W3C home > Mailing lists > Public > xml-encryption@w3.org > January 2001

RE: Signing and Encryption

From: Yongge Wang <ywang@certicom.com>
Date: Tue, 30 Jan 2001 13:51:12 -0500
To: xml-encryption@w3.org
Message-ID: <852569E4.00675531.00@smtpmail.certicom.com>

> Apologies if what I'm about to mention has already been discussed but I've
> been away and am now only catching up on my email.
> When discussing signing plus encryption, it is important to remember that
> an XML Signature can have cover multiple digests.  Though this feature is
> valuable for signing multiple unique resources, it is also useful for
> signing different views of the same resource.  In particular, a single
> XML Signature can cover both the plaintext and encrypted form of an XML
> instance.
> 1.  Hash the plaintext.
> 2.  Encrypt the plaintext.
> 3.  Hash the encrypted version.
> 4.  Create a <SignedInfo> over both hashes (including the appropriate
> transforms).
> 5.  Sign <SignedInfo> to get your signature value.

I guess the main problem is still that: if you encrypt some element or
attribute, you need to encrypt the Signature and </SignedInfo> element.
Consider the following example

<patient name="XYZ" contagious="AIDS> ... </patient>
<SignedInfo> .....and hashvalue</SignedInfo>

The attribute contagious is encrypted after the signature.
If we do not encrypt the <SignedInfo>, then the attacker can mount
a dictionary attack to find out that contagious="AIDS" by an exhaustive search.

Received on Tuesday, 30 January 2001 13:55:10 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:59 UTC