Enveloped JSON Signatures from Anders Rundgren on 2013-08-25 (public-webcrypto-comments@w3.org from August 2013)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Sun, 25 Aug 2013 21:05:03 +0200
To: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <521A555F.9040503@gmail.com>

Hi,
The concept of enveloped signatures have been slammed by the JOSE WG due to a belief that canonicalization issues will be hard.
FWIW, I just write a JSON encoder, decoder and signature utility in one week and I didn't find any problems all.

https://code.google.com/p/openkeystore/source/browse/#svn%2Flibrary%2Ftrunk%2Fsrc%2Forg%2Fwebpki%2Fjson

It seem that I will be able to replace 200,000 lines of Apache code with about 2,000 lines of custom code.

  {
    "MyLittleSignature":
      {
        "Version": "http://example.com/signature",
        "Now": "2013-08-25T20:31:23+02:00",
        "HRT":
          {
            "RTl": "67",
            "YT":
              {
                "HTL": "656756#",
                "INTEGER": -689,
                "Fantastic": false
              },
            "er": "33"
          },
        "ARR": [],
        "BARR":
          [{
             "HTL": "656756#",
             "INTEGER": -689,
             "Fantastic": true
           },
           {
             "HTL": "656756#",
             "INTEGER": -689,
             "Fantastic": false
           }],
        "ID": "ihqQONXvN5_LnmdAG7YU",
        "STRINGS": ["One","Two","Three"],
        "Intra": 78,
        "EnvelopedSignature":
          {
            "SignatureInfo":
              {
                "Algorithm": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
                "Reference":
                  {
                    "Name": "ID",
                    "Value": "ihqQONXvN5_LnmdAG7YU"
                  },
                "KeyInfo":
                  {
                    "PublicKey":
                      {
                        "EC":
                          {
                            "NamedCurve": "http://xmlns.webpki.org/sks/algorithm#ec.p256",
                            "X": "lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk",
                            "Y": "LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA"
                          }
                      }
                  }
              },
            "SignatureValue": "MEUCIEhZtArhp8O7d1n7SRWRQcs3qePGBCrnKY8x2O3o+nvPAiEA0On5hez2EHmEwJIm/UK7GxqZeWWcaFzK9OVAhygAWVk"
          }
      }
  }

Why bother with this you may wonder?  Well I can't imagine converting the previous cool stuff to something yucky like:

{
"message": "eyJ0eXAiOibGciOiJIUzI1NiJ9.LmNvbS9pc19yb290Ijp0cnVlfQ.2K27uhbUJU1p1r_wW1gFWFOEjXk"
}

Canonicalization (=removal of whitespace):

"MyLittleSignature":{"Version":"http://example.com/signature","Now":"2013-08-25T20:31:23+02:00","HRT":{"RTl":"67","YT":{"HTL":"656756#","INTEGER":-689,"Fantastic":false},"er":"33"},"ARR":[],"BARR":[{"HTL":"656756#","INTEGER":-689,"Fantastic":true},{"HTL":"656756#","INTEGER":-689,"Fantastic":false}],"ID":"ihqQONXvN5_LnmdAG7YU","STRINGS":["One","Two","Three"],"Intra":78,"EnvelopedSignature":{"SignatureInfo":{"Algorithm":"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256","Reference":{"Name":"ID","Value":"ihqQONXvN5_LnmdAG7YU"},"KeyInfo":{"PublicKey":{"EC":{"NamedCurve":"http://xmlns.webpki.org/sks/algorithm#ec.p256","X":"lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk","Y":"LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA"}}}}


</Anders>

Received on Sunday, 25 August 2013 19:05:35 UTC