- From: Yongge Wang <ywang@certicom.com>
- Date: Tue, 30 Jan 2001 13:51:12 -0500
- To: xml-encryption@w3.org
> Apologies if what I'm about to mention has already been discussed but I've > been away and am now only catching up on my email. > > When discussing signing plus encryption, it is important to remember that > an XML Signature can have cover multiple digests. Though this feature is > valuable for signing multiple unique resources, it is also useful for > signing different views of the same resource. In particular, a single > XML Signature can cover both the plaintext and encrypted form of an XML > instance. > > 1. Hash the plaintext. > 2. Encrypt the plaintext. > 3. Hash the encrypted version. > 4. Create a <SignedInfo> over both hashes (including the appropriate > transforms). > 5. Sign <SignedInfo> to get your signature value. I guess the main problem is still that: if you encrypt some element or attribute, you need to encrypt the Signature and </SignedInfo> element. Consider the following example <patient name="XYZ" contagious="AIDS> ... </patient> ... <SignedInfo> .....and hashvalue</SignedInfo> The attribute contagious is encrypted after the signature. If we do not encrypt the <SignedInfo>, then the attacker can mount a dictionary attack to find out that contagious="AIDS" by an exhaustive search. Regards, Yongge
Received on Tuesday, 30 January 2001 13:55:10 UTC