that contains the signature as an element. The content provides the root XML document element. Obviously, enveloped signatures must take care not to include their own value in the calculation of the SignatureValue.
XML Signature

Enveloped Signature

<Signature >Root element of an XML Signature
<SignedInfo>The structure of SignedInfo includes the canonicalization algorithm, a signature algorithm , and one or more references.
<CanonicalizationMethod>Required element that specifies the canonicalization algorithm applied to the SignedInfo element prior to performing signature calculations.
<SignatureMethod>The algorithm used for signature generation and validation.
<Reference>Digest algorithm and digest value, and optionally an identifier of the object being signed, the type of the object, and/or a list of transforms to be applied prior to digesting.
<Transforms>Ordered list of Transform elements; these describe how the signer obtained the data object that was digested. The output of each Transform serves as input to the next Transform.
<DigestMethod>The digest algorithm to be applied to the signed object.
<DigestValue>The encoded value of the digest.
<SignatureValue>The actual value of the digital signature; it is always encoded using base64.
<KeyInfo>Information on public key used by verifying xml signature document.
<X509Data>Identifiers of keys or X509 certificates (or certificates' identifiers or a revocation list).
<X509Certificate>Base64-encoded X509v3 certificate.
[1] XML-Signature Syntax and Processing, http://www.w3.org/TR/xmldsig-core/

   SIG_rdf sign: XML Sign Tool for SIG_rdf[top]
WinSign Multi File version 1.0 for MS-Windows XP
  1. About WinSign
    WinSign is a XML digital signature (Enveloped Signature form) tool which supports:
    • XML digital signature by X509v3 certificate
    • Batch processing intended for plural files
      All files in unsigned XML (Download) folder are signed and outputed to signed XML (Upload) folder.
    • CRL (Certificate Revocation List) Online Validation
    • English and Japanese character sets
    • Signature Specification
      DigestMethod: SHA-1 [3], SignatureMethod: RSA-SHA1 [4], CanonicalizationMethod: C14N XML canonicalization transform without comments [5], Transform: Enveloped Signature [6]

  2. License

  3. Requirements
    • Microsoft Windows XP

  4. Installation
    • Install "Microsoft .NET Framework Version 2.0 Redistributable Package (x86)" [1].
    • Copy all the distribution files to an arbitrary directory.
    • Edit the INI file (xsig.ini) to reflect the configuration of installed directories.
      JVNRSS_SIGN
      [PATH]
      Bin=C:\winsign\bin\...Folder to store Application file
      Download=C:\winsign\download\...Folder to store Raw XML files
      Upload=C:\winsign\upload\...Folder to store Signed XML files
      Crl=C:\winsign\crl\...Folder to which the CRL file is downloaded
      [LANGUAGE]
      Language=J...Language mode of WinSign
      E: English J: Japanese

  5. Usage
    • Store XML files in unsigned XML (Download) folder.
    • Execute "winxsig.exe".
    • Select a certificate from the list.
      Note: Certificate Management function in Windows is used.
    • Click the button "Sign".
      Note: To execute CRL Online Validation,check the option "CRL Online Validation".
    • XML signature files (added .sig extension) are outputed in signed XML (Upload) folder.

  6. Download
    JVNRSS SIG_rdf sign [ jvnrss_sigrdf_sign_1.0.zip (rev20061212) ] [ README (rev20061212) ]
    • WinSign Multi File version 1.0 for MS-Windows XP
    • CmdSign Multi File version 1.0 for MS-Windows XP 
        MD5 = 59 5B 80 43 74 A6 52 DE 4D 00 07 17 35 F4 1A 2B
   SHA1 = D886 1D00 72B2 6CD8 3941 185A 5C0D B780 F6E3 BB8F
 RMD160 = FCD2 D746 F4BF 3892 7311 C673 CC95 87C7 8C84 86E9
 SHA256 = 44EDA8E0 B5543197 7FFC169A CF5D7829
          A50F17CB C1F41C51 AE1DB785 1A6AD8CB
 SHA384 = 5C15019F CE03D3BD B04660B4 13B5E482
          DBA030B8 8970819D 89A63F04 48962B0F
          2CAABEA8 F0522A1B 53327094 E65A8960
 SHA512 = 3BA38E73 12166EBA 0124D299 D6923A58
          4918F171 B5576A4C 0B08CC1C F9342484
          2B1C8438 A0DD10C1 D816AD8F DC38395C
          1F0AA7B9 3096E5A3 71219525 512E465A
  7. Note
    WinSign is a tool developed by Microsoft Visual Studio 2005 Ver8.0 (C#) and Microsoft .NET Framework Ver2.0. When manipulating the Signed XML Document, a part of Signed XML file character codes might be converted by specification of the XML Document Object Model (DOM)[2] .
Ready to Sign Completed Sign
[1] Microsoft .NET Framework Version 2.0 Redistributable Package (x86), http://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=en
[2] Entity References are Expanded and Not Preserved, http://msdn2.microsoft.com/en-us/library/bk9tc7f9.aspx
[3] http://www.w3.org/2000/09/xmldsig#sha1
[4] http://www.w3.org/2000/09/xmldsig#rsa-sha1
[5] http://www.w3.org/TR/2001/REC-xml-c14n-20010315
[6] http://www.w3.org/2000/09/xmldsig#enveloped-signature

   SIG_rdf verify: XML Verify Tool for SIG_rdf[top]
WinVerify Single File version 1.0 for MS-Windows XP
  1. About WinVerify
    WinVerify is a XML digital signature verification tool (Enveloped Signature form) which supports:
    • Verification of XML digital signature by X509v3 certificate
    • Check X509v3 certificate expiration date
    • Verification of X509v3 public key certificate chain
    • CRL (Certificate Revocation List) Online Validation
    • English and Japanese character sets
    • Signature Specification
      DigestMethod: SHA-1 [2], SignatureMethod: RSA-SHA1 [3], CanonicalizationMethod: C14N XML canonicalization transform without comments [4], Transform: Enveloped Signature [5]

  2. License

  3. Requirements
    • Microsoft Windows XP

  4. Installation
    • Install "Microsoft .NET Framework Version 2.0 Redistributable Package (x86)" [1].
    • Copy all the distribution files to an arbitrary directory.
    • Edit the INI file (xverif.ini) to reflect the configuration of installed directories.
      JVNRSS_VERIFY
      [PATH]
      Bin=C:\winverify\bin\...Folder to store Application file
      Crl=C:\winverify\crl\...Folder to which the CRL file is downloaded
      [LANGUAGE]
      Language=J...Language mode of WinVerify
      E: English J: Japanese

  5. Usage
    • Execute "xverif.exe".
    • Click the button "Browse". Select the file to be verified use the Common File Open Dialog.
    • Click the button "Verify".
      Note: To execute CRL Online Validation,check the option "CRL Online Validation".

  6. Download
    JVNRSS SIG_rdf verify [ jvnrss_sigrdf_verify_1.0.zip (rev20061212) ] [ README (rev20061212) ]
    • WinVerify Sigle File version 1.0 for MS-Windows XP
    • WinVerify Multi File version 1.0 for MS-Windows XP
    • CmdVerify Multi File version 1.0 for MS-Windows XP 
        MD5 = DC AE 79 EA C8 E7 9E F8 A5 B3 1F 58 4C 8A CC ED
   SHA1 = C1C2 8D45 D759 91ED 8F0E A44F 8413 38A7 B13A 9560
 RMD160 = D02C AED2 C33F B6BD A251 A089 664F 07FD 575D 2594
 SHA256 = E51D9E78 33D21F95 23DD0802 9E8FF981
          38C0DF53 8DFE1226 9F452216 50C57237
 SHA384 = 267346E0 CD4EBBD5 343FE47E C8FC65E3
          79E988DF B0237700 01ED77D5 F377F09B
          B22CED8F 2B054B9C 584737AE 6E3C56F5
 SHA512 = 39528A2C 51876037 94B69530 07F3A02A
          47033EFE FC1EC07F F23C74F9 0FEA33A0
          55F9B49E EA7F4987 5AF3E661 A50ABB58
          A137201F 4DF7B88B AD736A24 A5096FC8
Completed Verification
[1] Microsoft .NET Framework Version 2.0 Redistributable Package (x86), http://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=en
[2] http://www.w3.org/2000/09/xmldsig#sha1
[3] http://www.w3.org/2000/09/xmldsig#rsa-sha1
[4] http://www.w3.org/TR/2001/REC-xml-c14n-20010315
[5] http://www.w3.org/2000/09/xmldsig#enveloped-signature

   Revisions[top]
  • Published (index.01.html).: 2006-06-29T10:22:18+00:00
  • XML Verify Tool for SIG_rdf (Ver1.0 rev20060904) released.: 2006-09-22T05:05+00:00
  • XML Sign Tool for SIG_rdf (Ver1.0 rev20060904) released.: 2006-09-23T00:10+00:00
  • "parameter.xml with Enveloped Signature" added.: 2006-10-14T16:56+00:00
  • "Overview, About XML Signature" updated.: 2006-12-03T00:31+00:00
  • XML Verify Tool for SIG_rdf (Ver1.0 rev20061212) released.: 2006-12-12T03:17+00:00
  • XML Sign Tool for SIG_rdf (Ver1.0 rev20061212) released.: 2006-12-12T03:17+00:00
  • Updated (index.02.html).: 2007-01-01T10:43+00:00
Last updated: 2007-01-01T10:43+00:00
Valid HTML 4.01! Valid CSS!