RE: encryption in XML & in SMIME from Ed Simon on 2000-08-29 (xml-encryption@w3.org from August 2000)

From: Ed Simon <ed.simon@entrust.com>
Date: Tue, 29 Aug 2000 15:40:46 -0400
To: Don Davis <dtd@world.std.com>, xml-encryption@w3.org
Message-ID: <3120721CA75DD411B8340090273D20B10C1B81@sottmxs06.entrust.com>
Just had a thought as to how one can get the same
effect of sign/wrap/sign without actually having to
sign twice.

To review,
here is the unprotected XML-formatted email:

<EMail>
<To>Captain Kirk</To>
<From>Starfleet Command</From>
<StarDate>2435CE January 19 11:22:33.44 UCT</StarDate>
<Subject>Romulan invasion fleet</Subject>
<Message>Please intercept the Romulan invasion fleet at...</Message>
</EMail>

Starfleet Command wants to encrypt the Message and sign the entire
email.  It also wants to prevent third parties from making it
appear they sent the message contents as in the scenarios Don
has described for S/MIME.

One approach to this has been to sign the message, encrypt (wrap)
the signed message, and the sign the whole email.  In my
oversimplified syntax, stuff within the <Signature> element is
signed, and stuff within the <Encryption> element is encrypted.

So using this syntax, we get

<Signature>
<EMail>
<To>Captain Kirk</To>
<From>Starfleet Command</From>
<StarDate>2435CE January 19 11:22:33.44 UCT</StarDate>
<Subject>Romulan invasion fleet</Subject>
<Message><Encryption>MIIxyz...</Encryption></Message>
</EMail>
</Signature>

where the encrypted "MIIxyz..." is the encrypted version of 
"<Signature>Please intercept the Romulan invasion fleet at...</Signature>".

Now let's try to do this without signing twice using XML Signature
and XML Encryption.

First, we calculate the digest of
"Please intercept the Romulan invasion fleet at..." and stow it.

Second, we encrypt
"Please intercept the Romulan invasion fleet at..."

Third, we create the <EMail> element with the encrypted text.

<EMail>
<To>Captain Kirk</To>
<From>Starfleet Command</From>
<StarDate>2435CE January 19 11:22:33.44 UCT</StarDate>
<Subject>Romulan invasion fleet</Subject>
<Message><Encryption>MIIxyz...</Encryption></Message>
</EMail>

Fourth, we calculated the digest of the <EMail> element.

Fifth, we create the XML Signature's <SignedInfo> element
and include a <Reference> elements for the two digests that
have been calculated.

Sixth, we complete the XML Signature according to the 
<SignedInfo> element just created.  This one XML Signature
covers both the full email and the original plaintext message.
The final result, in glorious detail, might look something like
this:

    <Signature xmlns="http://www.w3.org/2000/07/xmldsig#"
                  Id="X01">
           <SignedInfo> 
	           <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2000/WD-xml-c14n-20000710"/>
	           <SignatureMethod
Algorithm="http://www.w3.org/2000/07/xmldsig#dsa"/>
	           <Reference URI="id(#id1)//Message/EncryptedNode"> 
							<!-- XPath might
need fixing.
		                         Supposed to point to content of 
						         <EMail>'s <Message>
element. -->
		         <Transforms>
                     <Transform
Algorithm="http://www.w3.org/2001/03/Encryption#decrypt">
                          <DecryptTransform
xmlns="http://www.w3.org/2001/03/Encryption">
                               <Decrypt Match="."/>
                          <DecryptTransform>                         
                      </Transform> 
		         </Transforms> 
		         <DigestMethod
Algorithm="http://www.w3.org/2000/07/xmldsig#sha1"/> 
		         <DigestValue>...</DigestValue> 
	           </Reference>
	           <Reference URI="#id1"> 
		         <Transforms> 
		             <Transform
Algorithm="http://www.w3.org/TR/2000/WD-xml-c14n-20000710"/>
		         </Transforms> 
		         <DigestMethod
Algorithm="http://www.w3.org/2000/07/xmldsig#sha1"/> 
		         <DigestValue>...</DigestValue> 
	           </Reference>  	 
        </SignedInfo> 
        <SignatureValue>...</SignatureValue> 
        <KeyInfo>...</KeyInfo>
        <Object Id="id1">

			<EMail
xmlns="http://www.example.org/Starfleet/EMail">
				<To>Captain Kirk</To>
				<From>Starfleet Command</From>
				<StarDate>2435CE January 19 11:22:33.44
UCT</StarDate>
				<Subject>Romulan invasion fleet</Subject>
				<Message>
            <EncryptedNode xmlns="http://www.w3.org/2001/03/Encryption"
                              NodeType="Text"
 
EncryptionInfo="http://www.example.org/Starfleet/encryptioninfo.xml#encrypti
onInfo23">
                              (Base64 of encrypted Element node)
            </EncryptedNode>
				</Message>
			</EMail>

        </Object>
    </Signature>    


Beauty, eh?

The ownership of the original message is protected,
the privacy of the original message is protected, and
the whole email is signed so there is no doubt whom it
is from and for whom it was intended.

Rather than signing twice, two digests are covered by
one signature.

Any comments?  Did I make any glaring errors?

Ed
Received on Tuesday, 29 August 2000 15:45:55 UTC