W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > January to March 2006

RFC; new SignatureAlgorithm for web browser interop

From: Mikolaj Habryn <dichro@rcpt.to>
Date: Thu, 30 Mar 2006 01:25:04 +1100
To: w3c-ietf-xmldsig@w3.org
Message-Id: <1143642304.4151.20.camel@amida>

I decided recently to take a tilt at the windmill of making an xmldsig
application somewhat more approachable by driving it entirely from a web
browser.

The signing support in browsers at the moment (javascript
crypto.signText method) generates a PKCS7 signature which contains all
the usual data, but isn't directly morphable into a ds:Signature block
due to the signature being over an ASN.1 block instead of a
ds:SignedInfo.

I'd like to propose a new signature algorithm which replicates the PKCS7
algorithm. Actually, rather than proposing, I'd also like to point y'all
to an example of it at http://wiki.rcpt.to:8180/pkcs/ which will
generate a ds:Signature block for an arbitrary document. The signing
operation is done entirely on the browser with client-side certificates,
although the transformation into a ds:Signature is server-side because I
couldn't quite stomach the idea of writing an ASN.1 parser in
Javascript.

The generated signatures can be verified using a plugin for Apache's
XML-Security toolkit available from
http://wiki.rcpt.to/perl/wiki.pl?PKCSToXMLDSig (which also contains some
random annotations on this little project).

Comments warmly invited.

m.
Received on Wednesday, 29 March 2006 14:45:59 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:40 UTC