W3C home > Mailing lists > Public > xml-encryption@w3.org > January 2001

RE: Signing and Encryption

From: Yongge Wang <ywang@certicom.com>
Date: Tue, 30 Jan 2001 13:51:12 -0500
To: xml-encryption@w3.org
Message-ID: <852569E4.00675531.00@smtpmail.certicom.com>

> Apologies if what I'm about to mention has already been discussed but I've
> been away and am now only catching up on my email.
>
> When discussing signing plus encryption, it is important to remember that
> an XML Signature can have cover multiple digests.  Though this feature is
> valuable for signing multiple unique resources, it is also useful for
> signing different views of the same resource.  In particular, a single
> XML Signature can cover both the plaintext and encrypted form of an XML
> instance.
>
> 1.  Hash the plaintext.
> 2.  Encrypt the plaintext.
> 3.  Hash the encrypted version.
> 4.  Create a <SignedInfo> over both hashes (including the appropriate
> transforms).
> 5.  Sign <SignedInfo> to get your signature value.


I guess the main problem is still that: if you encrypt some element or
attribute, you need to encrypt the Signature and </SignedInfo> element.
Consider the following example


<patient name="XYZ" contagious="AIDS> ... </patient>
...
<SignedInfo> .....and hashvalue</SignedInfo>

The attribute contagious is encrypted after the signature.
If we do not encrypt the <SignedInfo>, then the attacker can mount
a dictionary attack to find out that contagious="AIDS" by an exhaustive search.

Regards,
Yongge
Received on Tuesday, 30 January 2001 13:55:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:18 GMT