Re: Enveloped JSON Signatures from Anders Rundgren on 2013-08-26 (public-webcrypto-comments@w3.org from August 2013)

From: Anders Rundgren <anders.rundgren.net@gmail.com>
Date: Mon, 26 Aug 2013 06:34:23 +0200
To: Jim Schaad <ietf@augustcellars.com>
CC: public-webcrypto-comments@w3.org
Message-ID: <521ADACF.2040003@gmail.com>
On 2013-08-26 05:54, Jim Schaad wrote:
> I think you may also need to sort the member fields if you are going to rebuild it from a parsed object.

That would be true if the specifications where this scheme is supposed to be used allowed unsorted property order.
But they don't.  The parser in fact requires that you read properties in strict (defined) message-order and if you forget an element parsing will fail with an exception.
This is one way the system "compensates" for the lack of a JSON schema.  Well, there is a JSON schema but doesn't appear to be commonly supported so I dropped this part.

>  Also you are going to have some potential problems for dealing with numbers in terms of how they are written back out.

The scheme only works with the actual textual representation.
That is, canonicalization is performed on the text regardless if you are signing or verifying.
This probably does not work with arbitrary JSON parsers.  These are usually not designed for crypto.

So if 0.999999999999999999999 would turn out as 1.0 (internally) after parsing this has no effect on the crypto; it might affect the operation but that's another and generic JSON issue.

In case you need to read a potentially "difficult" variable and then send it back *exactly* "as-is", the only workable solution is reading it as a string.

Cheers
Anders


> 
>  
> 
> Jim
> 
>  
> 
>  
> 
> *From:*Anders Rundgren [mailto:anders.rundgren.net@gmail.com]
> *Sent:* Sunday, August 25, 2013 12:05 PM
> *To:* public-webcrypto-comments@w3.org
> *Subject:* Enveloped JSON Signatures
> 
>  
> 
> Hi,
> The concept of enveloped signatures have been slammed by the JOSE WG due to a belief that canonicalization issues will be hard.
> FWIW, I just write a JSON encoder, decoder and signature utility in one week and I didn't find any problems all.
> 
> https://code.google.com/p/openkeystore/source/browse/#svn%2Flibrary%2Ftrunk%2Fsrc%2Forg%2Fwebpki%2Fjson
> 
> It seem that I will be able to replace 200,000 lines of Apache code with about 2,000 lines of custom code.
> 
>   {
>     "MyLittleSignature":
>       {
>         "Version": "http://example.com/signature" <http://example.com/signature>,
>         "Now": "2013-08-25T20:31:23+02:00",
>         "HRT":
>           {
>             "RTl": "67",
>             "YT":
>               {
>                 "HTL": "656756#",
>                 "INTEGER": -689,
>                 "Fantastic": false
>               },
>             "er": "33"
>           },
>         "ARR": [],
>         "BARR":
>           [{
>              "HTL": "656756#",
>              "INTEGER": -689,
>              "Fantastic": true
>            },
>            {
>              "HTL": "656756#",
>              "INTEGER": -689,
>              "Fantastic": false
>            }],
>         "ID": "ihqQONXvN5_LnmdAG7YU",
>         "STRINGS": ["One","Two","Three"],
>         "Intra": 78,
>         "EnvelopedSignature":
>           {
>             "SignatureInfo":
>               {
>                 "Algorithm": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" <http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256>,
>                 "Reference":
>                   {
>                     "Name": "ID",
>                     "Value": "ihqQONXvN5_LnmdAG7YU"
>                   },
>                 "KeyInfo":
>                   {
>                     "PublicKey":
>                       {
>                         "EC":
>                           {
>                             "NamedCurve": "http://xmlns.webpki.org/sks/algorithm#ec.p256" <http://xmlns.webpki.org/sks/algorithm#ec.p256>,
>                             "X": "lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk",
>                             "Y": "LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA"
>                           }
>                       }
>                   }
>               },
>             "SignatureValue": "MEUCIEhZtArhp8O7d1n7SRWRQcs3qePGBCrnKY8x2O3o+nvPAiEA0On5hez2EHmEwJIm/UK7GxqZeWWcaFzK9OVAhygAWVk"
>           }
>       }
>   }
> 
> Why bother with this you may wonder?  Well I can't imagine converting the previous cool stuff to something yucky like:
> 
> {
> "message": "eyJ0eXAiOibGciOiJIUzI1NiJ9.LmNvbS9pc19yb290Ijp0cnVlfQ.2K27uhbUJU1p1r_wW1gFWFOEjXk"
> }
> 
> Canonicalization (=removal of whitespace):
> 
> "MyLittleSignature":{"Version":"http://example.com/signature" <http://example.com/signature>,"Now":"2013-08-25T20:31:23+02:00","HRT":{"RTl":"67","YT":{"HTL":"656756#","INTEGER":-689,"Fantastic":false},"er":"33"},"ARR":[],"BARR":[{"HTL":"656756#","INTEGER":-689,"Fantastic":true},{"HTL":"656756#","INTEGER":-689,"Fantastic":false}],"ID":"ihqQONXvN5_LnmdAG7YU","STRINGS":["One","Two","Three"],"Intra":78,"EnvelopedSignature":{"SignatureInfo":{"Algorithm":"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256" <http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256>,"Reference":{"Name":"ID","Value":"ihqQONXvN5_LnmdAG7YU"},"KeyInfo":{"PublicKey":{"EC":{"NamedCurve":"http://xmlns.webpki.org/sks/algorithm#ec.p256" <http://xmlns.webpki.org/sks/algorithm#ec.p256>,"X":"lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk"," Y":"LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA"}}}}
> 
> 
> </Anders>
>
Received on Monday, 26 August 2013 04:34:59 UTC