XML Signature

本条目正在大幅修改，持續時間「2小時」，請勿在此期間編輯。 當重大編輯結束或暫時停止編輯時，請移除本模板。您可於編輯歷史中查看添加本模板的編者。 本模板是為了避免編輯衝突，請於本次重大編輯結束後立即移除本模板，讓其他編者能繼續編輯本条目。 致其他編者：當本条目最後編輯時間（5434日1时48分46秒前，刷新）距今超逾「2小時」，請直接移除本模板即可。

此條目目前正依照其他维基百科上的内容进行翻译。 (2010年7月20日) 如果您擅长翻译，並清楚本條目的領域，欢迎协助翻譯、改善或校对本條目。 此外，长期闲置、未翻譯或影響閱讀的内容可能会被移除。

XML Signature (also called XMLDsig, XML-DSig, XML-Sig)是一个定义数字签名的XML语法的W3C推荐标准。从功能上或，XML Signature与PKCS#7有很多共同点，但是XML签名具有更好的可扩展性，并为签名XML文档做了调整。XML Signature在许多Web技术，如SOAP, SAML等中使用。

XML signature可以用来签名任何类型的数据（称作资源），最常见的是XML文档，但是任何可以通过URL访问的资源都可以被签名。如果XML签名用于对包含该签名的XML文档之外的资源简明，则称为detached signature 如果XML签名用于对包含它的XML文档的某个部分进行签名，则称为enveloped signature; 如果XML签名包含被签名的数据，则称为enveloping signature。

一个XML签名包含一个Signature元素，其名字空间为http://www.w3.org/2000/09/xmldsig#。基本结构如下所示：

<Signature>
  <SignedInfo>
    <SignatureMethod />
    <CanonicalizationMethod />
    <Reference>
       <Transforms>
       <DigestMethod>
       <DigestValue>
    </Reference>
    <Reference /> 等
  </SignedInfo>
  <SignatureValue />
  <KeyInfo />
  <Object />
</Signature>

• SignedInfo元素包含或引用签名后的数据，并指出使用了那种算法。
  • SignatureMethod和CanonicalizationMethod元素被SignatureValue元素所使用，并包含在SignedInfo元素中以防止篡改。
  • 一个或多个Reference元素通过URI引用的方式说明被签名的资源；以及在签名前对资源进行的任何转换。转换可以是一个XPath表达式，从文档树中选择一个子集^[1]。
    • DigestMethod元素指定散列算法。
    • DigestValue元素包含转换后资源经过散列算法的结果。
• SignatureValue元素包含一个经过Base64编码的枪名结果 - 签名是按照 SignedInfo元素中的SignatureMethod元素中指明的参数进行的，签名前要先根据CanonicalizationMethod元素中指定的算法进行规范化。
• KeyInfo元素（可选）允许签名者为接收者提供验签该签名的密钥，通常是以一个或多个X.509数字证书的形式。如果没有出现KeyInfo元素，接收方必须从上下文中识别出验签的密钥。
• Objec元素（可选）包含被签名的数据，如果是 enveloping signature（签名的数据在Signature元素内）的情况。

当验证一个XML签名时，需要遵守一个称作核心验证（Core Validation）的程序：

1. 易用验证： Each Reference's digest is verified by retrieving the corresponding resource and applying any transforms and then the specified digest method to it. The result is compared to the recorded DigestValue; if they do not match, validation fails.
2. 签名验证： The SignedInfo element is serialized using the canonicalization method specified in CanonicalizationMethod, the key data is retrieved using KeyInfo or by other means, and the signature is verified using the method specified in SignatureMethod.

这一程序确定该资源是否是真的由宣称的当事人签名的。然而由于XML标准化和转换方法的可扩展性，验证方必须同时确认实际被签名或摘要的正式在原始数据中出现的内容，换句话说，确信签名或摘要所使用的算法没有改变被签名的数据的意思。

The creation of XML Signatures is a bit more complex than the creation of an ordinary digital signature because a given XML Document (an "Infoset", in common usage among XML developers) may have more than one legal serialized representation. For example, whitespace inside an XML Element is not syntactically significant, so that <Elem > is syntactically identical to <Elem>.

Since the digital signature is created by using an asymmetric key algorithm (typically RSA) to encrypt the results of running the serialized XML document through a Cryptographic hash function (typically SHA1), a single-byte difference would cause the digital signature to vary.

Moreover, if an XML document is transferred from computer to computer, the line terminator may be changed from CR to LF to CR LF, etc. A program that digests and validates an XML document may later render the XML document in a different way, e.g. adding excess space between attribute definitions with an element definition, or using relative (vs. absolute) URLs, or by reordering namespace definitions. Canonical XML is especially important when an XML Signature refers to a remote document, which may be rendered in time-varying ways by an errant remote server.

To avoid these problems and guarantee that logically-identical XML documents give identical digital signatures, an XML canonicalization transform (frequently abbreviated C14n) is employed when signing XML documents (for signing the SignedInfo, a canonicalization is mandatory). These algorithms guarantee that logically-identical documents produce exactly identical serialized representations.

Another complication arises because of the way that the default canonicalization algorithm handles namespace declarations; frequently a signed XML document needs to be embedded in another document; in this case the original canonicalization algorithm will not yield the same result as if the document is treated alone. For this reason, the so-called Exclusive Canonicalization, which serializes XML namespace declarations independently of the surrounding XML, was created.

XML DSig is more flexible than other forms of digital signatures such as Pretty Good Privacy and Cryptographic Message Syntax, because it does not operate on 二进制数据, but on the XML信息集, allowing to work on subsets of the data, having various ways to bind the signature and signed information, and perform transformations. Another core concept is canonicalization, that is to sign only the "essence", eliminating meaningless differences like whitespace and line endings.

There are criticisms directed at the architecture of XML security in general ^[2] and the suitability of XML canonicalization in particular as a front end to signing and encrypting XML data due to its complexity, inherent processing requirement, and poor performance characteristics ^{[3] [4] [5]}. The argument is that performing XML canonicalization causes excessive latency that is simply too much to overcome for transactional, performance sensitive SOA applications.

These issues are being addressed in the XML Security Working Group ^{[6] [7]}

Another issue is that without proper policy the use of XML Dsig in SOAP and WS-Security can lead to vulnerabilites^[8]

• Canonical XML
• XML Encryption
• XAdES, extensions to XML-DSig for use with advanced electronic signature

1. ^ http://www.w3.org/TR/xmldsig-filter2/ XML-Signature XPath Filter 2.0
2. ^ http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt Why XML Security is Broken
3. ^ http://grids.ucs.indiana.edu/ptliupages/publications/WSSPerf.pdf Performance of Web Services Security
4. ^ http://www.extreme.indiana.edu/xgws/papers/sec-perf.pdf Performance Comparison of Security Mechanisms for Grid Services
5. ^ http://www.javaworld.com/javaworld/jw-01-2007/jw-01-vtd.html Why XML canonicalization is bad for Web Services Security
6. ^ http://www.w3.org/2007/xmlsec/ws/report.html W3C Workshop on Next Steps for XML Signature and XML Encryption, 2007
7. ^ http://www.w3.org/TR/xmlsec-reqs2/ XML Security 2.0 Requirements and Design Considerations
8. ^ http://domino.research.ibm.com/library/cyberdig.nsf/papers/73053F26BFE5D1D385257067004CFD80/$File/rc23691.pdf

• XML-Signature Syntax and Processing (W3C)
• Canonical XML
• Additional XML Security Uniform Resource Identifiers (URIs)
• Exclusive XML Canonicalization
• XMLSignatures Java binding for XMLBeans and JAXB.