Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm
Precedence: bulk
Reply-To: security-dev@xml.apache.org
Received-SPF: pass (athena.apache.org: domain of jdmarshall@gmail.com
 designates 74.125.44.156 as permitted sender)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version
         :content-type:content-transfer-encoding:content-disposition
         :references;
        b=HkNgRv90OIrrqKOAohhN32XUtrknVJTXnraYzrXaJ6eKXYwCZT7LDfchar7STZuOqk
         h44NgT2xHcESeH2GNkSeyrjXrB15myFc979rbsYcBGWOrqj5UQYW4eaNHk3GgwnOr5Ya
         yWWqNmyYq85CFEYpN2kiNH/jinte2jTchrHuE=
Message-ID: <3cf41bb90808061102p11991f04tf88adc43496989e0@mail.gmail.com>
Date: Wed, 6 Aug 2008 11:02:34 -0700
From: "jason marshall" <jdmarshall@gmail.com>
To: security-dev@xml.apache.org
Subject: Re: Remote private key
In-Reply-To: <3BDF182267B38B419F95D30CDCB7849F9416B4@svrcorreoeo.sadiel.es>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <d8a2d3ab0807281244h12a69449lb9edfba4c7a8eccd@mail.gmail.com>
	 <3BDF182267B38B419F95D30CDCB7849F8ED0E8@svrcorreoeo.sadiel.es>
	 <d8a2d3ab0807282341y431c9c1fna7acc9fe4d6b4476@mail.gmail.com>
	 <3BDF182267B38B419F95D30CDCB7849F8ED12B@svrcorreoeo.sadiel.es>
	 <d8a2d3ab0808051421l230928e2i32b7985d6587fd5d@mail.gmail.com>
	 <3BDF182267B38B419F95D30CDCB7849F9416B4@svrcorreoeo.sadiel.es>

Perhaps it goes without saying, but I'm a sucker for pointing out the
supposedly obvious (mostly because of how often it turns out not to
have been so obvious).

If you have your keys on one machine, and your signed material on
another, how are you getting the data between them without someone
altering it?

One thing you might consider doing is applying a temporary signature
on the machine that has the source material, and then send the signed
XML document back to the machine holding the real key to add a second
signature (the one third parties will honor).  That should prove
easier to pull off than trying to trick the XML-Sec library into
signing something without calculating the digests itself first.  I
tried to do this with 1.3 and had no luck.  I would be interested in
hearing if you guys figure out how to do this, however not for remote
signing (rather for re-signing to replace an expiring cert).

-Jason


On Tue, Aug 5, 2008 at 11:12 PM, Lopez Cantero, Sergio
<SLCANTERO@sadiel.es> wrote:
> This is because before you sign it, you have to encode in DER the digest
> with something like:
>
> (Using bouncycastle classes)
>
>       public static byte[] doDER(byte[] data) throws IOException {
>
> //This OID is for SHA1 only
>
>             String hashOID =3D 1.3.14.3.2.26;
>
>             DigestInfo dInfo =3D new DigestInfo(new AlgorithmIdentifier(
>
>                         new DERObjectIdentifier(hashOID), null), data);
>
>             return dInfo.getEncoded(ASN1Encodable.DER);
>
>       }
>
> I recommend sending the digested hash, not the entire byte secuence, so y=
ou
> can do DER  it and sign it with "NONEwithRSA" algorithm afterwards.
>
> De: Legido Mart=EDnez, Isidoro [mailto:islegmar@gmail.com]
> Enviado el: martes, 05 de agosto de 2008 23:21
> Para: security-dev@xml.apache.org
> Asunto: Re: Remote private key
>
>
>
> Hi:
>
> I'm still having problems. After building the Signature element (everythi=
ng
> but the SignatureValue element) I execute:
>
>   [Server side]
>   XMLSignature sig =3D .... -> It uses
> http://www.w3.org/2000/09/xmldsig#rsa-sha1 as signature method
>   sig.getSignedInfo().generateDigestValues();
>   byte[] data2Sign =3D sig.getSignedInfo().getCanonicalizedOctetStream();
>
> then, the Server sends 'data2Sign' to the Client (encoded) and the client
> executes
>
> [Client side]
>   PrivateKey pKey =3D ....
>   Signature signature =3D Signature.getInstance("SHA1withRSA");
>   signature.initSign(privateKey);
>   signature.update(data2Sign); --> data2Sign is the decoded data received
> from the Server
>   byte[] dataSigned =3D  signature.sign();
>
> then, the Client sends back to the Server 'dataSigned' (encoded) and the
> server adds it to the SignatureValue element (decoded).
>
> But the signature build this way is not valid :-( If I execute
> XMLSignature.sign() directly, the signature I get is different. What I'm
> doing wrong?
>
> As you can see, the server sends directly the C14N data, not the digested
> one. I have also tried digesting it before with the same result. In fact,=
 I
> am doing the same that XMLSignature.sign()'s method, so I can't see where
> the problem is.
>
> Does anybody have an idea?
>
> Thanks a lot
>
> Isi
>
>
> 2008/7/29 Lopez Cantero, Sergio <SLCANTERO@sadiel.es>
>
> As far as I know, yes, you have to digest them "by hand"
>
>
>
> I hope to have helped you.
>
>
>
> Sergio
>
>
>
>
>
> De: Legido Mart=EDnez, Isidoro [mailto:islegmar@gmail.com]
> Enviado el: martes, 29 de julio de 2008 8:41
>
> Para: security-dev@xml.apache.org
>
> Asunto: Re: Remote private key
>
>
>
> Thanks
>
> So, how can I get the digested value? Do I have to digest them "by hand"?
>
> Thanks
>
> Isi
>
> 2008/7/29 Lopez Cantero, Sergio <SLCANTERO@sadiel.es>
>
> Hi Isidoro,
>
> getCanonicalizedOctetStream returns the bytes you have to digest, not the
> digested data, so that's the difference.
>
> Concerning the way to put back the signature, you can get the signature
> element and search through the DOM for the SignatureValue Element to fill
> its contents.
>
> I'm doing something like that ;)
>
>
>
> Sergio
>
>
>
> De: Legido Mart=EDnez, Isidoro [mailto:islegmar@gmail.com]
> Enviado el: lunes, 28 de julio de 2008 21:45
> Para: security-dev@xml.apache.org
> Asunto: Remote private key
>
>
>
> Hi everybody:
>
> Firs, I will try to explain my current situation (sorry in advanced for m=
y
> poor English :-( ). My signing system is splitted in two pieces: a
> lightweith client that owns the private key and ONLY can sign (no digest)
> and the server side that does everything else EXCEPT signing (digest, add
> Manifest elements or aditional References).
> My initial idea was: the server side builds the SignedInfo elements, get =
its
> digest and send it to the client. The client signs and send the result to
> the server, which adds this to the SignedInfo. Is that possible withe the
> current implementation?
> I expected that
>
>   SignedInfo si.generateDigestValues();
>   String digest =3D Base64.encode(si.getCanonicalizedOctetStream());
>
> 'digest' would contain the digest value in Base64, but what I get is
> something different. How can I get the digest? After signing, is there an=
y
> way for adding it to SignInfo.
>
> Thanks a lot
>
> Isi
>
>
> --
> ,-""""""-.
> /\j__/\ ( \`--.
> \`@_@'/ _) >--.`.
> _{.:Y:_}_{{_,' ) )
> {_}`-^{_} ``` (_/
>
>
> --
> ,-""""""-.
> /\j__/\ ( \`--.
> \`@_@'/ _) >--.`.
> _{.:Y:_}_{{_,' ) )
> {_}`-^{_} ``` (_/


--=20
- Jason