- From: Amir Herzberg <AMIR@newgenpay.com>
- Date: Tue, 1 May 2001 17:48:02 +0300
- To: "Xml Encrypt (E-mail)" <xml-encryption@w3.org>
Following our discussion on requirements, I'll like now to request adding support to allow signing of encrypted data. This is by allowing the following new tag in <EncryptedData>: <HashOfRandomized> to contain the binary result of a one-way hash function applied to the plaintext. To prevent guessing attacks, the plaintext MUST include sufficient enthropy, possibly by appending to the `real` plaintext a random string just to increase its enthropy. The use of this will be by defining a simple tranform for DSIG that will replace each <EncryptedData> object containing a <HashOfRandomized> object, with only the <HashOfRandomized> object, for the purpuses of hashing and signing. This will be sufficient for the authentication and non-repudiation of the signature, yet allow changing the encryption key, or removing the ciphertext completely, when such operations are required. The receiver can now prove the contents of a secret agreement (in case of dispute), by exposing the agreement (only) to a judge who can easily validate it. There are other applications, esp. for payments, in fact we used this technique in iKP and SET protocols. So it is important the spec allows it. Technically, what does this mean to XML Encrypt spec? Add an optional element to EncryptedData: <element ref="xenc:HashOfRandomized" minOccurs=0/> where the randhash element is simply <element name="HashOfRandomized" type="ds:CryptoBinary"> The trick is to sign not the actual plaintext, which may indeed allow guessing attack, but a randomized version of it. Best regards, Amir Herzberg CTO, NewGenPay Inc. See our demo and overview/tutorials on secure e-commerce in http://www.NewGenPay.com (demo area)
Received on Tuesday, 1 May 2001 10:44:40 UTC