[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (EBXMLMSG-122) Encrypting ds:Signature or at least ds:SignedInfo
[ https://issues.oasis-open.org/browse/EBXMLMSG-122?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=82303#comment-82303 ] Pim van der Eijk commented on EBXMLMSG-122: ------------------------------------------- Some information: BSP support encryption of signature, but requires that the complete ds:Signature element is encrypted and not just part of it. [http://docs.oasis-open.org/ws-brsp/BasicSecurityProfile/v1.1/cs01/BasicSecurityProfile-v1.1-cs01.html#_Toc396926222] WS-SecurityPolicy has a Signature Protection property that supports this (a boolean value to control the encryption of the signature): [https://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/ws-securitypolicy-1.3-spec-ed-01.html#_Toc189041024]Â;   > Encrypting ds:Signature or at least ds:SignedInfo > ------------------------------------------------- > > Key: EBXMLMSG-122 > URL: https://issues.oasis-open.org/browse/EBXMLMSG-122 > Project: OASIS ebXML Messaging Services TC > Issue Type: Bug > Components: AS4 Profile, Core Spec > Reporter: Pim van der Eijk > Priority: Major > > Hello, > I'm working on an AS4 profile with advanced security. We're getting advice from a cryptography professor who has made some comments on combining signing and encryption. > ebMS3 section 7.6 states: > "When both signature and encryption are required of the MSH, the message MUST be signed prior to being encrypted." > AS4 section 5.1.6 (a) states: > "If an AS4 user message is to be encrypted, AS4 MSH implementations MUST encrypt ALL payload parts. However, AS4 MSH implementations SHALL NOT encrypt the eb:Messaging header. If confidentiality of data in the eb:Messaging header is required, implementations SHOULD use transport level security. " > The question is: can any SOAP headers other than eb:Messaging be encrypted, or is the above statement in AS4 exhaustive: other than payload parts, nothing must be encrypted. > The example in ebMS3 section 7.9 contains an unencrypted ds:Signature. But this could just be an underspecified aspect. > With structures like the 7.9 example, this means that the ds:DigestValue of the signed parts are in clear text. The expert can think of the following attack: Imagine you encrypt an XML string consisting of a known structure with a 4 digit secret number. Since the signature is transmitted in plain and the hash values are visible, the attacker can just iterate over all 4 digit combinations, recompute the hashes, and finally find the secret number based on the hash value. This attack scales depending on how many bytes are secret. > With tools like Apache CXF and signAndEnc, it is possible to encrypt also the ds:Signature/ds:SignedInfo at encryption phase and and it works OK for sending and receiving. The signature is encrypted.. and then decrypted before signature validation" > Our questions:  > 1) is encryption of parts of the ds:Signature allowed with ebMS3 or AS4? > 2) is itÂan underspecified aspect that can be legitimately considered a profiling issues? > 3) do you expect any interoperability issues? Would a receiver of a message in which parts of ds:Signature are encrypted reject the message, or would it normally speaking just work? >  >  -- This message was sent by Atlassian Jira (v8.3.3#803004)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]