About XML Digital Signatures
digital signatures are used for authentication and data integrity. It is designed
to take advantage of the XML technology and the data transfer over the internet.
With the XML digital signature it is possible to sign the specific portions of
the XML document. Different parties could create different parts of the XML document
and they sign those parts of the document at different times.
integrity for these portions is maintained by checking the digital signatures
of these particular parts when a user is changing that portion of the XML document.
When user who has access to this document is changing the default values the digital
signature of that particular portion is made invalid.
types of resource can be signed with an XML digital signature. A signature can
be used to validate different resources like HTML, JPG, or a XML encoded data.
The data object which is signed originally should be accessible to verify the
signature. It could be located anywhere else.
XML document contains the location of the original data object against which the
digital signature is verified. The location of the original data object could
be referenced using an URI or it could be in the same resource or it could be
embedded. This can said in other words as that the signature could be a sibling,
parent, or child by itself.
different tags or components that are included in the signature is given below.
This information will give you an idea of the components that make up the signature.
<Reference> element has an URI attribute that locates the resource that
is to be signed. There is an <Transform> element in the signature that gives
the steps involved in processing the resource that is referenced. Before that
element is digested this is done.
The element <DigestValue> has
the value of the digest for the resource that is referenced. There is an element
called the <SignatureValue> that is used for giving the value of the encrypted
<SignedInfo> element. Every signature that is validated needs a key and
there should be some element for indicated that key. There is a <KeyInfo>
element for this purpose.
an XML Signature has a series of steps involved. Before you create the digital
signature you have to identify the resources for which the XML Digital Signature
is to be created. This is the first step towards creating the XML Digital Signature.
Identifying the resources is through the URI. The URI that you use for
referencing could point to an html file, or a gif image or an xml file. Within
a file it could also point to a particular element or anchor. An example for these
URI could be http://www.yourwebsite.com/serverDir/page.xml#anch.
digest for each resource is calculated is calculated and that value is place in
the element <DigestValue> which is a child element of the <Reference>
element. The algorithm that is used to calculate the digest value is given in
the attribute Algorithm in the <DigestMethod> element which
is also a child element of the <Reference> element. An example of code snippet
at this stage would be something like,
you have all the references organized like this, you have to collect them under
the tag <SignedInfo>. The <SignedInfo> tag has an <CanonicalizationMethod>
element. This element has the canonized signedinfo element. The elements
should be canonized before they are represented for processing of the signature.
This is done to avoid inaccurate results.
The algorithm that is used to
produce the signature value is given in the <SignatureMethod> elements
Algorithm attribute. Using that algorithm the <SignedInfo> element
is digested and the resulting signature value is put in the <SignatureValue>
The <KeyInfo> element would have the information regarding
the key which could be a public key that is used for the verification of the signature.
This <KeyInfo> element is enclosed in the <Signature> element. This
is how you have to create the digital signatures for the elements in the xml document.
After you have created them you have to verify them. for verifying the
XML signature you have to recalculate the signature of the <SignedInfo>
element by using the algorithm defined in the <SignatureMethod> element.
The signature value generated is compared to the value present in the
<SignatureValue> element. Similarly the <DigestValue>s values
are also calculated using the appropriate algorithms and cross checked. This step
confirms that the signatures are verified properly.
the increase in the online transactions day by day there is a need for using such
digital signatures to verify the authenticity of the documents that are involved
in the transactions. To ensure the authenticity and the integrity we need to use
such XML Digital Signatures. These are the evolving standards for the online transactions.
Subscribe to our mailing list and receive new articles
through email. Keep yourself updated with latest
developments in the industry.
: We never rent, trade, or sell my email lists to
We assure that your privacy is respected