OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Giving up on XML DSig => JSON

Since Google doesn't support XSD or XML DSig in Android I began looking at other alternatives.
There were none :-(   Therefore I created a 2000-line system that writes and reads JSON from Java.
In addition, I adopted a scaled-down version of XML DSig's enveloped-signatures.

The concept of enveloped signatures have been slammed by some people due to a belief that canonicalization issues will be hard.
FWIW, I just wrote the entire thing in just a week and I didn't find any problems all.

https://code.google.com/p/openkeystore/source/browse/#svn%2Flibrary%2Ftrunk%2Fsrc%2Forg%2Fwebpki%2Fjson

It seems that I will be able to replace 200,000 lines of Apache code with about 2,000 lines of custom code.

  {
    "MyLittleSignature":
      {
        "Version": "http://example.com/signature";,
        "Now": "2013-08-25T20:31:23+02:00",
        "HRT":
          {
            "RTl": "67",
            "YT":
              {
                "HTL": "656756#",
                "INTEGER": -689,
                "Fantastic": false
              },
            "er": "33"
          },
        "ARR": [],
        "BARR":
          [{
             "HTL": "656756#",
             "INTEGER": -689,
             "Fantastic": true
           },
           {
             "HTL": "656756#",
             "INTEGER": -689,
             "Fantastic": false
           }],
        "ID": "ihqQONXvN5_LnmdAG7YU",
        "STRINGS": ["One","Two","Three"],
        "Intra": 78,
        "EnvelopedSignature":
          {
            "SignatureInfo":
              {
                "Algorithm": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";,
                "Reference":
                  {
                    "Name": "ID",
                    "Value": "ihqQONXvN5_LnmdAG7YU"
                  },
                "KeyInfo":
                  {
                    "PublicKey":
                      {
                        "EC":
                          {
                            "NamedCurve": "http://xmlns.webpki.org/sks/algorithm#ec.p256";,
                            "X": "lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk",
                            "Y": "LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA"
                          }
                      }
                  }
              },
            "SignatureValue": "MEUCIEhZtArhp8O7d1n7SRWRQcs3qePGBCrnKY8x2O3o+nvPAiEA0On5hez2EHmEwJIm/UK7GxqZeWWcaFzK9OVAhygAWVk"
          }
      }
  }

Why bother with this you may wonder?  Well I can't imagine converting the previous cool stuff to something yucky like JOSE's JWS:

{
"message": "eyJ0eXAiOibGciOiJIUzI1NiJ9.LmNvbS9pc19yb290Ijp0cnVlfQ.2K27uhbUJU1p1r_wW1gFWFOEjXk"
}

Canonicalization (=removal of whitespace):

"MyLittleSignature":{"Version":"http://example.com/signature","Now":"2013-08-25T20:31:23+02:00","HRT":{"RTl":"67","YT":{"HTL":"656756#","INTEGER":-689,"Fantastic":false},"er":"33"},"ARR":[],"BARR":[{"HTL":"656756#","INTEGER":-689,"Fantastic":true},{"HTL":"656756#","INTEGER":-689,"Fantastic":false}],"ID":"ihqQONXvN5_LnmdAG7YU","STRINGS":["One","Two","Three"],"Intra":78,"EnvelopedSignature":{"SignatureInfo":{"Algorithm":"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256","Reference":{"Name":"ID","Value":"ihqQONXvN5_LnmdAG7YU"},"KeyInfo":{"PublicKey":{"EC":{"NamedCurve":"http://xmlns.webpki.org/sks/algorithm#ec.p256","X":"lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk","; Y":"LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA"}}}}

Cheers,
Anders

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]