[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (EBXMLMSG-122) Encrypting ds:Signature or at least ds:SignedInfo
[ https://issues.oasis-open.org/browse/EBXMLMSG-122?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=82303#comment-82303 ]
Pim van der Eijk commented on EBXMLMSG-122:
-------------------------------------------
Some information:
BSP support encryption of signature, but requires that the complete ds:Signature element is encrypted and not just part of it.
[http://docs.oasis-open.org/ws-brsp/BasicSecurityProfile/v1.1/cs01/BasicSecurityProfile-v1.1-cs01.html#_Toc396926222]
WS-SecurityPolicy has a Signature Protection property that supports this (a boolean value to control the encryption of the signature):
[https://docs.oasis-open.org/ws-sx/ws-securitypolicy/v1.3/ws-securitypolicy-1.3-spec-ed-01.html#_Toc189041024]Â;
Â
Â
> Encrypting ds:Signature or at least ds:SignedInfo
> -------------------------------------------------
>
> Key: EBXMLMSG-122
> URL: https://issues.oasis-open.org/browse/EBXMLMSG-122
> Project: OASIS ebXML Messaging Services TC
> Issue Type: Bug
> Components: AS4 Profile, Core Spec
> Reporter: Pim van der Eijk
> Priority: Major
>
> Hello,
> I'm working on an AS4 profile with advanced security. We're getting advice from a cryptography professor who has made some comments on combining signing and encryption.
> ebMS3 section 7.6 states:
> "When both signature and encryption are required of the MSH, the message MUST be signed prior to being encrypted."
> AS4 section 5.1.6 (a) states:
> "If an AS4 user message is to be encrypted, AS4 MSH implementations MUST encrypt ALL payload parts. However, AS4 MSH implementations SHALL NOT encrypt the eb:Messaging header. If confidentiality of data in the eb:Messaging header is required, implementations SHOULD use transport level security. "
> The question is: can any SOAP headers other than eb:Messaging be encrypted, or is the above statement in AS4 exhaustive: other than payload parts, nothing must be encrypted.
> The example in ebMS3 section 7.9 contains an unencrypted ds:Signature. But this could just be an underspecified aspect.Â
> With structures like the 7.9 example, this means that the ds:DigestValue of the signed parts are in clear text. The expert can think of the following attack: Imagine you encrypt an XML string consisting of a known structure with a 4 digit secret number. Since the signature is transmitted in plain and the hash values are visible, the attacker can just iterate over all 4 digit combinations, recompute the hashes, and finally find the secret number based on the hash value. This attack scales depending on how many bytes are secret.
> With tools like Apache CXF and signAndEnc, it is possible to encrypt also the ds:Signature/ds:SignedInfo at encryption phase and and it works OK for sending and receiving. The signature is encrypted.. and then decrypted before signature validation"
> Our questions:Â Â
> 1)Â is encryption of parts of the ds:Signature allowed with ebMS3 or AS4?
> 2) is itÂan underspecified aspect that can be legitimately considered a profiling issues?
> 3) do you expect any interoperability issues? Would a receiver of a message in which parts of ds:Signature are encrypted reject the message, or would it normally speaking just work?
> Â
> Â
--
This message was sent by Atlassian Jira
(v8.3.3#803004)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]