- From: Anders Rundgren <anders.rundgren@telia.com>
- Date: Mon, 26 Aug 2013 10:55:37 +0200
- To: public-xmlsec-comments@w3.org
Since Google doesn't support XSD or XML DSig in Android I began looking at other alternatives. There were none :-( Therefore I created a 2000-line system that writes and reads JSON from Java. In addition, I adopted a scaled-down version of XML DSig's enveloped-signatures. The concept of enveloped signatures have been slammed by the JOSE WG due to a belief that canonicalization issues will be hard. FWIW, I just wrote the entire thing in just a week and I didn't find any problems all. https://code.google.com/p/openkeystore/source/browse/#svn%2Flibrary%2Ftrunk%2Fsrc%2Forg%2Fwebpki%2Fjson It seems that I will be able to replace 200,000 lines of Apache code with about 2,000 lines of custom code. { "MyLittleSignature": { "Version": "http://example.com/signature", "Now": "2013-08-25T20:31:23+02:00", "HRT": { "RTl": "67", "YT": { "HTL": "656756#", "INTEGER": -689, "Fantastic": false }, "er": "33" }, "ARR": [], "BARR": [{ "HTL": "656756#", "INTEGER": -689, "Fantastic": true }, { "HTL": "656756#", "INTEGER": -689, "Fantastic": false }], "ID": "ihqQONXvN5_LnmdAG7YU", "STRINGS": ["One","Two","Three"], "Intra": 78, "EnvelopedSignature": { "SignatureInfo": { "Algorithm": "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256", "Reference": { "Name": "ID", "Value": "ihqQONXvN5_LnmdAG7YU" }, "KeyInfo": { "PublicKey": { "EC": { "NamedCurve": "http://xmlns.webpki.org/sks/algorithm#ec.p256", "X": "lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk", "Y": "LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA" } } } }, "SignatureValue": "MEUCIEhZtArhp8O7d1n7SRWRQcs3qePGBCrnKY8x2O3o+nvPAiEA0On5hez2EHmEwJIm/UK7GxqZeWWcaFzK9OVAhygAWVk" } } } Why bother with this you may wonder? Well I can't imagine converting the previous cool stuff to something yucky like JOSE's JWS: { "message": "eyJ0eXAiOibGciOiJIUzI1NiJ9.LmNvbS9pc19yb290Ijp0cnVlfQ.2K27uhbUJU1p1r_wW1gFWFOEjXk" } Canonicalization (=removal of whitespace): "MyLittleSignature":{"Version":"http://example.com/signature","Now":"2013-08-25T20:31:23+02:00","HRT":{"RTl":"67","YT":{"HTL":"656756#","INTEGER":-689,"Fantastic":false},"er":"33"},"ARR":[],"BARR":[{"HTL":"656756#","INTEGER":-689,"Fantastic":true},{"HTL":"656756#","INTEGER":-689,"Fantastic":false}],"ID":"ihqQONXvN5_LnmdAG7YU","STRINGS":["One","Two","Three"],"Intra":78,"EnvelopedSignature":{"SignatureInfo":{"Algorithm":"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256","Reference":{"Name":"ID","Value":"ihqQONXvN5_LnmdAG7YU"},"KeyInfo":{"PublicKey":{"EC":{"NamedCurve":"http://xmlns.webpki.org/sks/algorithm#ec.p256","X":"lNxNvAUEE8t7DSQBft93LVSXxKCiVjhbWWfyg023FCk"," Y":"LmTlQxXB3LgZrNLmhOfMaCnDizczC/RfQ6Kx8iNwfFA"}}}} Cheers, Anders
Received on Monday, 26 August 2013 08:56:13 UTC