[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Signature tools using SHA-256, ECC, etc.
It is occasionally claimed that SHA-1 is
insufficient and should be replaced with SHA-256 and up. Recently we
heard that NSA is recommending ECC over RSA as well.
This is hard to cope with for S/MIME
(e-mail) systems since you may not always know the capabilities of the relying party's software. For on-line signature
systems using WASP (Web Activated Signature Protocol), such consideration do not
apply since the requester (which is also the
relying party), can specify a number of acceptable signature profiles and
the client software will select the first
one matching its own capabilities. By specifying both newer and
older algorithm profiles, a "soft" (migrative) approach to the introduction
of new cryptographic algorithms, including ECC,
is facilitated. Below is an authentic WASP signature using SHA-256 and
RSAwithSHA-256
<?xml version="1.0" encoding="UTF-8"?> <SignatureResponse xmlns="http://xmlns.ws-mobile.org/20060301/wasp#core"> <pr:XMLDSig.Profile.0.Signature ClientTime="2006-05-27T13:56:59+02" ID="_10b75b44e0d78cfd7d58a613b50" RequestURL="http://arport2/wasp/SignUsingStrongerCrypto" SubmitURL="http://arport2/wasp/SignUsingStrongerCrypto" xmlns:pr="http://xmlns.ws-mobile.org/20060301/wasp#xmldsigprofile0"> <DocumentReferences> <MainDocument MimeType="text/html" cid="cid:d0@arport2"/> </DocumentReferences> <DocumentSignatures CanonicalizationAlgorithm="http://xmlns.ws-mobile.org/20060301/wasp#cn-std" DigestAlgorithm="http://www.w3.org/2001/04/xmlenc#sha256"> <Digest cid="cid:d0@arport2">MSmcjH567Tr9Dlu+VfPg37g7mcCWqWDYAk+kNlZGc8Y=</Digest> </DocumentSignatures> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#_10b75b44e0d78cfd7d58a613b50"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>JA0FK0bL8O7vSs/cJV7GnHvoWxtXEFHALjwqBK0f374=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>Dk+YOZ/IjWgikTVlYQBmJI2HlMo4nDfq2jeyBBUVqPYZ/ZDIfyJ65BWDng3h2vd+jI77RN5LPPK0KKtsraM1OV8qe0C6mqUuEwcOs8U5xcNGhz2dLaWgrOd315p6grp6fwrviwGo+YkLhhSFys8U05Z/Wdzivp7O1Qpmd8TjLYA=</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509IssuerSerial> <ds:X509IssuerName>CN=Demo Sub CA,O=example.com,C=US</ds:X509IssuerName> <ds:X509SerialNumber>123456790</ds:X509SerialNumber> </ds:X509IssuerSerial> <!-- Signer DN: "CN=Marion Anderson, serialNumber=19750710-1518" --> <ds:X509Certificate>MIIB7TCCAVigAwIBAgIEB1vNFjALBgkqhkiG9w0BAQUwOTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC2V4YW1wbGUuY29tMRQwEgYDVQQDEwtEZW1vIFN1YiBDQTAeFw0wMzExMjAyMDM1MDZaFw0wODExMTgyMDM1MDZaMDIxFjAUBgNVBAUTDTE5NzUwNzEwLTE1MTgxGDAWBgNVBAMTD01hcmlvbiBBbmRlcnNvbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAr1nhR7brtuFJex6IAWEp1XChlzXfGqpStdaei1MRov3LaFdh3fIacba9lT00BG2xTawgBpvtAh3MfC+WrmUjt158gzGhrVqqowR+eHOXtKo/WVld0Krw8UyVcQxAIB8u3Aiuq0JLfoMrqC+HED4WUrUZJBgysakZ+2wqAgD5Qt8CAwEAAaMNMAswCQYDVR0TBAIwADALBgkqhkiG9w0BAQUDgYEAap6CgqXfnRsJ/Uk2Gm28WbpMwVqeh9tFM5nll1RvQR4Nyi2PfnT/GsPgHxPidsqH58E0xXbFS61fHN+GEBz5IWQxNOaAjF2THoI24RwTZEsOpA0N86shZ+o6yFdDIueDnJGAWWE4BN9MP2biyo78T6QdG9+Wq31BjtY972pCK/s=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> </pr:XMLDSig.Profile.0.Signature> <DocumentData> <Text cid="cid:d0@arport2"><![CDATA[<html><head><style type="text/css"> body {margin: 25px; font-weight: normal;font-family: arial, helvetica, sans-serif;font-size: 10pt} </style></head><body><h2>Using SHA256 and RSA/SHA256 Algorithms</h2>This is a simple document that is to be signed using SHA256 and RSA/SHA256 crypto-algorithms. In addition, the document data is also copied to the resulting signature blob.<p>Click on the XML icons to view the enhanced signature request and response messages!</body></html>]]></Text> </DocumentData> </SignatureResponse> BTW, after 3+ years of "moonshine" work, the WASP specification is finally
getting ready for publishing.
Regards
Anders Rundgren
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]