MICROSOFT.NET INTEROPERABILITY FOR BEGINNERS Vjekoslav Babic (Fortempo)
Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.
-
Upload
moses-thomas -
Category
Documents
-
view
224 -
download
0
Transcript of Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.
![Page 1: Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.](https://reader036.fdocuments.in/reader036/viewer/2022082407/56649ddb5503460f94ad2834/html5/thumbnails/1.jpg)
Implementation Of
XML DIGITAL SIGNATURES
Using Microsoft .NET
![Page 2: Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.](https://reader036.fdocuments.in/reader036/viewer/2022082407/56649ddb5503460f94ad2834/html5/thumbnails/2.jpg)
PRESENTED BY :
NANIDITA SRIVASTAVA
NEEHARIKA KOLLA
MOUNIKA VALLABHANENI
![Page 3: Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.](https://reader036.fdocuments.in/reader036/viewer/2022082407/56649ddb5503460f94ad2834/html5/thumbnails/3.jpg)
MAIN FOCUS OF THE PROJECT:
1.Feature of XML digital signatures
2.XML documents and XML digital signatures in brief.
3.Creation of windows based application using .NET & C#
4.Application lets user encode and sign specific parts of an XML file.
5.Presenting 3 test cases where user changes the or the key…….and verification produces invalid results
![Page 4: Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.](https://reader036.fdocuments.in/reader036/viewer/2022082407/56649ddb5503460f94ad2834/html5/thumbnails/4.jpg)
Digital Digital SignaturesSignatures
A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document.
![Page 5: Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.](https://reader036.fdocuments.in/reader036/viewer/2022082407/56649ddb5503460f94ad2834/html5/thumbnails/5.jpg)
XML Digital SignaturesXML Digital Signatures
•Digital signatures designed for use in XML transactions.
•Joint effort between the World Wide Web Consortium (W3C) and Internet Engineering Task Force (IETF)
Similarities and Differences with Standard Digital Signatures
Similarities
Authentication
Data integrity
Support for non-repudiation
Differences
Support for Web based nature of todays transactions
![Page 6: Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.](https://reader036.fdocuments.in/reader036/viewer/2022082407/56649ddb5503460f94ad2834/html5/thumbnails/6.jpg)
What is XMLWhat is XML
<?xml version="1.0" encoding="utf8"?> <?xml version="1.0" encoding="utf8"?>
<Companies><Companies>
<CompanyA><CompanyA>
<DocumentInformation><DocumentInformation>
<documentName namingSystem="POSC">Sample 3</documentName> <documentName namingSystem="POSC">Sample 3</documentName>
</ DocumentInformation ></ DocumentInformation >
<BusinessAssociate><BusinessAssociate>
<AuthorizedPerson><AuthorizedPerson>
<name>Marvin P. Mooney</name> <name>Marvin P. Mooney</name>
<title>Vice President of Drilling Operations</title> <title>Vice President of Drilling Operations</title>
</AuthorizedPerson></AuthorizedPerson>
</BusinessAssociate></BusinessAssociate>
<LegalDescription><LegalDescription>
<townshipNumber direction="N">50</townshipNumber> <townshipNumber direction="N">50</townshipNumber>
</LegalDescription></LegalDescription>
</CompanyA></CompanyA>
</ Companies ></ Companies >
XML is a markup language for documents containing structured information. XML was created so that richly structured documents could be used over the web. The only viable alternatives, HTML as it comes bound with a set of semantics and does not provide arbitrary structure.
A sample XML documentA sample XML document
![Page 7: Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.](https://reader036.fdocuments.in/reader036/viewer/2022082407/56649ddb5503460f94ad2834/html5/thumbnails/7.jpg)
Why XML is important Why XML is important (Use in Web Services)(Use in Web Services)
Web services are application programming interfaces (API) that can be accessed over a network, such as the Internet, and executed on a remote system.
Generic Web Service Architecture
![Page 8: Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.](https://reader036.fdocuments.in/reader036/viewer/2022082407/56649ddb5503460f94ad2834/html5/thumbnails/8.jpg)
Use of XML Digital Signatures in Web ServicesUse of XML Digital Signatures in Web Services
Non-repudiation and integrity assume alarming dimensions in a web service-driven Non-repudiation and integrity assume alarming dimensions in a web service-driven world. Suppose that a confidential XML document is populated by services A and B, world. Suppose that a confidential XML document is populated by services A and B, and is passed on to service E by C and D. To make things worse, let's assume that and is passed on to service E by C and D. To make things worse, let's assume that these services are provided by different systems/vendors across the Net! Now, how these services are provided by different systems/vendors across the Net! Now, how can the end consumer service E ensure the authenticity of the sender services A and can the end consumer service E ensure the authenticity of the sender services A and B? What guarantee does it have that the XML data passed on from A and B has not B? What guarantee does it have that the XML data passed on from A and B has not been modified during the transit or by other malicious services? With hacking been modified during the transit or by other malicious services? With hacking becoming a common phenomenon on the Internet, it is quite possible that becoming a common phenomenon on the Internet, it is quite possible that unauthorized services will come to life all of a sudden from the network and start unauthorized services will come to life all of a sudden from the network and start consuming confidential business data. How can we make sure that the sender consuming confidential business data. How can we make sure that the sender services A and B take full responsibility for what is contained in the XML document?services A and B take full responsibility for what is contained in the XML document?
ExampleExample
![Page 9: Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.](https://reader036.fdocuments.in/reader036/viewer/2022082407/56649ddb5503460f94ad2834/html5/thumbnails/9.jpg)
The Components of an XML Signature
![Page 10: Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.](https://reader036.fdocuments.in/reader036/viewer/2022082407/56649ddb5503460f94ad2834/html5/thumbnails/10.jpg)
An XML signature can sign more than one type of resource. For example, a single XML signature might cover character-encoded data (HTML), binary-encoded data (a JPG), XML-encoded data, and a specific section of an XML file.
• Determine which resources are to be signed.This will take the form of identifying the resources through a Uniform Resource Identifier (URI). "http://www.abccompany.com/index.html" would reference an HTML page on the Web "http://www.abccompany.com/logo.gif" would reference a GIF image on the Web
. Calculate the digest of each resource. CreateReference elementDigestValue element DigestMethod element
•Collect the Reference elements. Create SignedInfo elementCanonicalizationMethodSignatureMethod
XML Digital Signatures XML Digital Signatures
Steps to create XML Digital Signatures Steps to create XML Digital Signatures
![Page 11: Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.](https://reader036.fdocuments.in/reader036/viewer/2022082407/56649ddb5503460f94ad2834/html5/thumbnails/11.jpg)
SigningSignatureValue element.
Add key information
KeyInfo element
Enclose in a Signature element Signature element
Steps to create XML Digital Signatures Steps to create XML Digital Signatures
Steps to verify XML Digital Signatures Steps to verify XML Digital Signatures
Recalculate the digest of the <SignedInfo> element (using the digest algorithm specified in the <SignatureMethod> element) and use the public verification key to verify that the value of the <SignatureValue> element is correct for the digest of the <SignedInfo> element.
If this step passes, recalculate the digests of the references contained within the <SignedInfo> element and compare them to the digest values expressed in each <Reference> element's corresponding <DigestValue> element.
![Page 12: Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.](https://reader036.fdocuments.in/reader036/viewer/2022082407/56649ddb5503460f94ad2834/html5/thumbnails/12.jpg)
Concepts central to XML Digital Signature Concepts central to XML Digital Signature SpecificationsSpecifications
X-PATH Transforms
• Specifies which content is to be signed.• Evaluates Expressions to filter out the nodes. Example child::*
In our project Refence.AddTransform(CreateXPathTransform("ancestor-or-self::CompanyA"))Cannonicalization
• Important to take care of formatting differences between two logically similar documents.• The canonicalization algorithm used normally changes the character encding to
UTF-8,Change the line breaks to #Xa etc.
In our project SignedXml.XmlDsigCanonicalizationUrl field specifies this
Types of XML digital Signatures
Enveloped
Enveloping
Detached
![Page 13: Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.](https://reader036.fdocuments.in/reader036/viewer/2022082407/56649ddb5503460f94ad2834/html5/thumbnails/13.jpg)
.Net Implementation of XML Digital Signatures.Net Implementation of XML Digital Signatures
The System.Security.Cryptography namespace in .NET provides cryptographic services, including secure encoding and decoding of data, as well as many other operations, such as hashing, random number generation, and message authentication. The hierarchy of the classes found in the framework are as follows
Algorithm type classes (Abstract)
•SymmetricAlgorithm or HashAlgorithm •Abstract classes
Algorithm class (Abstract)•Inherits from an algorithm type class•RC2 or SHA1•Abstract
Implementation of an algorithm class •These inherits from an algorithm class•RC2CryptoServiceProvider or SHA1 Managed•Fully implemented
![Page 14: Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.](https://reader036.fdocuments.in/reader036/viewer/2022082407/56649ddb5503460f94ad2834/html5/thumbnails/14.jpg)
DESCryptoServiceProvider for Encryption-Implements Data Encryption Standard (DES) algorithm used in CBC modeRSACryptoServiceProvider for Signing -Implements RSA algorithm
Crypto Service Providers used in our projectCrypto Service Providers used in our project
Project ImplementationProject Implementation
• Windows based application (C# )• User selects an XML file • Application encodes and Signs the file• Application can decode and Verify the Signature
Key Creation
Use of sn.exe utility Created key stored in an XML file
DecryptionCreate a crypto key from an XML file
![Page 15: Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.](https://reader036.fdocuments.in/reader036/viewer/2022082407/56649ddb5503460f94ad2834/html5/thumbnails/15.jpg)
Code SnippetCode Snippet
XmlDocument xmldoc=new XmlDocument();XmlDocument xmldoc=new XmlDocument();xmldoc.LoadXml(xml);xmldoc.LoadXml(xml);// Get the key pair from the key store.// Get the key pair from the key store.CspParameters parms=new CspParameters(1);CspParameters parms=new CspParameters(1); // //
PROV_RSA_FULLPROV_RSA_FULLparms.Flags=CspProviderFlags.UseMachineKeyStore;parms.Flags=CspProviderFlags.UseMachineKeyStore; // Use Machine store// Use Machine storeparms.KeyContainerName=keyContainerName;parms.KeyContainerName=keyContainerName;parms.KeyNumber=2;parms.KeyNumber=2;
RSACryptoServiceProvider csp=new RSACryptoServiceProvider(parms);RSACryptoServiceProvider csp=new RSACryptoServiceProvider(parms);
// Creating the XML signing object.// Creating the XML signing object.SignedXml sxml=new SignedXml(xmldoc);SignedXml sxml=new SignedXml(xmldoc);sxml.SigningKey=csp;sxml.SigningKey=csp;
// Set the canonicalization method for the document.// Set the canonicalization method for the document.sxml.SignedInfo.CanonicalizationMethod=SignedXml.XmlDsigCanonicalizationUrl; // No comments.sxml.SignedInfo.CanonicalizationMethod=SignedXml.XmlDsigCanonicalizationUrl; // No comments.
// Create an empty reference (not enveloped) for the XPath// Create an empty reference (not enveloped) for the XPath transformation. transformation.Reference r=new Reference("");Reference r=new Reference("");r.AddTransform(CreateXPathTransform("ancestor-or-self::CompanyA"));r.AddTransform(CreateXPathTransform("ancestor-or-self::CompanyA"));sxml.AddReference(r);sxml.AddReference(r);
// Add the reference to the SignedXml object.// Add the reference to the SignedXml object.sxml.AddReference(r);sxml.AddReference(r);
// Compute the signature.// Compute the signature.sxml.ComputeSignature();sxml.ComputeSignature();
// Get the signature XML and add it to the document element.// Get the signature XML and add it to the document element. XmlElement sig=sxml.GetXml();XmlElement sig=sxml.GetXml();
xmldoc.DocumentElement.AppendChild(sig);xmldoc.DocumentElement.AppendChild(sig);// Write-out formatted signed XML.// Write-out formatted signed XML.
StringBuilder sb=new StringBuilder();StringBuilder sb=new StringBuilder();StringWriter tw=new StringWriter(sb);StringWriter tw=new StringWriter(sb);XmlTextWriter writer=new XmlTextWriter(tw);XmlTextWriter writer=new XmlTextWriter(tw);writer.Formatting=Formatting.Indented;writer.Formatting=Formatting.Indented;
![Page 16: Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.](https://reader036.fdocuments.in/reader036/viewer/2022082407/56649ddb5503460f94ad2834/html5/thumbnails/16.jpg)
![Page 17: Implementation Of XML DIGITAL SIGNATURES Using Microsoft.NET.](https://reader036.fdocuments.in/reader036/viewer/2022082407/56649ddb5503460f94ad2834/html5/thumbnails/17.jpg)
DEMODEMO
ThanksThanks