XML Signature

The World Wide Web Consortium standard dealing with the creation of digital signatures that cover XML documents, or portions thereof.

An XML Signature is encoded in XML as a "Signature" element in the "http://www.w3.org/2000/09/xmldsig#" namespace. XML Signatures are frequently used to sign nodes that are in the same document as the Signature but they may also describe XML-encoded data that resides elsewhere.

An XML Signature can be used to guarantee that no node covered by the Signature's Reference list has been altered, and that the Signature itself has not been altered, since it was created by the owner of the key that was used to create signature.

The core syntax of XML Signature specification deals with the three major parts of a signature:

the SignatureValue, which is the base64-encoded value of the signature. This value is the encrypted hash of the SignedInfo element (not of the References)
the SignedInfo, which describes which part of the XML document has been signed, and by what techniques; in typical usage, an XML canonicalization algorithm will be described here, along with a list of Reference elements that uniquely identify one or more nodes of a document. Each Reference contains a DigestValue which encodes the hashed value of its nodes; therefore, any change to any of the nodes will cause this DigestValue to change.
The KeyInfo, which is an optional element that enables the recipients to obtain the key needed to validate the signature. If a KeyInfo element is not present, the recipient is expected to identify the key from context.

The creation of XML Signatures is a bit more complex than the creation of an ordinary digital signature because a given XML Document (an "Infoset," in common usage among XML developers) may have more than one legal serialized representation. For example, whitespace inside an XML Element is not syntactically significant, so that <Elem > is syntactically identical to <Elem>.

Since the digital signature is created by using an asymmetric key algorithm (typical RSA) to encrypt the results of running the serialized XML document through a hash algorithm (typically SHA1), a single-byte difference would cause the digital signature to vary.

To avoid this problem and guarantee that logically-identical XML documents give identical digital signatures, an


View Live Article	This article is from Wikipedia. All text is available under the terms of the GNU Free Documentation License